Don't Be A Sitting Duck Podcast

One phishing email. That’s all it took to expose over 5.5 million customer records.In this episode, we break down how hackers gained access to ADT’s systems—not through advanced hacking, but by targeting a person. We also dive into the growing wave of ransomware attacks hitting major brands like Zara, Carnival, and 7-Eleven, where attackers don’t just lock your data—they threaten to leak it.Here’s the reality: if it can happen to global companies with massive security budgets, it can happen to any business.More importantly, we unpack what this means for your business—and what you need to do right now to reduce your risk.👉 Book your free Empower Systems Assessment: nationalpc.com.au/empower👉 View Show Notes: sittingduck.com.au🎧 Listen to the audiobook: Sitting Duck – The Phone Call You Don’t Want to ReceiveThis podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.

A Queensland pharmacy chain has allegedly been targeted by the Kairos ransomware group—highlighting a growing trend of cybercriminals targeting essential service providers, not just large enterprises.In this episode, we break down what happened, how ransomware attacks like this actually work, and why healthcare businesses are increasingly in the firing line. More importantly, we walk through practical steps you can take right now to protect your business before it’s too late.If you think your business is “too small” to be targeted—this episode might change your perspective.👉 Book your free Empower Systems Assessment: nationalpc.com.au/empower👉 Explore more resources: sittingduck.com.auThis podcast was produced by ⁠National PC⁠, delivering expert ⁠cyber security services⁠ in ⁠Townsville⁠ and ⁠Cairns⁠ through our ⁠Empower Managed IT⁠ solutions—secure, reliable, and built for North Queensland businesses.

In this episode of the Don’t Be A Sitting Duck Podcast, we explore two recent and impactful Australian cyber incidents — the University of Sydney data breach and the iiNet customer data exposure. We explain how attackers gained access, what kinds of data were compromised, and most importantly, share actionable advice for businesses to reduce their risk of similar breaches.Main Stories Covered:University of Sydney cyberattack: Personal data of current and former staff, students and alumni accessed via a code library.iiNet cyber breach: Contact details and account information from ~280,000 customers exposed through stolen employee credentials.Key Takeaways:Legacy systems and forgotten data repositories can be prime targets — don’t ignore them.Stolen credentials are often all a cybercriminal needs to begin a breach.Multi-factor authentication and strong access controls are essential.Staff training on credential security and phishing awareness is critical.This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.View Show Notes and full transcript here: https://sittingduck.com.au/podcast/sydney-university-iinet-cyber-breaches-what-businesses-must-learn/

Cyber security is no longer just an IT problem—it’s a board-level responsibility. In this episode, Leigh Kefford breaks down APRA’s CPS 234 Information Security standard in plain English, explaining what it requires, why regulators care, and what happens when controls fail.We unpack board accountability, third-party risk, security testing, and incident response obligations—and why CPS 234 is fast becoming the benchmark for all Australian businesses, not just banks and insurers.If your organisation handles sensitive data, relies on cloud providers, or assumes “it won’t happen to us,” this episode is essential listening.This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.View Show Notes and full transcript here: https://sittingduck.com.au/podcast/cps-234-explained-why-cyber-security-is-a-board-issue/

Day 12 — The Grand Finale of the National PC 12 Days of Phishmas! This episode brings together everything covered throughoutthe series into a complete, actionable Phishing Defence Checklist. You’ll learn: The essential controls all businesses needEmail, identity, device & cloud protectionsUser behaviour improvementsBackup & recovery readiness Tips for suppliers, payments & culture Book your free Empower Systems Assessment:https://nationalpc.com.au/empower 🎧 More episodes & resources:https://sittingduck.com.au

Day 11 of the National PC 12 Days of Phishmas! Today we explore why user behaviour is the biggestcybersecurity risk for every organisation.Technology alone can't protect your business — people playthe defining role. In this episode:Why humans are targetedHow attackers use trust & urgencyThe psychology behind phishingWhat data harvesting revealsHow to reduce human errorHow to build a culture of cybersecurity🛡 Empower Systems Assessment:https://nationalpc.com.au/empower🎧 More episodes:https://sittingduck.com.au

