Should you have clicked on the link?
There is a requirement to report all security incidents relating to both the security of our information and premises security.
How to report a security incident
You may raise a Security Incident report via The Source – More Applications – Security Incident Report
The same form can be found via The Source>eForms> Information Management> Security Report> New
You may also contact:
- Data Protection Officer, ext 35802 [email protected]
- Deputy Data Protection Officer, ext 35333
- Information Security Officer, ext 35292 [email protected]
- Deputy Information Security Officer, ext 35114
When to report a security incident
Please report a security incident as soon as you become ‘reasonably aware’ of it, for the following reasons:
- we need to act quickly to protect individuals by protecting their information
- we need to contain the incident and any risk to our premises, information or network security before it escalates, which may include isolating devices to prevent the spread of malware or stunning devices to render them useless
- if a personal data breach, in addition to the above actions, we need to assess whether this should be reported to the Information Commissioner’s Office (ICO)
- personal data breaches meeting the criteria to report to the ICO must be reported within a statutory 72 hours of becoming ‘reasonably aware’
- do not ‘play down’ or conceal any personal data breach - failure to report certain breaches to the ICO, and failure to do so within 72 hours carries the potential for fines. - we want to learn from errors to prevent reoccurrence
It is your responsibility to report an incident as soon as you become reasonably aware, as per the Security Incident Reporting Procedure
If this was a real phishing scam the NYP network might be shutdown. In this scenario how would you continue to do your job? What are the workarounds? Do hardcopy forms exist? For more information about your departments business continuity plan please contact the Head of Department or the business continuity co-ordinator or click on the link below:
This exercise was designed to raise awareness amongst our staff about the dangers of phishing emails. The program collects information on who has opened the email but this is a controlled learning environment and education around the dangers of phishing will be shared shortly.