version 26.6.3 · Western Australia · Est. 2011 ··HP · Yealink · Ubiquiti · Kyocera · Microsoft Partner & Reseller
— In the News

Practical commentary,
from the field.

What the Microsoft 365 and Australian SMB IT space has actually been doing over the last nine months — anchored to real sources.

A printed privacy notice on a desk
Australian regulation23 June 2026

If software makes the decision, you’ll soon have to say so

From 10 December 2026, businesses that use automated systems to make decisions affecting individuals must disclose it in their privacy policy. Chatbots and triage tools count.

A close-up of a network switch with connected cables
Identity & access19 June 2026

FortiBleed — 75,000 Fortinet VPN credentials, and why the edge keeps doing this

Mid-June saw a dataset of valid credentials for an estimated 75,000 Fortinet firewalls and SSL-VPN gateways validated in the wild. If your perimeter is a VPN box, this is your reminder.

Human and robotic hands reaching toward an AI interface
AI & governance18 June 2026

Agent 365 is here — govern the agents before you turn them loose

Microsoft made Agent 365 and the M365 E7 plan generally available. AI agents that act on your data need the same governance discipline you (should) already apply to Copilot.

A server room with rows of servers
Backup & DR17 June 2026

Your backup server is an attack surface — patch it like one

A new remote-code-execution flaw in Veeam Backup & Replication is a reminder that the system protecting your data is also a high-value target. Backup infrastructure needs the same patch discipline as everything else.

A hooded figure at a computer in a dark room
Threat intelligence16 June 2026

“The Gentlemen” and the edge-appliance playbook everyone keeps falling for

A ransomware-as-a-service crew that barely existed in mid-2025 is now one of the most active of 2026 — built almost entirely on compromising internet-facing VPNs, firewalls and management interfaces.

A smartphone showing a padlock and data-protection prompt
Threat intelligence13 June 2026

Kali365 — the $250 kit that walks straight through your MFA

The FBI and multiple security firms are warning about Kali365, an off-the-shelf phishing kit that steals Microsoft 365 session tokens after MFA succeeds. Adversary-in-the-middle attacks are now a commodity.

A person working at a laptop in an office
AI & governance12 June 2026

Shadow AI by the numbers: a third of staff have already pasted in customer data

The 2026 data on unsanctioned AI use is in, and it’s worse than most owners assume. Shadow-AI-related breaches cost an average of US$670,000 more — and most affected businesses had no AI policy at all.

A computer screen filled with code
Microsoft 36511 June 2026

June’s Patch Tuesday: ~200 fixes, three zero-days, and why cadence is the whole game

Microsoft’s June 2026 update fixed close to 200 vulnerabilities, including three publicly disclosed zero-days and critical flaws in HTTP.sys, Hyper-V and BitLocker. The differentiator isn’t knowing — it’s patching fast.

A historic courthouse with a clock tower
Australian regulation9 June 2026

100,000 small businesses get pulled under the Privacy Act on 1 July

From 1 July 2026, AML-CTF reforms drag real-estate agents, accountants, conveyancers, lawyers and high-value-goods dealers into Privacy Act obligations — many for the first time.

An open-plan modern office interior
Microsoft 3656 June 2026

Microsoft 365 prices rise on 1 July — and Copilot stops being optional

New commercial pricing takes effect 1 July 2026: E3 moves to $39, E5 to $60, and the standalone Copilot add-on folds into the plans. A pre-July commitment can lock current rates.

A video conference on a computer screen
Microsoft 3654 June 2026

The Exchange Online outage that stopped mail on three continents

Incident EX1331830 delayed email across North America, Asia-Pacific and Europe in early June. The cause was Microsoft’s; the lesson, as ever, is that your continuity plan can’t assume the cloud never blinks.

A hard disk drive close-up
Backup & DR2 June 2026

Why ransomware still wins when you “have backups”

Acronis’s May analysis explains the recurring failure: backups that share a domain, credentials and network with the systems they protect aren’t a recovery plan — they’re a second target.

Fibre-optic cabling in a data centre
AVD & cloud workspace1 June 2026

Your AI features now have a region dependency — Australia East found out

A late-May Azure OpenAI incident hit Australia East particularly hard. As AI gets wired into everyday workflows, the resilience question moves from “is email up?” to “is the model up?”

Performance analytics charts on a laptop
Backup & DR30 May 2026

90% feel safe. Under a third actually recover. Veeam’s 2026 numbers.