Day 10 of the National PC 12 Days of Phishmas! Ransomware attacks don’t start with encryption — they startwith access, usually through a phishing email.This episode breaks down each stage of the ransomware attack chain and shows how to stop it early. You’ll learn: How attackers gain initialaccessWhat lateral movement lookslikeHow payloads are deployedWhy backups get targetedHow extortion and data theftworkThe key defences that breakthe chainhttps://nationalpc.com.au/empower 🎧 More episodes:https://sittingduck.com.au

Day 9 of the National PC 12 Days of Phishmas! Cybercriminals don’t always break into systems — sometimesthey break into people.This episode explores how scammers use publicly availableinformation, emotional manipulation, and behavioural cues to create targetedattacks. In this episode: Where attackers gather informationHow social engineering manipulates usersWhy emotions create cyber vulnerabilitiesHow attackers use context to increase successWhat businesses can do to reduce risk🛡 Book your free Empower Systems Assessment:https://nationalpc.com.au/empower🎧 More episodes:https://sittingduck.com.au

Day 8 of the National PC 12 Days of Phishmas! Today we’re breaking down Account Takeover (ATO) andHijacked Email Threads — two of the most convincing and damaging forms of phishing.In this episode: How attackers gain access to real inboxesWhy hijacked threads are so effectiveWhat signs to look forHow these attacks lead to financial lossThe essential steps to protect your organisation 🛡 Book your free Empower Systems Assessment:https://nationalpc.com.au/empower 🎧 More episodes:https://sittingduck.com.au

Why fake documents and shared file links are one of the most dangerous phishing threats for businesses.Day 6 of the 12 Days of Phishmas!Today’s episode breaks down one of the biggest ways cybercriminals gain access to your systems: malicious attachments and cloud file impersonation.These scams use fake PDFs, ZIP files, SharePoint links, OneDrive invites, and Google Drive notifications to infect your device or steal your credentials.In this episode:How malicious attachments deliver malwareWhy fake cloud links are so convincingReal examples from Australian businessesWhat happens after you clickHow to protect your staff and systems🛡️ Book your free Empower Systems Assessment:https://nationalpc.com.au/empower🎧 More episodes & resources:https://sittingduck.com.au

🎄 Welcome to Day 1 of the 12 Days of Phishmas!We’re kicking off the series with the foundation of all cyber awareness:🔍 The Most Common Phishing Red FlagsThese are the warning signs scammers can’t hide — the little clues that tell you something isn’t right.And understanding them can prevent the vast majority of cyber incidents.In this episode, I break down:The red flags hidden inside phishing emailsWhy scammers rely on small details to trick peopleHow formatting, urgency, and sender details give them awayReal-world examples I see in Australian businessesWhat you can do to protect yourself and your teamMost cyberattacks start with a single email.Learning the early red flags is one of the simplest, most powerful defences you can build.🛡 Want more tools to protect your business?Book your free Empower Systems Assessment:nationalpc.com.au/empower🎧 Explore more episodes and resources at:sittingduck.com.au📘 Check out the audiobook:Sitting Duck – The Phone Call You Don’t Want To ReceiveHave a question? Reach out on LinkedIn — We're always happy to help. Stay safe, stay sceptical…And don’t be a sitting duck.

Australian retailers are quietly reintroducing facial recognition technology—even after public backlash. In this episode, Leigh breaks down why stores are turning to AI-driven biometric surveillance, what risks it creates for customers, and why business leaders should think carefully before deploying similar tools.We explore how the technology works, why it’s making a comeback, and the serious privacy, ethical, and governance implications you need to understand. Plus, practical advice for businesses considering advanced security systems.This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.View Show Notes and full transcript here: https://sittingduck.com.au/podcast/australias-retailers-are-quietly-bringing-back-facial-recognition/

In this episode, we look at a major cyber-attack that forced multiple London councils offline, cutting essential services for hundreds of thousands of residents — and a shocking new report showing Australia’s mining and manufacturing sectors often take months (or longer) to detect and report data breaches, exposing personal data of millions. We break down how these incidents unfolded, why they matter even for organisations far away from government or heavy industry, and most importantly — what you can do to protect your business.This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.View Show Notes and full transcript here: https://sittingduck.com.au/podcast/cyber-attack-shuts-down-london-councils-aussie-industry-breaches-exposed/

