In this episode of the Don’t Be A Sitting Duck Podcast, we explore two recent and impactful Australian cyber incidents — the University of Sydney data breach and the iiNet customer data exposure. We explain how attackers gained access, what kinds of data were compromised, and most importantly, share actionable advice for businesses to reduce their risk of similar breaches.
Main Stories Covered:
Key Takeaways:
This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.
View Show Notes and full transcript here: https://sittingduck.com.au/podcast/sydney-university-iinet-cyber-breaches-what-businesses-must-learn/
Cyber security is no longer just an IT problem—it’s a board-level responsibility. In this episode, Leigh Kefford breaks down APRA’s CPS 234 Information Security standard in plain English, explaining what it requires, why regulators care, and what happens when controls fail.
We unpack board accountability, third-party risk, security testing, and incident response obligations—and why CPS 234 is fast becoming the benchmark for all Australian businesses, not just banks and insurers.
If your organisation handles sensitive data, relies on cloud providers, or assumes “it won’t happen to us,” this episode is essential listening.
This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.
View Show Notes and full transcript here: https://sittingduck.com.au/podcast/cps-234-explained-why-cyber-security-is-a-board-issue/
Day 12 — The Grand Finale of the National PC 12 Days of Phishmas!
This episode brings together everything covered throughoutthe series into a complete, actionable Phishing Defence Checklist. You’ll learn:
Book your free Empower Systems Assessment:
https://nationalpc.com.au/empower
🎧 More episodes & resources:
Day 11 of the National PC 12 Days of Phishmas!
Today we explore why user behaviour is the biggestcybersecurity risk for every organisation.
Technology alone can't protect your business — people playthe defining role.
In this episode:
🛡 Empower Systems Assessment:
https://nationalpc.com.au/empower
🎧 More episodes:
Day 10 of the National PC 12 Days of Phishmas!
Ransomware attacks don’t start with encryption — they startwith access, usually through a phishing email.
This episode breaks down each stage of the ransomware attack chain and shows how to stop it early.
You’ll learn:
https://nationalpc.com.au/empower
🎧 More episodes:
Day 9 of the National PC 12 Days of Phishmas!
Cybercriminals don’t always break into systems — sometimesthey break into people.
This episode explores how scammers use publicly availableinformation, emotional manipulation, and behavioural cues to create targetedattacks.
In this episode:
🛡 Book your free Empower Systems Assessment:
https://nationalpc.com.au/empower
🎧 More episodes:
https://sittingduck.com.au
Day 8 of the National PC 12 Days of Phishmas!
Today we’re breaking down Account Takeover (ATO) andHijacked Email Threads — two of the most convincing and damaging forms of phishing.
In this episode:
🛡 Book your free Empower Systems Assessment:
https://nationalpc.com.au/empower
🎧 More episodes:
https://sittingduck.com.au
Why fake documents and shared file links are one of the most dangerous phishing threats for businesses.Day 6 of the 12 Days of Phishmas!
Today’s episode breaks down one of the biggest ways cybercriminals gain access to your systems: malicious attachments and cloud file impersonation.
These scams use fake PDFs, ZIP files, SharePoint links, OneDrive invites, and Google Drive notifications to infect your device or steal your credentials.
In this episode:
🛡️ Book your free Empower Systems Assessment:
https://nationalpc.com.au/empower
🎧 More episodes & resources:
https://sittingduck.com.au
🎄 Welcome to Day 1 of the 12 Days of Phishmas!
We’re kicking off the series with the foundation of all cyber awareness:
🔍 The Most Common Phishing Red Flags
These are the warning signs scammers can’t hide — the little clues that tell you something isn’t right.
And understanding them can prevent the vast majority of cyber incidents.
In this episode, I break down:
Most cyberattacks start with a single email.
Learning the early red flags is one of the simplest, most powerful defences you can build.
🛡 Want more tools to protect your business?
Book your free Empower Systems Assessment:
nationalpc.com.au/empower
🎧 Explore more episodes and resources at:
sittingduck.com.au
📘 Check out the audiobook:
Sitting Duck – The Phone Call You Don’t Want To Receive
Have a question? Reach out on LinkedIn — We're always happy to help. Stay safe, stay sceptical…
And don’t be a sitting duck.
Australian retailers are quietly reintroducing facial recognition technology—even after public backlash. In this episode, Leigh breaks down why stores are turning to AI-driven biometric surveillance, what risks it creates for customers, and why business leaders should think carefully before deploying similar tools.
We explore how the technology works, why it’s making a comeback, and the serious privacy, ethical, and governance implications you need to understand. Plus, practical advice for businesses considering advanced security systems.
This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.