Veeam’s Data Trust and Resilience Report 2026 found a wide gap between recovery confidence and recovery reality — only 28% of ransomware victims fully recovered their data.

A red padlock on a computer keyboard
Essential Eight29 May 2026

Essential Eight is now the price of cyber insurance

In 2026 the Essential Eight has shifted from “recommended” to expected — and cyber insurers are now asking for proof of maturity before they’ll quote, renew or pay.

A small-business owner with an open sign
Industry data27 May 2026

Verizon’s 2026 DBIR: 96% of ransomware victims are small business

The new Data Breach Investigations Report makes the SMB picture stark — 96% of ransomware victims of known size were SMBs, and vulnerability exploitation is now the single biggest way in.

A desktop computer on a desk
Microsoft 36526 May 2026

Windows 10 is out of support — the ESU bridge is a stopgap, not a plan

Windows 10 hit end of support on 14 October 2025. Extended Security Updates buy time, but the meter is running and the price doubles each year. If Windows 10 is still in your estate, the clock is the point.

A data dashboard on a screen
Threat intelligence25 May 2026

cPanel/WHM under active exploitation — patch the panel you forgot you run

The ACSC flagged active exploitation of a cPanel/WebHost Manager flaw (CVE-2026-4194). Web-hosting control panels are exactly the kind of internet-facing admin surface that gets overlooked.

Power transmission lines at dusk
Australian regulation24 May 2026

ACSC flags a surge against critical infrastructure — and the lesson travels down

The ACSC reports a rise in attacks targeting Australia’s critical infrastructure, with the policy focus shifting to resilience. Even if you’re not critical infrastructure, the threat model is the same one aimed at you.

A laptop screen showing a red security shield
Threat intelligence22 May 2026

ClickFix: the “fix it yourself” prompt that runs malware for the attacker

The ACSC warned of ClickFix campaigns spreading through compromised WordPress sites. The trick is social, not technical — it convinces the user to paste and run the malicious command themselves.

Two monitors on a desk workspace
AVD & cloud workspace21 May 2026

Cloud desktops just got 20% cheaper — and AVD Hybrid changes the maths

Microsoft cut Windows 365 Business pricing by 20%, renamed Frontline to Flex, and previewed AVD Hybrid for running cloud-managed desktops on your own servers. The cloud-desktop calculation is worth redoing.

Signing a document at a desk
Australian regulation20 May 2026

Ransomware payment reporting is now enforced, not just explained

Australia’s mandatory 72-hour ransomware-payment reporting regime has moved past its education-first grace period. From January 2026 the focus is compliance and enforcement.

A modern office workspace with laptops and screens
Microsoft 36515 May 2026

The January 2026 M365 outage — what really took it down

Microsoft attributed the global M365 disruption to a maintenance event and third-party network issue, not an attack. The lesson for SMBs is BCDR, not blame.

A close-up of a smartphone screen showing a QR code
Email security8 May 2026

QR-code phishing doubled in Q1 2026 — your existing filters won't see it

Microsoft's Threat Intelligence team blocked 8.3 billion phishing emails in Q1 2026. The fastest-growing vector: QR codes that move the attack off email and onto an unmanaged phone.

A data centre server rack with status lights
Threat intelligence30 April 2026

Verizon's 2025 DBIR: 88% of SMB breaches now involve ransomware

The annual Data Breach Investigations Report puts the SMB ransomware rate at 88% — and notes operators now disrupt backups in the first hour of intrusion.

A close-up of a circuit board with bright accents
AI & governance24 April 2026

If you turn Copilot on before Purview, you have a data problem

Copilot reads what your users can read. Without sensitivity labels and access scoping, that's everything in SharePoint. Purview before Copilot — not after.

An abstract padlock visualisation in security colours
Essential Eight17 April 2026

Essential Eight 2026 — tighter, not optional

The ACSC is pushing Essential Eight from box-tick to measurable. Patching speed, privileged access discipline, and hardening are the three areas tightening this year.

A government building exterior in neutral tones
Australian regulation10 April 2026

72 hours to report — Australia's mandatory ransomware payment law is live

Since May 2025, organisations with turnover above $3M (or critical-infrastructure responsibility) must report any ransomware payment to the ASD within 72 hours.

A team meeting with legal documents on a desk
Australian regulation3 April 2026

Privacy Act expansion — 100,000+ small businesses regulated from 1 July 2026

An estimated 100,000 small businesses become Privacy Act-regulated from 1 July 2026. If you handle customer data and you've never read the APPs, the time is now.