Vietnam’s cybercriminals aren’t just hacking servers — they’re hijacking social media business accounts. In this episode, Leigh Kefford breaks down new findings from the CrowdStrike 2025 APJ eCrime Landscape Report — including how Vietnamese malware like Ailurophile Stealer is stealing ad accounts, the rise of Chinese-language cybercrime marketplaces, and why AI-driven ransomware is changing the game.You’ll learn practical steps to protect your organisation, from tightening account controls to understanding how regional threat actors operate.This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.View Show Notes and full transcript here: https://sittingduck.com.au/podcast/vietnams-social-media-heists-the-rise-of-asias-cybercrime-underground/

In this episode of Don’t Be A Sitting Duck, I break down two critical risks for Australian organisations: the rising role of human error in data breaches, and the ever-present threat of ransomware. Using the latest figures from the OAIC and industry commentary, we explore how staff mistakes and mis-configurations are now major breach drivers, and why ransomware remains such a potent business continuity threat. I also share actionable steps you can take now to minimise risk, tighten your defences and ensure you're ready if the worst happens.Key TakeawaysHuman error now accounts for around 37 % of reported breaches in Australia.Malicious attacks (including ransomware/phishing) remain the primary cause of breaches.Ransomware is not just a data loss event — it’s a business continuity and reputational risk.Practical defence involves training, segmentation, MFA/backups, vendor oversight and incident readiness.Book an assessment, test your recovery, and assume the unexpected.This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.View Show Notes and full transcript here: https://sittingduck.com.au/podcast/human-error-and-ransomware-risks-australian-businesses/

Ransomware has become the most disruptive threat facing Australian businesses today. From small councils to local manufacturers, attacks are happening closer to home — and they’re getting smarter, faster, and more ruthless. In this episode, Leigh Kefford explores how ransomware works, what recent attacks reveal, and what practical steps every business can take to stay protected.Key Takeaways:Ransomware spreads quickly through email, unpatched systems, and remote access.Paying the ransom doesn’t guarantee recovery — backups and prevention are key.Multi-factor authentication and staff training remain the most effective defences.Every business, no matter how small, is a potential target.This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.View Show Notes and full transcript here: https://sittingduck.com.au/podcast/ransomware-realities-what-you-need-to-know/

Today’s episode unpacks two alarming cybersecurity incidents in Australia that should act as red alerts for every business. First, we look at how a contractor for a government flood-recovery program uploaded thousands of applicant records into ChatGPT without authorisation—revealing vulnerabilities in AI tool usage. Then we dive into a breach at telco Dodo (and its parent Vocus Group) where email accounts were compromised and SIM swaps executed. What went wrong, why it matters, and—most importantly—what your business needs to do next.This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.View Shownotes and full transcript here: https://sittingduck.com.au/podcast/nsw-ai-data-breach-dodo-hack-cybersecurity-lessons/

This week on the Don’t Be A Sitting Duck Podcast, Leigh Kefford explores three major Australian cyber incidents — revealing how ransomware groups and vendor breaches continue to challenge even the most trusted organisations.WA law firm confirms breach following Anubis ransomware claimMalibu Boats Australia targeted by Qilin ransomware gangAir Services Australia vendor data exposure under investigationThis podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.View Shownotes and full transcript here: https://sittingduck.com.au/podcast/australian-ransomware-wave-law-boats-air-services/

In this episode, we dig into two gripping and high-stakes stories in cybersecurity. First, Qantas is one of nearly 40 global firms being extorted over stolen data from Salesforce, now leaking millions of customer records. Then, in Australia, a health services firm becomes the first to face a major civil penalty—$5.8 million—for a data breach that exposed sensitive personal records. These twin lessons underscore just how fast the regulatory and threat landscape is evolving.You’ll hear clear, actionable advice for your business: how to defend against vishing attacks, contain data exposure, plan incident responses, and stay on the right side of privacy regulators.This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.View Shownotes and full transcript here: https://sittingduck.com.au/podcast/qantas-data-breach-australia-privacy-penalty/

In this episode of the Don’t Be A Sitting Duck Podcast, Leigh Kefford unpacks three alarming cyber incidents that reveal just how far attackers are willing to go:Toowoomba Pharmacy Ransomware Attack – The Friendly Society Dispensary hit by the DragonForce group, with nearly 36GB of sensitive staff and patient data stolen.Asahi Group Cyberattack in Japan – A global beverage giant forced to halt factory operations when IT systems collapsed, disrupting orders, shipping, and production.UK Nursery Chain Hack – Kido nurseries breached by hackers claiming to hold data on more than 8,000 children, including names, photos, and safeguarding reports.These cases show a disturbing reality: no industry is off-limits, and cybercriminals are increasingly targeting healthcare, manufacturing, and even childcare. Leigh explains how the attacks unfolded, why they matter, and—most importantly—what actions your business can take to avoid becoming the next headline.This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.View Shownotes and full transcript here: https://sittingduck.com.au/podcast/cyberattacks-pharmacy-brewer-uk-nursery/

