School ICT News Bulletin No. 277 - 02/11/2018Published by ICT Services 4 Education eBulletin Items- Office 365 – Introduction of Multi-Factor Authentication & other important information
- Anycomms Plus - Removal of memorable word and increasing the password complexity
- MIS procurement and support
- Google Groups – access permissions and security warning
- Up to date tab files required for identity management and Google NSIX accounts
- Cyber Security - be alert to the risk of Phishing emails and online scams
1. Office 365 – Introduction of Multi-Factor Authentication & other important information
Many of you will be familiar with Multi-Factor Authentication (MFA), also referred to as two-factor Authentication, from logging in to Internet Banking or similar services. It is the process of using more than just a password to log into a service.
Recommendations under GDPR are for this service to be enabled and with more and more people accessing their email accounts on other devices, other than those based solely in a school environment, it provides a further layer of security. This means if your password is compromised the person will not be able to log in to your account, therefore keeping sensitive data secure.
We are going to roll out MFA to all the Generic Accounts (@norfolk.sch.uk) but are aware that the process requires some familiarisation. We propose to turn this on for all Head@ accounts first to ensure these important accounts are further secured, and also to allow you to consider the MFA process.
We will enable MFA for Head@ accounts on Monday, 19th November. After this time, you will not be able to login to the online version of Outlook (www.office.com) until you have set MFA up.
Those that use the Outlook client to access their Head@ account will find it will still work until we fully ‘enforce’ MFA. This we will do on Monday, 26th November. After that date you will need to set MFA up by logging into www.office.com and creating an app password to continue to use the Outlook client.
Once implemented for head teachers, we will be phasing the rollout to other users over the forthcoming weeks. The planned rollout is as follows:
Date
|
O365 Accounts
|
Action
|
w/c 19/11/2018
|
Head@schoolname.norfolk.sch.uk
|
Enable MFA on the online version
|
w/c 26/11/2018
|
Head@schoolname.norfolk.sch.uk
|
Enable MFA on Outlook clients
|
w/c 03/12/2018
|
Office@schoolname.norfolk.sch.uk
|
Enable MFA on the online version
|
w/c 10/12/2018
|
Office@schoolname.norfolk.sch.uk
|
Enable MFA on Outlook clients
|
13/12/2018 onwards
|
All other email accounts ending @schoolname.norfolk.sch.uk
|
Enable MFA on both online and Outlook clients
|
* An Outlook client would be installed on your device and would be found in the programs/applications area
Here is a link to our documentation to support this rollout:
Setting up Multi-Factor Authentication on Office 365
We will update the guides, as well as add additional information on the website (www.ict.norfolk.gov.uk) throughout the implementation.
We are inviting schools/academies who would like to be an early adopter to register their interest by contacting the Service Desk (ict@norfolk.gov.uk) in advance of the dates shown above.
POP3 / IMAP connections
POP3 and IMAP are old ways to connect to mailboxes and, having carried out some analysis, make up a very small part of the way schools connect, so to increase security we will turn this connection method off on Friday, 9th November. Again, during analysis, many of the malicious attempts to connect to our mailboxes are via this method.
O365 Account deletions
Another security issue is that many accounts we have been asked to setup have never been logged into. The Office 365 platform highlights these as a security risk because if they are compromised there is less chance of someone noticing and they could have access to the platform for longer. As these accounts are redundant we will be deleting them from the platform in the New Year. They can be recreated if they are required in future.
2. Anycomms Plus - Removal of memorable word and increasing the password complexity
From Wednesday, 14th November, we will be making changes to the way that users access Anycomms Plus.
We are removing the need for a memorable word (which has not functioned properly for some users) and increasing the password complexity requirements to logon to https://acplus.nsix.org.uk. To meet the minimum password complexity your password needs to have at least 8 characters and must contain UPPER & lower case, number and special (i.e. *, £, %, etc.) characters.
We have also introduced a “lock out” period. This means that after three failed logon attempts your account is locked. Should this happen to you we will have to reset your account and change your password via the Service Desk.
If your password meets the new complexity level you simply won’t be asked for a memorable word and can log in to your account as normal. However, if your password doesn’t meet the complexity required by the website you will be asked to change it. This is now done as a self-service option on https://acplus.nsix.org.uk by clicking the “Reset your password” option and entering your username and email address. If you know your password isn’t complex enough we recommend that you change your password prior to the 14th as this should allow continued access to Anycomms Plus.
