October is national cybersecurity month. While everyone talks about breach prevention, some businesses, especially those for whom a breach is not a question of IF, but WHEN the breach will occur, do not know what to do if breach occurs. Did you know that by law you MUST REPORT your security breach to local authorities AND your customers?
According to New Jersey Identity Theft Prevention Act “‘Breach of security’ means unauthorized access to electronic files, media or data containing personal information that compromises the security, confidentiality or integrity of personal information when access to the personal information has not been secured by encryption or by any other method or technology that renders the personal information unreadable or unusable. Good faith acquisition of personal information by an employee or agent of the business for a legitimate business purpose is not a breach of security, provided that the personal information is not used for a purpose unrelated to the business or subject to further unauthorized disclosure.”
If a business or public entity that New Jersey had a breach of security must immediately following discovery and without an unreasonable delay:
- determine the scope of breach;
- restore a reasonable integrity of the data system;
- report the breach of security and any information pertaining to the breach to the Division of State Police in the New Jersey Department of Law and Public Safety for investigation or handling, which may include dissemination or referral to other appropriate law enforcement entities;
- disclose the breach to any customer who is a resident of New Jersey whose personal information is reasonably believed to have been accessed by an unauthorized person;
- delay the notification when requested by law enforcement agency not to impede a criminal or civil investigation
- document in writing any determination and retain it for five years.
The required notification to the customers may be provided:
- as written notice
- as an electronic notice
- as a “substitute notice”, if the business or public entity demonstrates that the cost of providing notice would exceed $250,000, or that the affected class of subject persons to be notified exceeds 500,000, or the business or public entity does not have sufficient contact information; substitute notice shall consist of all of the following:
- E-mail notice when the business or public entity has an e-mail address;
- Conspicuous posting of the notice on the Internet web site page of the business or public entity, if the business or public entity maintains one; and
- Notification to major Statewide media.
Every organization must takes steps to prevent – and create a plan to handle a potential cybersecurity breach.
Essentials of a Cybersecurity Plan
Create a detailed cybersecurity plan with focus on these key areas:
- Resolve: In the event of a computer security breach, plans and procedures need to be in place to determine the resources that will be used to remedy a threat.
- Report: In New Jersey report any of the security breaches: https://homelandsecurity.nj.gov/report.html
- Restore: your organization must to be prepared to address the consequences of a security threat or a breach with their employees and customers.
Businesses Must Take Network Security Seriously
Well-designed, secured and properly set up network is a top priority for a successful, resilient business. We protect your business infrastructure and data by being proactive with network security, offering solutions designed for your specific business needs.
Give us a call today at 201-493-1414 to discuss the security solutions for your organization.