In this episode, we unpack the alarming rise of state‑sponsored Chinese cyber actors compromising critical infrastructure—from backbone routers to military and government networks. You'll learn how these Advanced Persistent Threat groups maintain stealthy, long‑term access, and why this matters for national and business security.We break down how the attacks happen, explain the global coordination behind recent advisories, and offer smart, actionable steps you can take now to protect your organisation.This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.View Shownotes and full transcript here: https://sittingduck.com.au/podcast/chinese-state%e2%80%91sponsored-cyber-threat/

This episode uncovers a stealthy cyber‑attack slipping through inbox filters: Microsoft 365 calendar phishing. Scammers send fake billing alerts—like “Payment Failed” or “Account Suspended”—directly to your calendar. Without clicking anything, the threat arrives. We explain how they exploit default invite settings, why deleting or responding can put you on their radar, and most importantly, how you and your team can defend against it.You’ll learn actionable steps: ignore suspicious invites, use inbox tools wisely, verify via official channels, and empower your business with layered protection.This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.

In this episode, we dig into the newly discovered FileFix attack—a clever and stealthy cyber trick that exploits how people use their clipboard. No malware. No download. Just voice‑less manipulation of Windows Explorer and the clipboard to execute hidden PowerShell commands. We’ll break down how it works, why it’s so dangerous, and what businesses should do today to stay protected.Click here for full Transcript, shownotes and resources This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.

Qantas has joined the long list of major companies hit by cybercrime — this time, through a third-party contact centre platform. In this special Don’t Be A Sitting Duck episode, Leigh Kefford unpacks how customer data was leaked, what it means for businesses, and why vendor risk can no longer be ignored.What You’ll Learn:Which customer details were compromisedWhy third-party platforms are your biggest hidden riskSteps to audit your vendors and protect your businessWhat cyber insurers now expect as minimum standards

Ransomware is more dangerous — and more accessible — than ever before. In this episode of Don’t Be A Sitting Duck, Leigh Kefford breaks down what’s really happening behind the scenes, how local businesses are being impacted, and the 5 non-negotiable actions your business must take to stay protected.In This Episode:Why ransomware is exploding in 2025The biggest risks for regional businessesHow phishing, patching, and backups can make or break your responseWhat every business needs to qualify for cyber insuranceThe #1 tool to assess your risk — for freeKey Takeaways:Most ransomware attacks are preventable with the right systems.Employee awareness is as important as firewalls.Recovery depends on preparation — not luck.This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.View Shownotes and full transcript here: https://sittingduck.com.au/podcast/ransomware-realities-what-every-business-must-know/

Is your business really ready for a cyberattack? If you’re in banking, insurance, or superannuation — APRA’s CPS 234 isn’t just a suggestion, it’s mandatory.In this extended episode, Leigh Kefford unpacks the what, why, and how of CPS 234 — Australia’s leading information security standard for regulated financial entities. But even if you’re not regulated, there’s a lot to learn here.What CPS 234 requires from boards, management, and ITWhy third-party accountability still lands on your shouldersWhat actions your business can take today — even as an SMEWhy this isn’t just about compliance — it’s about survivalGet the full show notes and resources at ⁠sittingduck.com.auThis podcast was produced by ⁠National PC⁠, delivering expert cyber security services in ⁠Townsville ⁠and ⁠Cairns ⁠through our ⁠Empower Managed IT⁠ solutions—secure, reliable, and built for North Queensland businesses.

From 30 May 2025, Australian businesses earning over $3 million per year must report any ransomware or cyber extortion payments to the government within 72 hours. In this episode, Leigh explores:What qualifies as a reportable ransomware or cyber extortion paymentWho needs to report and how to calculate turnover thresholdsWhat’s included in the 72-hour reporting requirementWhy these reports matter for Australia’s national cyber defenceHow to prepare your business now before penalties kick in🎯 Book your free Empower Systems Assessment at ⁠nationalpc.com.au/empower⁠🎧 Get the audiobook ⁠Sitting Duck - The Phone Call You Don’t Want to Receive now⁠ on Spotify.This podcast was produced by ⁠⁠National PC⁠⁠, delivering expert ⁠⁠cyber security services⁠⁠ in ⁠⁠Townsville ⁠⁠and ⁠⁠Cairns⁠ ⁠through our ⁠⁠Empower Managed IT⁠⁠ solutions—secure, reliable, and built for North Queensland businesses.

