Businesses are legally responsible for maintaining security and privacy. This page provides resources to assist businesses in protecting their most critical information assets. Check out the links below for valuable security information.
+ Best Practices
Learn all about cybersecurity best practices on email security, passwords and multi-factor authentication, exploring the internet, and device security here.
+ Be Sure to Secure
The NJCCIC Be Sure to Secure page provides website visitors with information on various cybersecurity topics as well as instructional guides designed to teach visitors how to properly secure their devices, data, and networks, ultimately reducing their cyber risk. Please visit the Be Sure to Secure page here or click on the links below to learn more about specific topics.
- Guides to Accessing Security and Privacy Settings for: Android, Facebook, Google, Instagram, Twitter
- Cryptographic Protections in an Online World
- What to Expect When the GDPR Goes into Effect
- How to Configure and Secure a Home Wi-Fi Router
- Don't Take the Bait! Phishing and Other Social Engineering Attacks
+ Data Breach Reporting
According to the NJ Identity Theft Prevention Act, all businesses or public entities are required to disclose breaches of security of a customer's personal information and any information pertaining to the breach. Please report data breaches here.
Key terms and definitions used in the cybersecurity industry and as adopted by the State of New Jersey. Explore the glossary.
+ Identity Theft, Fraud, and Cybercrime
Tax identity theft remains one of the top scams listed on the IRS “Dirty Dozen” list and, although safeguards put in place by the agency in 2016 did reduce the number of fraudulent tax returns processed, large-scale data breaches that exposed hundreds of millions of American’s personal and financial information have drastically increased the risk that identity theft and tax fraud will occur in the future. Learn more about identity theft, fraud, and cybercrime.
+ Incident Reporting
All State of New Jersey employees are required to immediately report any suspected information security incident. Suspected information security incidents may be reported via the following channels:
- Immediate supervisor
- Agency HR Representative
- Agency IT Service Desk
- Agency Information Security Office
- NJOIT Enterprise Service Desk
- NJCCIC – 609-963-6900 x7865 or cyber.nj.gov/report
Any attempt to interfere with, prevent, obstruct, or dissuade a user in their efforts to report a suspected security incident or violation is strictly prohibited and cause for disciplinary action, up to, and including, termination. Any form of retaliation against an individual reporting or investigating a security incident or violation is also prohibited.
+ Law Enforcement Resources
Law Enforcement Ransomware Mitigation Guide: This guide is being provided to aid our law enforcement partners throughout the State in mitigating the risks associated with ransomware infections.
+ Managing Your Privacy
Data breaches involving the theft, mishandling, or unauthorized access of personal, medical, and financial information continue to increase and impact tens of millions of Americans every year. This demonstrates that despite widespread efforts across the public and private sectors to increase awareness of cybersecurity risk and improve defenses, more needs to be done to raise the bar and make it more difficult and costly for bad actors to succeed. Here are some actions that everyone can take to improve online security and protect data privacy.
+ NJ Computer Crime Statutes
Do you know the law in New Jersey when it comes to computer crime? Review the statutes here.
Statutes include: Terroristic threats; stalking; luring, enticing child by various means, attempts; luring, enticing an adult, certain circumstances; bias intimidation; theft by deception; theft of services; computer criminal activity; wrongful access, disclosure of information; obtaining, copying, accessing program, software valued at $1,000 or less; forgery and related offenses; credit cards; scanning devices, reencoders; impersonation, theft of identity; endangering welfare of children; hindering apprehension or prosecution; and harassment.
+ NJ Information Security Exception Request Form
+ NJ Statewide Information Security Manual
The purpose of the New Jersey Statewide Information Security Manual (SISM) is to assist organizations in applying a risk–based approach to information security while establishing the required behaviors and controls necessary to protect information technology resources, secure personal information, safeguard privacy and maintain the physical safety of individuals. This SISM includes a set of policies, standards, procedures, and guidelines that sets a clear direction for information security and its role in supporting organizations in their efforts to carry out their respective missions and to achieve their business goals and objectives, while effectively managing risk and ensuring the confidentiality, integrity and availability of their information and information systems.
This SISM provides direction regarding roles and responsibilities with respect to the security of information assets. The implementation of consistent security controls will help organizations comply with current and future legal obligations to ensure due diligence in protecting the confidentiality, integrity, availability, and privacy of information and information systems.
This SISM is intended to provide organizations with a means to tailor cost-effective security controls necessary to protect the confidentiality, integrity, availability, and privacy of information and information systems commensurate with their sensitivity and criticality, while also maintaining and ensuring compliance with all legal requirements.
The New Jersey Statewide Information Security Manual has been derived from applicable State and federal laws; industry best practices including the National Institute of Standards and Technology (NIST) Cybersecurity Framework for Improving Critical Infrastructure; NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations; NIST Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations; the Center for Internet Security (CIS) Top 20 Critical Security Controls; the Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM); lessons learned; and other New Jersey State Government business and technology related considerations.
+ Online Training
Also known as computer based training, distance learning, or e-learning, online training is a form of instruction that takes place completely on the internet. To view available online cybersecurity training, please go here.
Reference in this site to any specific commercial product, process, or service, or the use of any trade, firm or corporation name is for the information and convenience of the public, and does not constitute endorsement, recommendation, or favoring by the NJCCIC.
Practice good online safety habits with these tips and advice.
+ Vulnerability Assessments
As technology continues to evolve and the “Internet of Things” takes shape in New Jersey, new vulnerabilities are constantly emerging across the State's digital landscape.
At the NJCCIC, we are committed to balancing a growing demand for convenience, accessibility, and efficiency with the need for resilient critical infrastructure assets.
We work with organizations across New Jersey to understand their strategic deployment of people, processes, and technologies, and to assess their cybersecurity posture.