Reporting a Cyber Incident
A cyber incident is an event that poses a threat to the integrity, availability, or confidentiality of an IT system. Cyber incidents should be reported immediately to the building’s Technology Specialist or as soon as possible after discovery. The Technology Specialist or designee will act as the Incident Response Manager (IRM) for all reported cyber incidents. The Technology Specialist, with the assistance of the reporting entity will work together to coordinate all aspects of the incident response process. The reporting entities must coordinate with the Technology Specialist (or designee) prior to initiating any actions during the investigation or in response to information security incidents. All communications regarding cyber incidents must be conducted through channels that are known to be unaffected by the cyber incident under investigation.
Cyber incidents can be reported in several ways including by email, phone, in-person, or by initiating an online help request.
IT Department Office Contact Information: IT_Security@voorhees.k12.nj.us or 856-751-8446 Ext. 6116 - for a list of IT Security Office staff contact information, see Appendix C.
Examples of incidents that should be reported immediately include, but are not limited to:
- A virus/worm affecting multiple systems
- Intrusion or damage to:
- Web site or page
- Computer system or network
- Wireless access
- Cell phones, smartphones
- Laptops, tablet computers
- Fax machines
- Voice mail
- Voice over IP (VOIP)
Early notification allows the Technology Specialist and affected departments time to gather as much information as possible when evaluating potential cyber incidents. Information that should be gathered and shared when reporting cyber incidents includes:
- Contact information of affected individuals
- IP address, hostname, or location of system(s)
- In the case of a website intrusion, the specific URL(s)
- Disclosure of data that may be included on this is particularly important if this data may include social security numbers, credit card numbers, bank account numbers, debit card numbers, driver’s license numbers, passport numbers, medical information, or FERPA data
- Disclosure of the system’s criticality, as noted on its most recent IT risk
- A description of the incident that includes a timeline and identification/detection
Prompt reporting may also help reduce common risks associated with cyber incidents, including:
- Physical Safety Risk: As the “Internet of Things” becomes more prevalent in monitoring physical facilities, a cyber attack against networked devices could cause physical harm to
- Regulatory Risk: Compliance with federal and state legislation regarding the protection of information. This includes data and systems that fall under HIPAA (Health Insurance Portability and Accountability Act), FERPA (Family Educational Rights and Privacy Act, CIPA (Children’s Internet Protection Act), COPPA (Children’s Online Privacy and Protection Act), PCI-DSS (Payment Card Industry Data Security Standard), and federal/state data breach notification
- Operational Risk: Failure to protect systems and data can cause disruptions to critical daily operations
- Financial Risk: There may be costs associated with lost data, restoring systems, and data breach notifications
- Reputational Risk: There may be a negative impact on confidence in a system or a negative impact on the district’s reputation.