Don't Be A Sitting Duck Podcast

Cyber security is no longer just an IT problem—it’s a board-level responsibility. In this episode, Leigh Kefford breaks down APRA’s CPS 234 Information Security standard in plain English, explaining what it requires, why regulators care, and what happens when controls fail.We unpack board accountability, third-party risk, security testing, and incident response obligations—and why CPS 234 is fast becoming the benchmark for all Australian businesses, not just banks and insurers.If your organisation handles sensitive data, relies on cloud providers, or assumes “it won’t happen to us,” this episode is essential listening.This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.View Show Notes and full transcript here: https://sittingduck.com.au/podcast/cps-234-explained-why-cyber-security-is-a-board-issue/

Day 12 — The Grand Finale of the National PC 12 Days of Phishmas! This episode brings together everything covered throughoutthe series into a complete, actionable Phishing Defence Checklist. You’ll learn: The essential controls all businesses needEmail, identity, device & cloud protectionsUser behaviour improvementsBackup & recovery readiness Tips for suppliers, payments & culture Book your free Empower Systems Assessment:https://nationalpc.com.au/empower 🎧 More episodes & resources:https://sittingduck.com.au

Day 11 of the National PC 12 Days of Phishmas! Today we explore why user behaviour is the biggestcybersecurity risk for every organisation.Technology alone can't protect your business — people playthe defining role. In this episode:Why humans are targetedHow attackers use trust & urgencyThe psychology behind phishingWhat data harvesting revealsHow to reduce human errorHow to build a culture of cybersecurity🛡 Empower Systems Assessment:https://nationalpc.com.au/empower🎧 More episodes:https://sittingduck.com.au

Day 10 of the National PC 12 Days of Phishmas! Ransomware attacks don’t start with encryption — they startwith access, usually through a phishing email.This episode breaks down each stage of the ransomware attack chain and shows how to stop it early. You’ll learn: How attackers gain initialaccessWhat lateral movement lookslikeHow payloads are deployedWhy backups get targetedHow extortion and data theftworkThe key defences that breakthe chainhttps://nationalpc.com.au/empower 🎧 More episodes:https://sittingduck.com.au

Day 9 of the National PC 12 Days of Phishmas! Cybercriminals don’t always break into systems — sometimesthey break into people.This episode explores how scammers use publicly availableinformation, emotional manipulation, and behavioural cues to create targetedattacks. In this episode: Where attackers gather informationHow social engineering manipulates usersWhy emotions create cyber vulnerabilitiesHow attackers use context to increase successWhat businesses can do to reduce risk🛡 Book your free Empower Systems Assessment:https://nationalpc.com.au/empower🎧 More episodes:https://sittingduck.com.au

Day 8 of the National PC 12 Days of Phishmas! Today we’re breaking down Account Takeover (ATO) andHijacked Email Threads — two of the most convincing and damaging forms of phishing.In this episode: How attackers gain access to real inboxesWhy hijacked threads are so effectiveWhat signs to look forHow these attacks lead to financial lossThe essential steps to protect your organisation 🛡 Book your free Empower Systems Assessment:https://nationalpc.com.au/empower 🎧 More episodes:https://sittingduck.com.au

Why fake documents and shared file links are one of the most dangerous phishing threats for businesses.Day 6 of the 12 Days of Phishmas!Today’s episode breaks down one of the biggest ways cybercriminals gain access to your systems: malicious attachments and cloud file impersonation.These scams use fake PDFs, ZIP files, SharePoint links, OneDrive invites, and Google Drive notifications to infect your device or steal your credentials.In this episode:How malicious attachments deliver malwareWhy fake cloud links are so convincingReal examples from Australian businessesWhat happens after you clickHow to protect your staff and systems🛡️ Book your free Empower Systems Assessment:https://nationalpc.com.au/empower🎧 More episodes & resources:https://sittingduck.com.au

