Cyber attack on Service A
In this exercise you are the manager of a service that is subjected to a series of cyber attacks. It will be your job to find out what is happening, how you should respond and what needs to improve in future. Start by reading the background information below before beginning the exercise.
About the service
Service A has just over 90 full time and part time staff.
Email serves as the main method of business communication. Administration staff and managers have desktop computers or laptops. The service has started using Office 365 for email and office software, but a shared network drive is still used for confidential data.
Only managers, supervisors and office staff use devices provided by the service. Other staff use their own devices to access their online accounts.
IT support is provided by another company. Usually remotely.
Rotas are announced on a board in the staff room. Emergency alterations to rotas are made by telephone and a WhatsApp group.
All staff have online accounts with an eLearning provider, employee assistance provider and a discounts scheme. Staff access their payroll information, update their timesheets and apply for annual leave through a web-based service provided by another company.
A small office admin team look after Twitter, Facebook and LinkedIn accounts for the service. The service also has a website which acts as the main source of information for customers and potential recruits.
Staff receive no mandatory training on cyber resilience.
More information
- Only a password is required to login to Office 365.
- 2FA used across the service’s social media accounts.
- Backups are made of the shared drive, but these are rarely tested. No other backups are made.
- Staff often complain about losing connection to the shared network drive, forcing them to save files on their devices or store them in email.
- The person who built the website has since left the company and it hasn’t been updated for a while.