ITFR

17/12/2025

Cybercriminals love Christmas!
More online shopping, end-of-year fatigue, staff on leave, and rushed decisions make the holiday season one of the highest-risk times of the year for cyber attacks.
Before you switch off for the holidays, swipe through this quick carousel to see the most common Christmas security threats — and how to avoid them.
A few small checks now can save a very stressful start to the New Year.

06/10/2025

October is Cyber Awareness Month!

At IT First Responder, we’re running a special series highlighting compliance obligations across different industries and what they mean in practice.

To kick things off, let’s talk about the financial services industry.

As you know, under your AFS licence you carry legal obligations around compliance, governance, and cybersecurity. Meeting ASIC’s expectations isn’t just about ticking boxes, it’s about protecting client trust and safeguarding sensitive financial data.

Stay tuned as we share industry-specific insights throughout the month to help you stay compliant, resilient, and cyber-aware.

05/01/2025

As cybersecurity threats grow more sophisticated, organizations face increasing pressure to ensure their employees are well-prepared to identify and respond to phishing attacks.

Recently, Yarra City Council in Victoria undertook a simulated phishing exercise, sending employees an email offering a holiday e-gift card as a token of appreciation. Instead of a gift card, employees unwrapped a surprise assignment: mandatory ransomware awareness training! While the exercise aimed to educate, it sparked a heated debate about the approach.

On one hand, cybersecurity training like this is critical. Simulations that mimic real-world tactics can be an effective way to teach vigilance in a controlled environment. By using an enticing but deceptive email, the council attempted to prepare its team for the increasingly clever tactics used by cybercriminals.

However, the ex*****on raises valid concerns. Timing the simulation around the holidays—a time when many employees feel financial strain and anticipate seasonal rewards—has been criticized as insensitive. Australian Services Union deputy secretary Zoe Edwards noted that many workers felt humiliated, particularly lower-paid employees who might have been more likely to hope for such a gesture. Instead of festive cheer, they were greeted with a training deadline set for January 3, the first day back for many. Talk about a plot twist!

This situation highlights the fine line between effective training and maintaining employee trust and morale. While the intent to educate and protect is commendable, it’s crucial to approach such simulations with empathy and clear communication. Employees should feel empowered, not tricked or exploited, in the learning process.

At IT First Responder we believe cybersecurity training doesn’t have to be all “bait and switch.” We help organisations implement phishing simulations that balance realism with respect and even a touch of humor (where appropriate). Our goal is to create a culture of awareness without sacrificing trust or morale—no holiday grinch required.

If your organisation is considering a phishing awareness program, let’s chat! We’ll help you keep your team sharp, secure, and (mostly) smiling.

How does your organisation approach cybersecurity training? Let’s discuss!

01/01/2025

🚨 Cybersecurity Alert: Volkswagen Data Leak 🚨

Volkswagen Group’s software unit, Cariad, reportedly left terabytes of sensitive data from 800,000 electric vehicles exposed to the internet for months. This included precise location data—accurate to a few centimeters—for cars across Europe.

Here are the key takeaways for businesses:

1️⃣ Data Protection Is Non-Negotiable: Sensitive information like location data must be safeguarded with stringent security measures.

2️⃣ Proactive Monitoring Matters: Regular audits and real-time monitoring could have prevented months of exposure.

3️⃣ Supply Chain Security: As companies integrate more IoT and third-party solutions, security across the entire supply chain is essential.

4️⃣ Whistleblower Role: This leak was exposed by a whistleblower, showing the importance of fostering a culture of accountability.

5️⃣ Reputation and Legal Risks: GDPR and other regulations impose heavy penalties for data breaches, not to mention the impact on consumer trust.

As businesses embrace smart technologies, cybersecurity must remain a top priority. Don’t let data vulnerabilities drive your brand into a crisis.

🔒 Let’s make security a shared responsibility!

VW Group admits fault

25/03/2024

In the early days of cyber insurance, insurers entered the cyber market with minimal reservations, underestimating the complexity and risks of cyber threats, which led to significant financial losses.