Fatalities caused by cyberattacks in hospitals? That’s what healthcare leaders are bracing for—and that’s just the beginning. In this episode of the Don't Be A Sitting Duck Podcast, Leigh Kefford unpacks the critical cybersecurity threats facing Australia right now.We explore:The growing belief that it’s only a matter of time before a cyberattack leads to death in healthcare.New legislation requiring ransomware payment disclosures in Australia.A global surge in retail breaches hitting brands like Victoria’s Secret and The North Face.Full shownotes available at sittingduck.com.auEach story includes practical actions your business can take to stay one step ahead of cybercriminals.🎯 Book your free Empower Systems Assessment at nationalpc.com.au/empower🎧 Get the audiobook Sitting Duck - The Phone Call You Don’t Want to Receive now on Spotify.This podcast was produced by ⁠National PC⁠, delivering expert ⁠cyber security services⁠ in ⁠Townsville ⁠and ⁠Cairns⁠ through our ⁠Empower Managed IT⁠ solutions—secure, reliable, and built for North Queensland businesses.

In this episode, we delve into the pressing cybersecurity issues facing Australia today. From the dangers of unmanaged digital assets to the rise of AI-generated election misinformation, and the recent malware attacks on major banks, we uncover the vulnerabilities that businesses and individuals must address. Tune in to learn actionable steps to protect your digital environment.​ 👉 Full transcript and show notes available at ⁠sittingduck.com.aucybersecurity threats Australia, unmanaged IT assets, AI misinformation risks, election security Australia, Australian banks cyber attack, malware breach 2025, business cybersecurity, small business IT risk, cybercrime prevention, North Queensland cybersecurity, IT security for law firms, endpoint protection, phishing and malware attacksThis podcast was produced by ⁠National PC⁠, delivering expert ⁠cyber security services⁠ in ⁠Townsville ⁠and ⁠Cairns⁠ through our ⁠Empower Managed IT⁠ solutions—secure, reliable, and built for North Queensland businesses.

Thousands of Australians have had their online banking passwords stolen by stealthy infostealer malware like RedLine and Raccoon Stealer. These credentials are now being sold on dark web marketplaces, putting businesses and individuals at risk. In this episode, I break down how infostealer malware works, why it's so dangerous, and the key steps you must take to protect your business.Episode Notes / Show Notes:How infostealer malware silently steals credentials from AustraliansReal-world breaches involving RedLine and Raccoon Stealer malwareWhy businesses must act urgently to protect sensitive dataPractical cybersecurity steps to defend against info-stealers👉 Full transcript and show notes available at sittingduck.com.auExternal Source Links:ACS Cybersecurity NewsMSN Report on Banking PasswordsABC News CoverageCybersecurity, Australian Cybersecurity, Infostealer Malware, Banking Passwords, Business Security, Malware Attacks, RedLine Stealer, Raccoon Stealer, Small Business Cybersecurity, Don't Be A Sitting Duck PodcastThis podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.

A coordinated cyberattack hit several Australian super funds—including AustralianSuper, Hostplus, and Rest—leading to major financial and data loss. This episode explores how the breach happened, the method known as credential stuffing, and steps businesses can take to avoid a similar fate.Main Stories Covered:Credential stuffing attacks on super funds$500,000 stolen from compromised AustralianSuper accountsThe role of weak passwords and reused credentialsWhy MFA and security audits are now essentialExternal Links:ABC News coverageHostplus official statementCyberDaily articleThis podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.

