Managing a cyber security incident
What is a cyber security incident?
The UK’s National Cyber Security Centre defines a cyber incident as
A breach of a system’s security policy in order to affect its integrity or availability and/or the unauthorised access or attempted access to a system or systems; in line with the Computer Misuse Act (1990).
You may have experienced a cyber security incident if someone has:
-
attempted to gain access to a system and/or to data that they don’t have the authority to access
-
used a system for processing or storing data that they have no authority to use
-
changed firmware, software, hardware or data without consent from the system’s owner
-
disrupted and/or denied a service for malicious reasons
If you think you’ve experienced a cyber incident, you should contact your IT team as soon as possible. You can also contact JCSC for more information and advice:
- by phone on 01534 500050
- via email (hello@jcsc.je)
- by booking a meeting with the team
Types of cyber incidents
There are many different types of cyber security incidents. Each can vary in how complex and wide-ranging it is, and how many people or services it affects. When we get a report of an incident, we classify it based on how could affect the Island and the community.
We use the Jersey Cyber Incident Classification Guide to assess how severe an incident is. How we respond to an incident depends on how significant the incident is, and the type of organisation that is attacked.
Beginning section How we can help with your cyber security incident
How we can help with your cyber security incident
If you have experienced a major cyber security incident, we can help you in several ways.
We can provide technical advice and guidance. This can help you deal with the issue, respond to the attack, or rebuild your systems. In some cases, we may provide direct technical support.
We can share intelligence with you. We may be able to help identify the attacker and their likely motivations. We may also be able to identify whether there are any other victims and if the issue is likely to spread.
We can give you advice on how to communicate after a cyber security incident. In the event of an incident, you may need to communicate with staff and customers. You may also need to notify the Government of Jersey, law enforcement or external cyber authorities.
Beginning section When to contact JCSC
When to report incidents to JCSC
You are not required to report any cyber incident to us. However, if you do report an incident we may be able to help. You can email incidentreports@jcsc.je or complete this secure online form.
You should tell us if you experience an incident that is Category 4 or higher on the Jersey Cyber Incident Classification Guide. This type of incident will pose a risk to your customers, employers, or suppliers. It may also pose a risk to public services in Jersey.
If you have experienced a less significant cyber security incident, you can still report it to us. We may not be able to provide direct support. But we can use your report to help us improve our guidance, and help protect other organisations.
Beginning section How to report incidents to JCSC
How to report incidents to JCSC
You can click the ‘report an incident’ button at the top of this page. You can also email incidentreports@jcsc.je.
If you want to share phishing emails with us for information, you can send them to phishing@jcsc.je.
Please don’t use a compromised network to report to us: it could help the person behind the incident. If you believe that the device you’re using is compromised, you can:
- call us on 01534 500050
- visit our Operations Centre at 1 Seaton Place, between 9am and 5pm, Monday to Friday
Beginning section What happens to information I share with JCSC?
What happens to information I share with JCSC?
If you tell us about a cyber security incident, we will protect your information the same way we protect our own. That means that we will treat it as confidential, keep it secure, and limit access to it.
We only share your information with other organisations if we have your permission to do so. If the incident is significant, we may share information with authorities and partners. This might include organisations like the UK’s National Cyber Security Centre.
We will only share information if it’s clear that there’s public interest in us doing so. This includes situations where sharing information is in the interests of national security.
You can read our full privacy policy online.
Any information that we hold for national security and crime prevention purposes can be exempt from disclosure under the Freedom of Information (Jersey) Law 2011.