A network cabinet with cables and indicator lights
Identity & access27 March 2026

Your VPN is the breach vector. Stop calling it the perimeter.

Microsoft's 2026 threat reporting consistently puts VPN authentication at the start of domain-wide compromise. AVD with Conditional Access is the modern replacement.

A close-up of server hardware in a clean enclosure
Backup & DR20 March 2026

Immutable backup is the baseline now. Tested immutable backup is the standard.

Modern ransomware operators delete or encrypt backups before triggering the main payload. Immutable storage plus monthly restore-tests is no longer optional.

A small business shopfront with morning light
Industry data13 March 2026

The $254K SMB attack — and why insurance doesn't make it go away

Microsoft Security pegs the average SMB cyber-attack cost at $254,445. NinjaOne data shows 60% of SMBs fail within six months of a serious breach.

A developer monitor with code on a dark background
Microsoft 3656 March 2026

Microsoft critical vulnerabilities doubled in 2025 — what that actually means

Critical Microsoft vulnerabilities surged from 78 to 157 year-over-year. Azure and Dynamics critical CVEs jumped 9x. Patching cadence is the differentiator.

A person reviewing a laptop dashboard
Microsoft 36527 February 2026

Microsoft 365 Business Premium is doing more work than most owners realise

M365 Business Premium quietly bundles Intune, Defender for Business, Conditional Access and AIP. Most SMBs are paying for it and using ~30% of it.

A monitor showing security data and analytics
Threat intelligence20 February 2026

AI-powered phishing — when the bait stops being clumsy

The new generation of phishing campaigns uses generative AI to produce grammatically perfect, context-aware lures. The old "watch for bad English" advice is dead.

A modern dual-monitor workstation with a laptop
AVD & cloud workspace13 February 2026

AVD without cost control is an Azure invoice waiting to surprise you

Azure Virtual Desktop is powerful and, without orchestration, expensive. Nerdio Manager Enterprise auto-scales host pools and keeps the monthly bill predictable.

A close-up of a phone showing an authenticator app
Identity & access6 February 2026

Security Defaults isn't Conditional Access — don't confuse the two

M365's free Security Defaults are a good starting line. Conditional Access is the actual finishing line, and most SMBs need it.

An analytics dashboard on a desktop screen
MSP industry30 January 2026

Supply-chain attacks via MSP tooling — why your provider's posture is your posture

MSP tooling has been a high-value target for nation-state and ransomware groups for years. In 2025–26, your provider's RMM and PSA are part of your attack surface.

A close-up of computer components and circuitry
Australian regulation23 January 2026

ACSC responded to 1,200+ incidents in FY24–25 — up 11%

The Australian Cyber Security Centre's annual figures show 1,200+ incidents responded to and 1,700+ alerts issued. The volume isn't slowing.

A team in discussion over a laptop and notebooks
Industry data16 January 2026

The thirteen ways IT delivery breaks in fast-growing firms

DKB Innovative's 2026 analysis of managed-IT delivery problems is required reading for any SMB outgrowing its current provider.

A modern multi-storey commercial building
Microsoft 3659 January 2026

Azure, Dynamics 365 and M365 — fresh IRAP assessments published

Microsoft's 2026 independent IRAP assessments of Azure, Dynamics 365 and M365 are now available, supporting Australian Government and regulated-industry workloads.

A laptop screen showing an AI chat interface
AI & governance2 January 2026

Shadow AI — your staff are using it. Your governance probably isn't.

Staff are pasting client data into ChatGPT, Claude, Gemini and a dozen other tools to get work done. The governance question is what you do about it — not whether it's happening.

A team meeting in a modern office with screens
Microsoft 36522 December 2025

The December 2025 Teams outage — messaging delay, real lessons

Microsoft Teams suffered a significant worldwide messaging-delay event on 20 December 2025. The cause was infrastructure. The lesson is comms-channel diversity.

A bright modern office with multiple monitors
Microsoft 36515 December 2025

Office 365 vs Microsoft 365 — still the most-asked question of 2025

The naming is genuinely confusing. The licensing matters. A short guide to which SKU SMBs should actually be on in 2026.

Server cabinets with diagnostic lighting
Threat intelligence8 December 2025

Why ransomware victims pay — and why "don't pay" is harder than it sounds

The "never pay" mantra is sound public-policy advice. It's also a much harder call when it's your business and your customers' data on the clock.