February 2025 saw ransomware attacks hit an all-time high, with cybercriminals exploiting software vulnerabilities to hold businesses hostage. At the same time, social engineering scams are becoming more deceptive, tricking victims into handing over sensitive information.In this episode, I break down:✅ Why ransomware attacks skyrocketed and how businesses are being targeted✅ The growing threat of social engineering scams and how to spot them✅ Practical steps to protect your data, employees, and financial assetsDon’t wait for a cyberattack to strike—take action now!Get the full show notes and resources at sittingduck.com.au

In this episode, we delve into recent significant cybersecurity incidents: a massive data breach at Brydens Lawyers, ASIC's legal action against FIIG Securities for prolonged cybersecurity failures, and the emergence of the Ballista botnet exploiting vulnerabilities in TP-Link routers. These events highlight the critical need for robust cybersecurity measures across all sectors. For more insights and resources, visit sittingduck.com.au.

Papua New Guinea is going digital—but is it secure?In this episode of Don't Be a Sitting Duck, we dive into the cybersecurity challenges facing PNG’s government, businesses, and critical infrastructure. We discuss real-life cyberattacks—including ransomware incidents affecting PNG’s Department of Finance and the Internal Revenue Commission—and explore what needs to change to protect the nation’s digital future.Key topics covered:The biggest cybersecurity risks facing PNG todayReal-world breaches—what happened & what we can learnGovernment & business accountability in cybersecurityPractical steps for strengthening PNG’s cyber defencesWho should listen? If you're in government, IT, banking, or business in PNG, this episode is a wake-up call for action.Tune in now and start asking the tough questions.Got insights? Want to be part of the conversation? Reach out at sittingduck.com.au/podcast.Subscribe & listen on Spotify, Apple Podcasts & more!Shownotes and links

A major cybersecurity breach has rocked Australia’s healthcare sector. Genea, a leading IVF provider, was hit by a cyberattack that compromised sensitive patient data, exposing medical histories, test results, and personal information on the dark web. In this episode, we break down how the attack happened, why it matters, and—most importantly—what businesses can do to prevent similar breaches.🔗 Show notes & resources: sittingduck.com.au

In this episode of Don't Be A Sitting Duck, we unpack APRA’s latest regulatory updates: CPS 230 on Operational Risk Management and CPS 234 on Information Security. With CPS 230 set to take effect in July 2025, organizations must prepare for stronger risk management, business continuity, and third-party oversight—especially in cloud outsourcing. Plus, we break down CPS 234, which mandates strict cybersecurity controls, risk assessments, and incident response requirements for financial institutions. Get ahead of compliance and fortify your organisation’s resilience—this is one episode you can’t afford to miss! Resources & Next Steps: Check out the show notes and other cybersecurity insights at sittingduck.com.au/podcast Book your free Empower Systems Assessment at nationalpc.com.au/empower Until next time—stay safe, stay informed, and don’t be a sitting duck!

Cybercriminals are relentless, and this week’s stories prove just how high the stakes are. North Korea’s Lazarus Group Strikes Again: The notorious state-backed hacking group has pulled off another major crypto heist, stealing $21 million in Ethereum from the Bybit exchange. But how did they do it, and what does this mean for the future of cryptocurrency security? Australian IVF Data Breach: A major Australian fertility clinic has suffered a devastating data breach, potentially exposing highly sensitive patient records. With medical data being one of the most valuable assets on the dark web, what risks do patients now face? In this episode, we break down how these attacks happened, why they matter, and what businesses should do next to protect themselves. Whether you're in crypto, healthcare, or any industry handling sensitive data, these lessons apply to you. Stay informed. Stay secure. Tune in now to uncover these crucial cybersecurity insights. Resources & Next Steps: Check out the show notes and other cybersecurity insights at sittingduck.com.au/podcast Book your free Empower Systems Assessment at nationalpc.com.au/empower Until next time—stay safe, stay informed, and don’t be a sitting duck!

Papua New Guinea’s Tax Office Hacked – What You Need to Know! The Internal Revenue Commission (IRC) of Papua New Guinea has suffered a devastating ransomware attack, shutting down critical systems and exposing major cybersecurity weaknesses. With government agencies and businesses now on high alert, this breach raises urgent questions about cybersecurity in PNG and beyond. In this episode of the Don't Be A Sitting Duck Podcast, we break down:✅ How the cyberattack happened and what it means for PNG’s government and businesses✅ The real security gaps that left PNG’s tax system vulnerable✅ What businesses must do NOW to protect themselves from ransomware✅ 10 critical cybersecurity actions PNG’s government must take to prevent future attacks If you run a business, this is your wake-up call! Discover how to strengthen your defenses and avoid becoming the next cyber victim. Show notes & free cybersecurity assessment at sittingduck.com.au Listen now and stay ahead of cyber threats!