🎄 Welcome to Day 1 of the 12 Days of Phishmas!We’re kicking off the series with the foundation of all cyber awareness:🔍 The Most Common Phishing Red FlagsThese are the warning signs scammers can’t hide — the little clues that tell you something isn’t right.And understanding them can prevent the vast majority of cyber incidents.In this episode, I break down:The red flags hidden inside phishing emailsWhy scammers rely on small details to trick peopleHow formatting, urgency, and sender details give them awayReal-world examples I see in Australian businessesWhat you can do to protect yourself and your teamMost cyberattacks start with a single email.Learning the early red flags is one of the simplest, most powerful defences you can build.🛡 Want more tools to protect your business?Book your free Empower Systems Assessment:nationalpc.com.au/empower🎧 Explore more episodes and resources at:sittingduck.com.au📘 Check out the audiobook:Sitting Duck – The Phone Call You Don’t Want To ReceiveHave a question? Reach out on LinkedIn — We're always happy to help. Stay safe, stay sceptical…And don’t be a sitting duck.

Australian retailers are quietly reintroducing facial recognition technology—even after public backlash. In this episode, Leigh breaks down why stores are turning to AI-driven biometric surveillance, what risks it creates for customers, and why business leaders should think carefully before deploying similar tools.We explore how the technology works, why it’s making a comeback, and the serious privacy, ethical, and governance implications you need to understand. Plus, practical advice for businesses considering advanced security systems.This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.View Show Notes and full transcript here: https://sittingduck.com.au/podcast/australias-retailers-are-quietly-bringing-back-facial-recognition/

In this episode, we look at a major cyber-attack that forced multiple London councils offline, cutting essential services for hundreds of thousands of residents — and a shocking new report showing Australia’s mining and manufacturing sectors often take months (or longer) to detect and report data breaches, exposing personal data of millions. We break down how these incidents unfolded, why they matter even for organisations far away from government or heavy industry, and most importantly — what you can do to protect your business.This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.View Show Notes and full transcript here: https://sittingduck.com.au/podcast/cyber-attack-shuts-down-london-councils-aussie-industry-breaches-exposed/

Vietnam’s cybercriminals aren’t just hacking servers — they’re hijacking social media business accounts. In this episode, Leigh Kefford breaks down new findings from the CrowdStrike 2025 APJ eCrime Landscape Report — including how Vietnamese malware like Ailurophile Stealer is stealing ad accounts, the rise of Chinese-language cybercrime marketplaces, and why AI-driven ransomware is changing the game.You’ll learn practical steps to protect your organisation, from tightening account controls to understanding how regional threat actors operate.This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.View Show Notes and full transcript here: https://sittingduck.com.au/podcast/vietnams-social-media-heists-the-rise-of-asias-cybercrime-underground/

In this episode of Don’t Be A Sitting Duck, I break down two critical risks for Australian organisations: the rising role of human error in data breaches, and the ever-present threat of ransomware. Using the latest figures from the OAIC and industry commentary, we explore how staff mistakes and mis-configurations are now major breach drivers, and why ransomware remains such a potent business continuity threat. I also share actionable steps you can take now to minimise risk, tighten your defences and ensure you're ready if the worst happens.Key TakeawaysHuman error now accounts for around 37 % of reported breaches in Australia.Malicious attacks (including ransomware/phishing) remain the primary cause of breaches.Ransomware is not just a data loss event — it’s a business continuity and reputational risk.Practical defence involves training, segmentation, MFA/backups, vendor oversight and incident readiness.Book an assessment, test your recovery, and assume the unexpected.This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.View Show Notes and full transcript here: https://sittingduck.com.au/podcast/human-error-and-ransomware-risks-australian-businesses/

Ransomware has become the most disruptive threat facing Australian businesses today. From small councils to local manufacturers, attacks are happening closer to home — and they’re getting smarter, faster, and more ruthless. In this episode, Leigh Kefford explores how ransomware works, what recent attacks reveal, and what practical steps every business can take to stay protected.Key Takeaways:Ransomware spreads quickly through email, unpatched systems, and remote access.Paying the ransom doesn’t guarantee recovery — backups and prevention are key.Multi-factor authentication and staff training remain the most effective defences.Every business, no matter how small, is a potential target.This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.View Show Notes and full transcript here: https://sittingduck.com.au/podcast/ransomware-realities-what-you-need-to-know/