An abstract security visualisation with light trails
Essential Eight1 December 2025

Essential Eight maturity levels — stop treating ML1 as a destination

Maturity Level One was always a starting line. In 2026 it's increasingly being read by insurers and regulators as the floor, not the goal.

A formal building exterior with classical architecture
Australian regulation24 November 2025

Australia's new statutory tort for serious invasions of privacy — quietly active

Since 10 June 2025, individuals can sue for serious invasions of privacy directly under a new statutory tort. The bar is high. The exposure is real.

A spreadsheet and analytics on a screen
Industry data17 November 2025

What SMBs are actually spending on cybersecurity in 2026

Industry data through 2025–26 shows SMB cyber spend rising sharply — driven less by enthusiasm than by insurance, customer questionnaires, and recent pain.

A digital workspace with audit dashboards
AI & governance10 November 2025

Microsoft's official guidance: enable Purview Audit before turning Copilot on

Microsoft's own Learn documentation now states: enable Purview Audit before Copilot activation, and verify that Copilot-specific events are captured.

A server room with rack equipment
Microsoft 3653 November 2025

Windows Server 2016 — the end-of-life conversation everyone's deferring

Mainstream support for Windows Server 2016 ended in January 2022. Extended support ended January 2027. If it's still in your environment, the migration window is closing.

A monitor with security log analysis
Threat intelligence27 October 2025

Session token theft — the MFA-bypass trend you can't ignore

MFA is no longer enough on its own. Adversary-in-the-middle attacks steal session tokens after auth completes. The defence is Conditional Access and continuous evaluation.

A modern data centre with blue ambient light
Backup & DR20 October 2025

Backup vendors becoming security vendors — the Acronis MDR direction

The line between backup and security has blurred. Acronis, Veeam and others now ship MDR overlays on top of the data-protection stack. The convergence is the point.

A document and folder workspace overhead view
Microsoft 36513 October 2025

SharePoint permissions audit — the silent prerequisite for everything else

Most SMB SharePoint environments have years of permission sprawl. Copilot, sensitivity labels, and DLP all assume the permissions are right. They usually aren't.

A bright shopfront representing small business
Industry data6 October 2025

The hidden risk report — why high-stakes SMBs need proactive managed services

Breaking AC's May 2026 analysis catalogues the recurring "hidden" IT risks in high-stakes SMBs. None are exotic. All are expensive when they bite.

A corporate office building exterior
MSP industry29 September 2025

The MSP staffing shortage — why your tickets sit longer than they used to

The 2026 MSP industry data points to a sustained engineering-talent shortage. The visible effect on customers is slower response, junior reassignments, and churn.

Financial spreadsheets and cost analytics
AVD & cloud workspace22 September 2025

Azure cost controls in 2026 — what most SMBs are still leaving on the table

Azure has accumulated a stack of cost-management features over the past two years. Most SMB tenants use a fraction. The unused features are usually the biggest payoff.

A calendar and notebook on a desk
Australian regulation15 September 2025

Data Privacy Week 2026 — the practical things SMBs should actually do

Data Privacy Week is a useful annual prompt. Use it for the housekeeping work that doesn't get done the other 51 weeks of the year.

An AI assistant interface on a laptop
AI & governance8 September 2025

Purview DLP for Copilot prompts — finally a sensible control surface

Microsoft's Purview DLP now supports prompt-level controls for Copilot. You can specify what kinds of content Copilot is allowed to be asked about, and what isn't.

A printer and office equipment in a workspace
Microsoft 3651 September 2025

Legacy authentication retirement — the migration the industry kept deferring

Microsoft has been pushing legacy auth retirement for years. In 2026, the deferrals stop being optional. Identify dependencies and plan the remediation.

A printed document and pen on a desk
Backup & DR25 August 2025

The minimum-viable incident response runbook — four pages, written this month

Most SMBs don't have a written incident-response plan. They will. The question is whether it gets written this month, or under deadline at 2 a.m.

Laptops and devices in a modern workspace
Identity & access18 August 2025

Intune device compliance — the policy you already own, the policy you should turn on

Intune-driven device compliance ties Conditional Access to device posture. It's bundled in Business Premium. Most SMBs are paying for it and not using it.

A modern team working in a collaborative office
MSP industry11 August 2025

The quiet disappearance of break-fix IT

Hourly break-fix IT support is shrinking quietly but persistently. The driver isn't fashion — it's that the threat model has outgrown the model.

5.0
★★★★★ on Google · loading…
Read all on Google →