Is your favorite game a cybersecurity threat? In today’s episode of Don't Be A Sitting Duck, we dive into a shocking Steam malware case where a popular game turned into a digital trap. Plus, the Australian Federal Police have released a romance scam playbook used by criminals—learn how scammers manipulate victims with scripted deception. Lastly, we discuss four practical ways to bring cybersecurity awareness into your community and why proactive education matters more than ever. Stay informed. Stay secure. Tune in now to uncover these crucial cybersecurity insights. Resources & Next Steps: Check out the show notes and other cybersecurity insights at sittingduck.com.au/podcast Book your free Empower Systems Assessment at nationalpc.com.au/empower Until next time—stay safe, stay informed, and don’t be a sitting duck!

In this episode of Don't Be A Sitting Duck, we’re breaking down three major cybersecurity threats that businesses need to be aware of: CommBank & Telstra’s Fraud Detection Partnership – A new fraud indicator system is set to improve identity theft detection by 25%. Learn how this technology works and what businesses can do to protect themselves from financial fraud. Valentine’s Day Phishing Scams – Cybercriminals are taking advantage of the holiday season, creating thousands of fake websites and phishing emails designed to steal personal and payment information. We’ll discuss how to spot these scams before they cause harm. Cybercrime as a National Security Threat – Google warns that cybercrime is evolving into a serious national security risk, with cybercriminals using advanced techniques once reserved for state-sponsored attacks. We’ll explain why businesses need to take this seriously and how to prepare. I’ll break down what these threats mean for your business and, more importantly, how you can take action to stay protected. Don’t wait until it’s too late—get ahead of these risks now. Resources & Next Steps: Check out the show notes and other cybersecurity insights at sittingduck.com.au/podcast Book your free Empower Systems Assessment at nationalpc.com.au/empower Until next time—stay safe, stay informed, and don’t be a sitting duck!

In today’s episode, we dive into three critical cybersecurity threats that businesses can’t afford to ignore. Apple has just released an urgent patch for a zero-day vulnerability affecting iPhones and iPads—find out why it matters and what you should do immediately. Meanwhile, cyber threats in the healthcare sector are escalating, pushing the need for stronger collaboration and proactive defense strategies. And in Australia, cyber attacks have surged to an alarming rate—one every second. I’ll break down what these threats mean for your business and, more importantly, how you can take action to stay protected. Don’t wait until it’s too late—get ahead of these risks now. Resources & Next Steps: Check out the show notes and other cybersecurity insights at sittingduck.com.au/podcast Book your free Empower Systems Assessment at nationalpc.com.au/empower Until next time—stay safe, stay informed, and don’t be a sitting duck!

Artificial Intelligence is evolving, but so are cyber threats. In this episode of Don't Be A Sitting Duck, we break down DeepSeek AI and how cybercriminals are leveraging it to supercharge phishing, malware, and business email compromise attacks. Learn how to defend against AI-driven threats and ensure your business isn’t an easy target. What is DeepSeek AI? How cybercriminals are weaponizing AI Why phishing attacks are getting harder to detect The steps businesses must take to protect themselves Don’t be a sitting duck—stay informed, stay protected. Visit sittingduck.com.au for more cybersecurity insights.

Welcome to another episode of Don’t Be A Sitting Duck! This week, we uncover shocking cybersecurity threats that businesses and individuals must be aware of: North Korean hackers, also known as the Lazarus Group, are using LinkedIn job scams to steal credentials and deploy malware. We’ll break down how this attack works and how you can avoid being a victim. Building a culture of cybersecurity within businesses is critical to defending against cyber threats. We discuss key employee training strategies that turn security awareness into a strength rather than a vulnerability. The Australian Cyber Security Centre (ACSC) has issued a warning about scammers impersonating their organization. We explain what to watch out for and how to verify legitimate ACSC communications. Resources & Links: Show Notes Book your free Empower Systems Assessment Tune in now and stay cyber-safe!

Vorwerk, the company behind Thermomix, has confirmed a data breach affecting users of its Recipe Community forum in Australia, New Zealand, and several European countries. While no passwords or financial information were compromised, personal details—including names, addresses, birthdays, and phone numbers—were accessed by cybercriminals. In this episode of Don't Be A Sitting Duck, we break down: What happened in the breach What data was stolen What you need to do right now to protect yourself How to avoid scams and identity fraud attempts Book your free Empower Systems Assessment at nationalpc.com.au—it’s the easiest way to understand where your business is vulnerable and how to fix it. Stay informed and stay safe—because cybercriminals are always looking for their next easy target. Don’t be a sitting duck for cybercrime.

