Staff portal: Cyber security

Office 365 / email passwords

From Monday 14th February 2022, everybody whose Office 365/email password is older than 90 days will be asked to reset their password. If your password is older than 90 days on 14th February, you will be asked to change your password. We strongly recommend that your change your password as soon as you are able to, if you think this applies to you.

When this new policy is implemented, the requirements for passwords will also be stricter than they have been in the past:
• Be a minimum of 8 characters and a maximum of 256 characters
• Requires three out of four of the following:
– Lowercase characters
– Uppercase characters
– Numbers (0-9)
– Symbols
• The last password can’t be used again when the user changes a password
• Password cannot contain the username

Going forward from 14th February, you will be given 14 days’ notice that your password is due to expire.

If you have any questions about how to reset your password, please contact Soft Egg, who will be able to help you. Please do not contact your School Business Manager or admin teams, who are already working beyond capacitys, who are already working beyond capacity.

Secure passwords

Do not use the same password for any systems in school that you use outside of school. If your password gets stolen or leaked from your personal email address, it is much easier for it to be used to access school systems. If you are using the same password in school at the moment, please change it urgently

Do not use the same password for more than one system. If you are using the same password to log in to your laptop, log in to your emails, and log in to SIMS then you are making the hackers’ lives 3 times easier! Please use one, strong password for each system you use inside school

Do not set a password to match a username. If a hacker accesses a username, and it matches the password, then they are in! Make sure your passwords are unique to each other, and any usernames you have

Phishing emails

We have received emails into our school offices from individuals pretending to be Lyssy, and asking us to make purchases on her direction. These emails were sophisticated, and used the names of the individuals they were sent to. 

Through the diligence of our office staff, the emails were not acted on and were reported.

In light of this, we require all staff to maintain their vigilence regarding phishing attempts. We now have a red EXTERNAL EMAIL flag on all emails that are sent from outside our organisation. If you receive an email where the sender’s name is internal (eg Lyssy) but the email has that flag on it, then be wary! You will NOT get that flag on any emails that have been sent internally, by someone using their legitimate work email address – even if they are using their iPad or mobile to send the email. The flag is generated by the email address used to send the email and not the device used.

If you receive an email that you are not sure about, send Kyra a screenshot (don’t forward the email!) or call the person the email says it is from. No one minds taking the time to check these things out, or for something to take a bit longer to be actioned, if we are making sure it is a valid request.

Think before you link

Be careful with links. Please make sure that you are certain a link is safe before clicking on it. If you’re not certain, don’t click on it or forward it. Ask your School Business Manager or Computing Lead to look at the link with you to make sure it is safe. The majority of hacking occurs through dodgy links that have been clicked on inadvertently, so you must take care to be vigilant. The video in the ‘Useful Resources’ section is only 2 minutes long, and gives some very simple and clear advice on what to look out for in emails. Please take a moment to watch it.

Training for school staff

School staff are a critical part of a school’s IT security defence. The video on the right looks at what threats schools face and gives tips on good cyber hygiene that can help you improve your school’s cyber resilience.