Email is still the front door.
Email is the most common starting point for a serious incident in any Australian SMB. The 2026 numbers are not subtle: Microsoft Threat Intelligence detected 8.3 billion phishing emails in Q1 alone, with QR-code phishing more than doubling quarter-on-quarter. The lures look better than ever — generative AI has killed the “watch for bad English” advice that anchored a decade of training. The defence has to live deeper than user vigilance: at the email gateway, at the authentication layer, and at the device boundary. Configured properly, it stops most attempts before the inbox; for the ones that get through, the failure mode is contained.
Generative-AI-crafted spear-phishing campaigns are now grammatically perfect and contextually accurate. QR-code phishing routes attacks off email and onto unmanaged personal phones — bypassing the email-security stack entirely. Business email compromise (BEC) targets payroll, accounts payable, and supplier-payment redirects. The financial impact of a single successful BEC on a mid-market SMB averages over $250,000.
Defender for Office 365 with Safe Links and Safe Attachments rewrites URLs and detonates attachments before they reach the user. Anti-phishing policies with impersonation protection block lookalike-domain attacks. SPF / DKIM / DMARC tuned to your domain so spoofed messages get rejected by Microsoft, Google and the rest. Conditional Access policies block sign-ins from unmanaged devices, so a phished credential can't be replayed against your tenant.
Continuous tenant monitoring through Defender XDR, with suspicious sign-ins, impossible-travel detections, and anomaly alerts surfaced to whedo.it. Quarterly phishing-simulation campaigns benchmark the team's response. Monthly tenant-health review checks Safe Links rewrite rates, impersonation-protection hits, and any drift in the baseline policies.
Each of the six topics covers a layer of the security stack. They work together — phishing defence assumes good identity, identity assumes endpoint compliance, endpoint compliance assumes the tenant is locked down properly.
30 minutes, your environment, no deck. Warren walks the phishing & email threats surface with you and tells you what it would take to lock it down properly. No follow-up unless you ask.
A Support Representative will get in touch.
A Support Representative will be in touch the same business day.
No deck, no pitch — walk your environment with a senior Australian practitioner. Confidential by default.
I built this business because I wanted to do Managed services properly — for a small number of clients, at a senior level, with the same person on the end of the phone every time. The work is too important and the stakes are too high for anything less.
Behind the formal qualifications: a Cyber Security degree from the University of the Sunshine Coast, currently working on my Master’s, plus a continuous stack of Microsoft, Acronis and Nerdio certifications — the ones that have to be renewed because the threats don’t stay still.
Behind the certifications: thirty years of doing the work. I cut my teeth in consulting, then went to Cisco on the team building the original iPhone — Cisco’s VoIP handset, the trademark Apple later acquired in the 2007 settlement. At TPG in 1999 I sold frame-relay networks when frame-relay was the cutting edge of business connectivity. I built and sold a Sydney-based MSP called Online IT before relocating to Perth.
Three decades of watching what’s actually changed and what hasn’t. The technology has changed almost beyond recognition. The principles haven’t. Identity first. Backup that has actually been tested. A senior practitioner who knows your environment. Calm in an incident. Honest answers when the answer is “no.”
That’s whedo.it. That’s the brief. That’s why long-tenure clients don’t leave.
— Warren Ephron, Director