In this episode of Don't Be A Sitting Duck, we break down three major cybersecurity stories affecting businesses today: DeepSeek AI Banned – Why the Australian Government has banned DeepSeek AI from all government devices. 47 Million Data Breaches in 2024 – One breach every second? The latest report reveals shocking cyber attack statistics. Windows 11 – Act Now! – Businesses must prepare for the transition before it’s too late. Cyber threats are evolving, and now more than ever, businesses must take action to protect themselves. Tune in for expert insights and practical cybersecurity tips. Read more at www.sittingduck.com.au Powered by nationalpc.com.au ️ Subscribe now to stay informed and keep your business secure!

Floods can devastate businesses, causing physical damage and operational chaos—but the risks don’t stop there. In this episode of Don't Be A Sitting Duck, we explore the hidden cybersecurity threats that emerge after a flood. From compromised devices to phishing scams disguised as recovery support, disasters create the perfect storm for cybercriminals to strike. We'll walk you through the essential steps to safeguard your business, including how to handle damaged IT infrastructure, spot post-disaster phishing attacks, and secure your network before reconnecting. Whether you're recovering from a flood or preparing for the unexpected, this episode will help you protect your business from being a sitting duck for cybercrime. Listen now and visit nationalpc.com.au for more tips on securing your business in the aftermath of natural disasters.

In this episode of Don’t Be A Sitting Duck Podcast, we’re uncovering the tricks behind Apple gift card scams—one of the most common and deceptive frauds targeting individuals and businesses alike. Learn how scammers convince victims to pay using gift cards, the warning signs to watch for, and what to do if you’ve been targeted. But knowing the scam isn’t enough. If you want to protect your business with proactive cybersecurity solutions, visit nationalpc.com.au for expert guidance and support tailored to keep your systems safe from evolving threats. What You’ll Learn: How Apple gift card scams work Common scenarios like fake tax calls, tech support scams, and impersonation How to spot these scams and protect yourself Steps to take if you’ve been scammed Take Action:Don’t wait until it’s too late. Visit nationalpc.com.au to secure your business and stay ahead of cybercriminals. Show notes and links to Gift Cards scams go to sittingduck.com.au

In today’s episode of Don’t Be A Sitting Duck Podcast, we break down three major cybersecurity developments: DeepSeek AI Privacy Concerns – Australian ministers are urging caution over the Chinese-developed AI chatbot DeepSeek, citing potential security risks. Dover’s Cybersecurity Emergency – The City of Dover has declared a state of emergency due to a potential cybersecurity breach, highlighting the importance of incident response plans. Top 2025 Cybersecurity Priorities – We explore nine essential priorities to strengthen your cybersecurity strategy this year. Take Action:We provide actionable tips on securing your data, responding to breaches, and building a strong cybersecurity strategy. Visit sittingduck.com.au for more insights.

With a potential cyclone approaching North Queensland, now is the time to ensure your business is ready. In this special ‘Take Caution’ episode, we share critical IT and cybersecurity steps to protect your data, keep operations running, and stay secure. Don’t wait—prepare now!Key Takeaways:Back up and test critical business data before a cyclone forms.Power down non-essential equipment and protect hardware.Ensure cloud-based communication tools are accessible.Watch out for cyber scams targeting disaster response efforts.Have a structured post-cyclone IT recovery plan.Visit National PC Disaster Resources Hub for more resources and proactive IT protection strategies. Need help securing your business? Contact us today.

In today’s episode of Don’t Be A Sitting Duck Podcast, we cover three critical topics shaping the cybersecurity landscape: Numberless Debit Cards in Australia: AMP and Mastercard are introducing Australia’s first debit cards without visible numbers to combat scams and fraud. Vonahi Security’s CREST Accreditation: Learn how this globally recognized certification elevates cybersecurity standards for penetration testing. Email-Based Cyber Attacks Surge in APAC: A 26.9% increase in email threats highlights the growing sophistication of phishing schemes in the region. Take Action Today:We share practical tips to help protect your business from these evolving threats. Visit sittingduck.com.au for more resources and insights.