Cyber attack on Service B
In this exercise you are the manager of a service that is subjected to a series of cyber attacks. It will be your job to find out what is happening, how you should respond and what needs to improve in future. Start by reading the background information below before beginning the exercise.
About the service
Service B has five full time and 10 part time staff.
The manager and a deputy use laptops they’ve bought from a supermarket. An old desktop computer is used for staff training, personal use during breaks and for staff administration purposes eg updating their SSSC registration details.
The manager has setup an email account on Gmail for the service. This is the email that appears on the service’s website as a contact point for new customers.
Most communication between staff is conducted using their personal email addresses, phone calls or text message.
There is no IT support. The manager relies on family or friends for advice about computers.
The service website was created by the deputy manager’s daughter and is regularly updated, running the most recent software.
More information
- The desktop computer runs Windows Vista and has never had an anti-virus or firewall.
- The laptops run Windows 10 Home and the disks are not encrypted.
- Important documents are backed up to an unencrypted USB memory stick and to the manager’s personal Google Drive account.
- Only a password is required to login to the service’s Gmail account. This is shared amongst most of the staff.
- Only a password is required to login to the website to post news. This is the same password as the Gmail account. .
- The manager and her deputy regularly work from home and from café’s in the town centre using WiFi.