Today’s episode unpacks two alarming cybersecurity incidents in Australia that should act as red alerts for every business. First, we look at how a contractor for a government flood-recovery program uploaded thousands of applicant records into ChatGPT without authorisation—revealing vulnerabilities in AI tool usage. Then we dive into a breach at telco Dodo (and its parent Vocus Group) where email accounts were compromised and SIM swaps executed. What went wrong, why it matters, and—most importantly—what your business needs to do next.This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.View Shownotes and full transcript here: https://sittingduck.com.au/podcast/nsw-ai-data-breach-dodo-hack-cybersecurity-lessons/

This week on the Don’t Be A Sitting Duck Podcast, Leigh Kefford explores three major Australian cyber incidents — revealing how ransomware groups and vendor breaches continue to challenge even the most trusted organisations.WA law firm confirms breach following Anubis ransomware claimMalibu Boats Australia targeted by Qilin ransomware gangAir Services Australia vendor data exposure under investigationThis podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.View Shownotes and full transcript here: https://sittingduck.com.au/podcast/australian-ransomware-wave-law-boats-air-services/

In this episode, we dig into two gripping and high-stakes stories in cybersecurity. First, Qantas is one of nearly 40 global firms being extorted over stolen data from Salesforce, now leaking millions of customer records. Then, in Australia, a health services firm becomes the first to face a major civil penalty—$5.8 million—for a data breach that exposed sensitive personal records. These twin lessons underscore just how fast the regulatory and threat landscape is evolving.You’ll hear clear, actionable advice for your business: how to defend against vishing attacks, contain data exposure, plan incident responses, and stay on the right side of privacy regulators.This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.View Shownotes and full transcript here: https://sittingduck.com.au/podcast/qantas-data-breach-australia-privacy-penalty/

In this episode of the Don’t Be A Sitting Duck Podcast, Leigh Kefford unpacks three alarming cyber incidents that reveal just how far attackers are willing to go:Toowoomba Pharmacy Ransomware Attack – The Friendly Society Dispensary hit by the DragonForce group, with nearly 36GB of sensitive staff and patient data stolen.Asahi Group Cyberattack in Japan – A global beverage giant forced to halt factory operations when IT systems collapsed, disrupting orders, shipping, and production.UK Nursery Chain Hack – Kido nurseries breached by hackers claiming to hold data on more than 8,000 children, including names, photos, and safeguarding reports.These cases show a disturbing reality: no industry is off-limits, and cybercriminals are increasingly targeting healthcare, manufacturing, and even childcare. Leigh explains how the attacks unfolded, why they matter, and—most importantly—what actions your business can take to avoid becoming the next headline.This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.View Shownotes and full transcript here: https://sittingduck.com.au/podcast/cyberattacks-pharmacy-brewer-uk-nursery/

In this episode, we unpack the alarming rise of state‑sponsored Chinese cyber actors compromising critical infrastructure—from backbone routers to military and government networks. You'll learn how these Advanced Persistent Threat groups maintain stealthy, long‑term access, and why this matters for national and business security.We break down how the attacks happen, explain the global coordination behind recent advisories, and offer smart, actionable steps you can take now to protect your organisation.This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.View Shownotes and full transcript here: https://sittingduck.com.au/podcast/chinese-state%e2%80%91sponsored-cyber-threat/

This episode uncovers a stealthy cyber‑attack slipping through inbox filters: Microsoft 365 calendar phishing. Scammers send fake billing alerts—like “Payment Failed” or “Account Suspended”—directly to your calendar. Without clicking anything, the threat arrives. We explain how they exploit default invite settings, why deleting or responding can put you on their radar, and most importantly, how you and your team can defend against it.You’ll learn actionable steps: ignore suspicious invites, use inbox tools wisely, verify via official channels, and empower your business with layered protection.This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.

In this episode, we dig into the newly discovered FileFix attack—a clever and stealthy cyber trick that exploits how people use their clipboard. No malware. No download. Just voice‑less manipulation of Windows Explorer and the clipboard to execute hidden PowerShell commands. We’ll break down how it works, why it’s so dangerous, and what businesses should do today to stay protected.Click here for full Transcript, shownotes and resources This podcast was produced by National PC, delivering expert cyber security services in Townsville and Cairns through our Empower Managed IT solutions—secure, reliable, and built for North Queensland businesses.