Would be very grateful for you're time looking at this.
You are asked to study a small private microbiology laboratory that is located in Bedford and collaborates with 2 big hospitals. The examinations performed are ordered either by a registered GP (in which case the patient needs to have a referral for the tests to be paid), or privately (in which case the patient pays himself, in cash).
The laboratory consists of 8 employees: • 2 secretaries, that are responsible for answering phones, making appointments for blood tests and taking payment information from the patients. They are also responsible for posting the results (either using Royal Mail or a courier service). • 2 GPs, that are responsible for checking the blood test results and making recommendations. • 4 microbiologists that are responsible for processing the blood samples to get the results. • Lately, the laboratory’s reputation has spread, and it receives a lot of private patients that wish to have checkups. This has resulted in a great increase in telephone calls, asking to book appointments or get information of alternative methods of paying (for now only cash is accepted).
The laboratory’s computer network consists of 10 PCs on a simple Wi-Fi network: • Computers 1 and 2 - used by the secretaries to book appointments and hold transaction details. • Computers 3 and 4 - used by the GPs to access patients’ files, update them adding medication prescriptions and recommendations. • Computers 5 to 8 - used by the microbiologists to access patients’ files and add the blood test results. • Computers 9 and 10 - used as a backup solution, to store all patients’ files and transactions, for extra security. These PCs are also connected to the hospital’s network, to exchange patient information.
For security, the company uses AVG free and the default Windows 7 firewall on all machines.
Just need some help to see whether I'm on the right track or not. I have to present this very soon so really don't want to look stupid, its only suppose to be simple but secured.