View Show Notes and full transcript here: https://sittingduck.com.au/podcast/australias-retailers-are-quietly-bringing-back-facial-recognition/
In this episode, we look at a major cyber-attack that forced multiple London councils offline, cutting essential services for hundreds of thousands of residents — and a shocking new report showing Australia’s mining and manufacturing sectors often take months (or longer) to detect and report data breaches, exposing personal data of millions. We break down how these incidents unfolded, why they matter even for organisations far away from government or heavy industry, and most importantly — what you can do to protect your business.
This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.
View Show Notes and full transcript here: https://sittingduck.com.au/podcast/cyber-attack-shuts-down-london-councils-aussie-industry-breaches-exposed/
This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.
View Show Notes and full transcript here: https://sittingduck.com.au/podcast/vietnams-social-media-heists-the-rise-of-asias-cybercrime-underground/
In this episode of Don’t Be A Sitting Duck, I break down two critical risks for Australian organisations: the rising role of human error in data breaches, and the ever-present threat of ransomware. Using the latest figures from the OAIC and industry commentary, we explore how staff mistakes and mis-configurations are now major breach drivers, and why ransomware remains such a potent business continuity threat. I also share actionable steps you can take now to minimise risk, tighten your defences and ensure you're ready if the worst happens.
Key Takeaways
This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.
View Show Notes and full transcript here: https://sittingduck.com.au/podcast/human-error-and-ransomware-risks-australian-businesses/
Ransomware has become the most disruptive threat facing Australian businesses today. From small councils to local manufacturers, attacks are happening closer to home — and they’re getting smarter, faster, and more ruthless. In this episode, Leigh Kefford explores how ransomware works, what recent attacks reveal, and what practical steps every business can take to stay protected.
Key Takeaways:
Ransomware spreads quickly through email, unpatched systems, and remote access.
Paying the ransom doesn’t guarantee recovery — backups and prevention are key.
Multi-factor authentication and staff training remain the most effective defences.
Every business, no matter how small, is a potential target.
This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.
View Show Notes and full transcript here: https://sittingduck.com.au/podcast/ransomware-realities-what-you-need-to-know/
This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.
View Shownotes and full transcript here: https://sittingduck.com.au/podcast/nsw-ai-data-breach-dodo-hack-cybersecurity-lessons/
This week on the Don’t Be A Sitting Duck Podcast, Leigh Kefford explores three major Australian cyber incidents — revealing how ransomware groups and vendor breaches continue to challenge even the most trusted organisations.
This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.
View Shownotes and full transcript here: https://sittingduck.com.au/podcast/australian-ransomware-wave-law-boats-air-services/
In this episode, we dig into two gripping and high-stakes stories in cybersecurity. First, Qantas is one of nearly 40 global firms being extorted over stolen data from Salesforce, now leaking millions of customer records. Then, in Australia, a health services firm becomes the first to face a major civil penalty—$5.8 million—for a data breach that exposed sensitive personal records. These twin lessons underscore just how fast the regulatory and threat landscape is evolving.
You’ll hear clear, actionable advice for your business: how to defend against vishing attacks, contain data exposure, plan incident responses, and stay on the right side of privacy regulators.
This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.
View Shownotes and full transcript here: https://sittingduck.com.au/podcast/qantas-data-breach-australia-privacy-penalty/
In this episode of the Don’t Be A Sitting Duck Podcast, Leigh Kefford unpacks three alarming cyber incidents that reveal just how far attackers are willing to go:
These cases show a disturbing reality: no industry is off-limits, and cybercriminals are increasingly targeting healthcare, manufacturing, and even childcare. Leigh explains how the attacks unfolded, why they matter, and—most importantly—what actions your business can take to avoid becoming the next headline.
This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.
View Shownotes and full transcript here: https://sittingduck.com.au/podcast/cyberattacks-pharmacy-brewer-uk-nursery/
In this episode, we unpack the alarming rise of state‑sponsored Chinese cyber actors compromising critical infrastructure—from backbone routers to military and government networks. You'll learn how these Advanced Persistent Threat groups maintain stealthy, long‑term access, and why this matters for national and business security.
We break down how the attacks happen, explain the global coordination behind recent advisories, and offer smart, actionable steps you can take now to protect your organisation.
This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.
View Shownotes and full transcript here: https://sittingduck.com.au/podcast/chinese-state%e2%80%91sponsored-cyber-threat/
This episode uncovers a stealthy cyber‑attack slipping through inbox filters: Microsoft 365 calendar phishing. Scammers send fake billing alerts—like “Payment Failed” or “Account Suspended”—directly to your calendar. Without clicking anything, the threat arrives. We explain how they exploit default invite settings, why deleting or responding can put you on their radar, and most importantly, how you and your team can defend against it.
You’ll learn actionable steps: ignore suspicious invites, use inbox tools wisely, verify via official channels, and empower your business with layered protection.
This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.