Just to confirm that the above does not impact you if you use the Anycomms client.
If you experience any issues that can’t be resolved by resetting you password then please contact the team via email at - ict@norfolk.gov.uk
3. MIS procurement and support
Are you thinking of switching your current MIS and support arrangements? As a reminder, we currently work with and support the following MIS:
-
Bromcom
-
Capita SIMS
-
Pupil Asset
-
RM Integris
-
Scholarpack
You can procure your MIS via ourselves and support likewise. Even if you have procured your MIS already you can switch to ourselves for your support.
Please contact the Service Desk if you are interested or require any further information.
School Workforce Census
Just a reminder that the School Workforce Census (SWFC) is due to be run on Thursday, November, 8th. Support guides are currently available on our website for Capita SIMS, Bromcom, RM Integris and Scholarpack. As of November 1st, we are awaiting the Pupil Asset updated guidance and as soon as it’s available we will post it on the support section of our website.
4. Google Groups – access permissions and security warning
It has come to our notice that some Google Groups have not been configured correctly to restrict access to only the group’s members.
When setting up Google groups it is important to ensure that they are correctly configured if access to the group and the group’s communications is to be restricted to only group members. If the permissions are incorrectly configured then the Group can potentially be accessed by all Norfolk NSIX users.
If you are the owner of any Google Groups you should check that you have configured the permissions correctly. You can view all the groups which you are a member of at: https://groups.google.com
‘All organisation members’ Permissions:
When setting Group Permissions it is important to understand that ‘All organisation members’ means all NSIX account holders across all schools. Unless intended, Groups should not include ‘All organisation members’ in the Group permissions settings.
Setting up new Groups:
When you create a new Google Group certain key permissions are allocated default settings.
View topics permission – Previously this defaulted to ‘All organisation members’ but this has now been changed so that the default is set to only ‘All members of the group’. Previously, unless ‘All organisation members’ was removed the group could be accessed by all NSIX users. This is why Group owners should check this configuration on all the groups they own.
For more details about Google Group access permissions and how to check and configure these, please see the following page on our website: Google Groups access permissions and security .
5. Up to date tab files required for identity management and Google NSIX accounts
It is important that we ensure that our identity management system (IDM) is up to date. From a GDPR point of view we need to ensure the data we hold is accurate and up to date and that we only hold data that we still need to hold for a designated and agreed purpose.
We can see that some schools have not returned a new set of staff and pupil tab files since the start of the new academic year. It is important that we receive tab files regularly, every time there is a change in your staff or pupil records and at least once a month.
If your school has NSIX accounts and you send in tab files via Anycomms to provision these accounts then please can we ask that you send us a new set of tab files as soon as possible. If we do not receive up to date tab files we will have to begin the process of suspending Google NSIX accounts for your school.
If you no longer require your Google NSIX accounts then please let us know.
For full details of what data is required and the format of the tab files, please consult the following pages on our website:
https://ict.norfolk.gov.uk/page.aspx?id=157
https://ict.norfolk.gov.uk/page.aspx?id=160
The following page provides guidance on how to upload tab files via Anycomms so that we can process them :
https://ict.norfolk.gov.uk/page.aspx?id=1157
If you need any assistance with how to generate these files or how to send them over via Anycomms, please contact us on 0845 303 3003.
6. Cyber Security - be alert to the risk of Phishing emails and online scams
Phishing is when fraudsters send emails or set up fake websites, in an attempt to get users to provide confidential information such as user names and passwords for accessing anything from email accounts to online bank accounts. This confidential information can then be used by hackers and fraudsters. It is usually done by sending emails that appear to come from a valid and trusted source. Some are instantly recognisable as fake but others are constructed to look very convincing and use the exact design and logos of the company they are attempting to present themselves as. You can also end up on phishing pages by following links that you find on the web or in spam texts or messenger messages.
With new phishing scams being created all the time, it isn’t possible to block all of these emails and websites. This is why it is very important to always be aware of the signs that an email or website is fake and a possible phishing attempt.
For further information on identifying a Phishing email and other useful links please see the following page on our website: https://ict.norfolk.gov.uk/page.aspx?id=1349
The Met Police have also issued this useful video: https://www.youtube.com/watch?v=AsUNFVhdfao
|