Businesses

architecture-bay-bridge-356830.jpg

Businesses are legally responsible for maintaining security and privacy. This page provides resources to assist businesses in protecting their most critical information assets. Check out the links below for valuable security information.

+ Best Practices

Learn all about cybersecurity best practices on email security, passwords and multi-factor authentication, exploring the internet, and device security here.

+ Be Sure to Secure

The NJCCIC Be Sure to Secure page provides website visitors with information on various cybersecurity topics as well as instructional guides designed to teach visitors how to properly secure their devices, data, and networks, ultimately reducing their cyber risk. Please visit the Be Sure to Secure page here or click on the links below to learn more about specific topics.

+ Data Breach Reporting

According to the NJ Identity Theft Prevention Act, all businesses or public entities are required to disclose breaches of security of a customer's personal information and any information pertaining to the breach. Please report data breaches here.

+ Disaster Recovery

Disaster Recovery is the process an organization uses to recover access to their software, data, and/or hardware that are needed to resume the performance of normal, critical business functions after the event of either a natural disaster or a disaster caused by humans.

+ Glossary

Key terms and definitions used in the cybersecurity industry and as adopted by the State of New Jersey. Explore the glossary.

+ Identity Theft, Fraud, and Cybercrime

Tax identity theft remains one of the top scams listed on the IRS “Dirty Dozen” list and, although safeguards put in place by the agency in 2016 did reduce the number of fraudulent tax returns processed, large-scale data breaches that exposed hundreds of millions of American’s personal and financial information have drastically increased the risk that identity theft and tax fraud will occur in the future. Learn more about identity theft, fraud, and cybercrime.

+ Incident Reporting

We encourage New Jersey citizens and businesses to voluntarily report cyber incidents to the NJCCIC. Filling out our report form will assist the NJCCIC with the timely handling of cyber incidents. A cyber incident report will not generate a criminal investigation. For that, please contact your local police department for any further assistance. Report a cyber incident.

US-CERT - Getting Started for Business The resources below are available to businesses and aligned to the five Cybersecurity Framework Function Areas. Some resources and programs align to more than one Function Area. This page will be updated as additional resources — from DHS, other Federal agencies, and the private sector — are identified.

US CERT - Getting Started for Small and Midsize Businesses (SMB) Cybersecurity is critical to any business enterprise, no matter how small. However, leaders of small and midsize businesses (SMB) often do not know where to begin, given the scope and complexity of the issue in the face of a small staff and limited resources.

Cybersecurity Course for Small Business (online) This self-paced training exercise provides an introduction to securing information in a small business.

Protecting Your Customers Stay Safe Online offers a few simple, cost-effective online safety practices to protect you from incurring expensive and dangerous electronic security incidents and to give customers the peace of mind that they deserve.

Protecting Your Employees Stay Safe Online has tips for helping employees to understand their roles and responsibilities in safeguarding sensitive data and protecting company resources.

Prepare My Business You've finally achieved your dream. Don't lose it to a power outage, hacker disruption, fire, earthquake or other disaster. If you're not prepared, a disaster could put you and your employees at risk, possibly shutting down your business forever. Roughly 40 to 60 percent of small businesses never reopen their doors following a disaster. But you can. Disaster planning and preparedness can be your lifeline to staying in business. With proper education, planning, testing and disaster assistance, you will be able to stay in business through any interruption and beyond.

Backup and Recovery Business Impact Analysis Add Backup and Recovery Business Impact Analysis: How to Create One and Why You Would Want to!

Security Management Read news and analysis information online from the Security Management publication.

OnGuardOnline This site provides how-to videos and tutorials about protecting information, creating cybersecurity plans, and learning about cyber threats.

Copier Data Security: A Guide for Businesses If the data on your copiers gets into the wrong hands, it could lead to fraud and identity theft. Learn which security features to consider to protect your company's data here.

Employee Habits Put Corporate Data at Risk If you attend a conference or read an article on security, you're likely to get the impression that the biggest threats facing the enterprise are cyber-attacks and hackers. However, a new survey conducted by digital security firm Globalscape points the finger squarely at employees.

+ Managing Your Privacy

Data breaches involving the theft, mishandling, or unauthorized access of personal, medical, and financial information continue to increase and impact tens of millions of Americans every year. This demonstrates that despite widespread efforts across the public and private sectors to increase awareness of cybersecurity risk and improve defenses, more needs to be done to raise the bar and make it more difficult and costly for bad actors to succeed. Here are some actions that everyone can take to improve online security and protect data privacy.

+ NJ Computer Crime Statutes

Do you know the law in New Jersey when it comes to computer crime? Review the statutes here.

Statutes include: Terroristic threats; stalking; luring, enticing child by various means, attempts; luring, enticing an adult, certain circumstances; bias intimidation; theft by deception; theft of services; computer criminal activity; wrongful access, disclosure of information; obtaining, copying, accessing program, software valued at $1,000 or less; forgery and related offenses; credit cards; scanning devices, reencoders; impersonation, theft of identity; endangering welfare of children; hindering apprehension or prosecution; and harassment.

+ NJ Statewide Information Security Manual

Download the New Jersey Statewide Information Security Manual here.

The purpose of the New Jersey Statewide Information Security Manual (SISM) is to assist organizations in applying a risk–based approach to information security while establishing the required behaviors and controls necessary to protect information technology resources, secure personal information, safeguard privacy and maintain the physical safety of individuals. This SISM includes a set of policies, standards, procedures, and guidelines that sets a clear direction for information security and its role in supporting organizations in their efforts to carry out their respective missions and to achieve their business goals and objectives, while effectively managing risk and ensuring the confidentiality, integrity and availability of their information and information systems.

This SISM provides direction regarding roles and responsibilities with respect to the security of information assets. The implementation of consistent security controls will help organizations comply with current and future legal obligations to ensure due diligence in protecting the confidentiality, integrity, availability, and privacy of information and information systems.

This SISM is intended to provide organizations with a means to tailor cost-effective security controls necessary to protect the confidentiality, integrity, availability, and privacy of information and information systems commensurate with their sensitivity and criticality, while also maintaining and ensuring compliance with all legal requirements.

The New Jersey Statewide Information Security Manual has been derived from applicable State and federal laws; industry best practices including the National Institute of Standards and Technology (NIST) Cybersecurity Framework for Improving Critical Infrastructure; NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations; NIST Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations; the Center for Internet Security (CIS) Top 20 Critical Security Controls; the Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM); lessons learned; and other New Jersey State Government business and technology related considerations.

+ Online Training

Also known as computer based training, distance learning, or e-learning, online training is a form of instruction that takes place completely on the internet. To view available online cybersecurity training, please go here.

Reference in this site to any specific commercial product, process, or service, or the use of any trade, firm or corporation name is for the information and convenience of the public, and does not constitute endorsement, recommendation, or favoring by the NJCCIC.

+ Tips

Practice good online safety habits with these tips and advice.

+ Vulnerability Assessments

As technology continues to evolve and the “Internet of Things” takes shape in New Jersey, new vulnerabilities are constantly emerging across the State's digital landscape.

At the NJCCIC, we are committed to balancing a growing demand for convenience, accessibility, and efficiency with the need for resilient critical infrastructure assets.

We work with organizations across New Jersey to understand their strategic deployment of people, processes, and technologies, and to assess their cybersecurity posture.

Learn more about vulnerability assessments here.