Skip to content
Crisis at Christmas IT Support

icon picker
IT Security

It is everybody’s responsibility to be aware of IT Security practices.
Our Guests and our fellow Volunteers trust you to have their best interests in mind, and that includes keeping their information private and disclosed only to the people they have consented.
Your crisis.christmas account grants you access to privileged and / or sensitive information, and any compromises to your account can lead to a damage in their trust, reputational damage to Crisis or worst, put our Guests at risk of danger or harm.
This is why we must make sure:
We only transmit data in a controlled, secure fashion
We keep our accounts secure

Account Security

There are a few simple things you can do to keep your account secure:
Never, under any circumstances:
Tell anybody your password
Approve a sign-in request for anybody
Provide one-time passwords sent to you by text or generated by your Authenticator app to anybody
Crisis and IT Support Helpdesk will NEVER ask for your password or Multi-Factor authentication passwords. If you receive such requests, contact the IT Support Helpdesk immediately.
Keep your personal devices in a secure location and always set up a password lock / biometrics lock to prevent unauthorised access.
Lock your computer when you move away from your computer.
If you are unsure about anything, don’t be afraid to speak up and ask a senior volunteer (Team Leader / Advice Manager) or the IT Help Centre for help -

Data Handling

The computers and applications provided are patched and managed by the team at Aimar and Crisis. There are security controls in place to help protect the data we have on our Guests and Volunteers.
The most important act we must all undertake is to not move personal data outside of Crisis-controlled systems.
These systems are approved for handling personal information:
Crisis.christmas Microsoft 365 platform, which consists of:
Microsoft Teams (if available to your function)
Outlook
Office platform () - this includes Word, Excel, PowerPoint, etc
OneDrive (under your crisis.christmas email)
Sharepoint
Christmas volunteer portal
Wikimas (Coda.io)
C-Log
On-site IGEL Thin Clients with the Aimar Sticker
If available to your function, 3CX App on your personal devices
If available to you, the .uk Microsoft 365 platform
These systems are NOT approved for use in handling personal information:
Personal cloud storage services (such as Google Drive, OneDrive under your personal email, Dropbox, Box.com, etc)
Private instant messaging services (such as WhatsApp groups)
USB Sticks
Memory Cards
Personal phones and tablets (this includes photos taken by the camera)
Not using the approved methods above could cause the data to be lost or leaked to another party which may put people's safety at risk.
If you do find that you need to move personal data, contact the IT Support Helpdesk and they will work with you to solve the problem.
USB devices are not blocked by technical controls as we understand that there is a need to be able to move non personal data onto and off of the computers, however please consider other means of transmitting such data where possible.
If you suspect a data breach has occurred, contact your Team Leader and the IT Support Helpdesk immediately.

Phishing emails

Our service provider provides an email filtering service turned on and is constantly updated, however some phishing emails will slip through the cracks until we have been able to identify the new techniques that have been used.
Expecting you to identify and delete all phishing emails is an impossible request and would have a massive detrimental effect on your volunteering. However, many phishing emails still fit the mould of a traditional attack, so look for the following warning signs:
Is the design (and quality) what you would expect from a large organisation? Many phishing scams originate overseas and often the spelling, grammar and punctuation are poor. Others will try and create official-looking emails by including logos and graphics.
Is it addressed to you by name, or does it refer to 'valued volunteer, or 'friend', or 'colleague'? This can be a sign that the sender does not actually know you, and that it is part of a phishing scam.
Does the email contain a veiled threat that asks you to act urgently? Be suspicious of words like 'send these details within 24 hours' or 'you have been a victim of crime, click here immediately'.
Look at the sender's name. Does it sound legitimate, or is it trying to mimic someone you know?Look out for emails that appear to come from a high-ranking person within Crisis, a government department or a council requesting information or have a payment made to a particular bank account.
If it sounds too good to be true, it probably is. It's most unlikely that someone will want to give you money, or give you access to some secret part of the Internet.
If you receive a suspected phishing email, contact the IT Support Helpdesk.

Using strong passwords

A strong password is one of many ways we can keep our Guests' and Volunteers' data safe and secure. Your password must:
be between 8 and 256 characters long
contain at least 3 types of characters from the following categories:
uppercase letters
lowercase letters
numbers
a blank space or these symbols: @ # $ % ^ & * - _ ! + = [ ] { } | \ : ' , . ? / ` ~ " ( ) ;
not contain Unicode characters (e.g. emojis)
Additionally, Microsoft 365, our service provider, collects a list of weak passwords (such as password and 12345678) and prevents you from using them. You can to learn more about the process.
There are many approaches to strong passwords: random characters, multiple words, character substitutions. It’s all about getting a balance of a strong password that is not inconvenient to use. Many people use password managers to help them out. Other people use pass phrases that are easier to remember.
If you need help with coming up with a new password, can help you generate secure passwords that you can easily remember.
Make sure to click on the Uppercase button to satisfy the requirements and add some numbers or special characters to make it extra strong.
How does a passphrase work?
A pass phrase consists of three or more words such as horse, battery, staple, correct, separated by a space. It’s easy to remember and hard for machines to crack. It is best illustrated with the comic below:
image.png

Further Information

For more tips on how to stay IT secure, here is a from the UK National Cyber Security Centre.
Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.