Today, the narrative has changed dramatically. Insurers are now well aware of the high stakes of cybercrime and have tightened their criteria for cyber insurance policies. Businesses seeking cyber insurance must now navigate through rigorous assessments, detailing their cybersecurity measures through comprehensive questionnaires. These assessments have crystallized into five critical security measures that are non-negotiable for insurers.

Businesses seeking cyber insurance must now navigate through rigorous assessments, detailing their cybersecurity measures through comprehensive questionnaires. These assessments have crystallized into five critical security measures that are non-negotiable for insurers.

16/01/2024

6 Myths About Microsoft 365 Backup Debunked

Microsoft 365 has become an indispensable tool for businesses worldwide. However, the misconception that Microsoft 365 is inherently secure and doesn't require backup persists. Microsoft 365 offers robust infrastructure but doesn't guarantee foolproof data security. Accidental deletions, malicious attacks, and even system errors can jeopardize your vital business information. In the article we debunk the six common myths surrounding Microsoft 365 backup and shed light on the critical importance of safeguarding your data.

IT First Responder's Microsoft 365 data backup solution is designed to seamlessly integrate with your workflow and ensures comprehensive protection against data loss, user errors, and cyber threats. Don't let the myths surrounding Microsoft 365's inherent security jeopardize your business—invest in our robust backup solution that not only guarantees peace of mind but also delivers exceptional value.

Check out the full article below.

Microsoft 365 offers robust infrastructure but doesn't guarantee foolproof data security. In the article we debunk the six common myths surrounding Microsoft 365 backup.

09/01/2024

🚨Google Exploit Alert🚨

Security researchers have uncovered a hack that allows cyber criminals to gain access to users’ Google accounts without needing their passwords. A dangerous form of malware uses third-party cookies to gain unauthorized access to people’s private data, and is already being actively tested by hacking groups.

Google is recommending turning on Enhanced Safe Browsing in Chrome to protect against phishing and malware downloads. This mode is not saving any credentials on cookies session.

Our security analyst Adam Yilmaz also recommends accessing your Google accounts in private window, so your session and credentials aren't saved in cookies. Application security solutions such as ThreatLocker are also an effective way to protect yourself (apart from migrating to Microsoft 😉)

Did you know that all our endpoint security solutions include ThreatLocker as an additional layer of protection?

Check out the full article here

‘Exploit enables continuous access to Google services, even after a user’s password is reset,’ researcher warns

07/01/2024

Some tech stats that we found interesting to recap 2023.

04/01/2024

On December 5th, Nissan Australia and New Zealand announced a cyber incident on their website. The latest update, on December 22nd, confirmed unauthorized access to their network by a third party.

The extent of the breach and the data compromised, including employee information and confidential documents, is yet to be detailed. The Akira ransomware gang has claimed responsibility, threatening data leaks after Nissan's refusal to pay the ransom.

Individuals and businesses with ties to Nissan Oceania are advised to be alert to unusual online activities and report any suspicious events to the relevant cybersecurity centers.

IT First Responder offers assistance for those seeking to enhance their cyber protection.

19/10/2023

Small Business Technology Boost

Did you know that small businesses with an aggregated annual turnover of less than $50 million will be allowed an additional 20% tax deduction to support and digitise their operations for the 2022-2023 financial year.

Eligible expenditure may include, but is not limited to:

💻 Digital enabling items - computer and telecommunications hardware and equipment, software, internet costs, systems and services that form and facilitate the use of computer networks.
📈 Digital media and marketing – audio and visual content that can be created, accessed, stored, or viewed on digital devices, including web page design.
🛒 E-commerce – goods or services supporting digitally ordered or platform-enabled online transactions, portable payment devices, digital inventory management, subscriptions to cloud-based services, and advice on digital operations or digitizing operations.
🔒 Cybersecurity – cybersecurity systems, backup management, and monitoring services.

We hope that the ATO will extend this incentive for the 2024 financial year to encourage businesses to digitally transform even further!