Can your IT support desk locate and stop an attack on your system from a breached computer? A colleague’s mobile phone has been stolen and the thief is trying to access it for payment details – how does your organisation respond?
These and more real-life scenarios are available for small and medium sized businesses to explore using free simulation exercises published by the National Cyber Security Centre, part of the UK Government’s GCHQ security agency.
The online simulation exercises contain briefings, downloadable resources and checklists for teams to work through, as well as a guide for producing a follow-up report to improve security where needed.
The scenarios are:
- Insider threat resulting in a data breach
- Being attacked from an unknown Wi-Fi network
- Mobile phone theft and response
- A phishing attack that leads to a ransomware infection
These last between 30 and 90 minutes.
There is a longer cyber threat simulation exercise to see if your organisation can locate and stop a mock threat where a computer has been breached. This takes up to four hours.
The tick-box interactive role playing kits are accessed by registering free on the NCSC website. Tools include participant guidelines, facilitator prompts and scribe sheets for note takers.
After the exercise is over you are encouraged to complete the associated report to “ensure that the exercise is a learning experience with useful outcomes”. The report collates responses, suggests areas of improvement and provides links to relevant guidance on the NCSC website.