The “Session Cookie” Hijack: Why MFA Can’t Always Save You
MFA is a strong front-door lock. But it’s not the only thing that decides whether someone can get in. After you sign in, your browser keeps you logged in using a session token (often stored as a cookie). It’s the digital version of a wristband at an event: once you’ve been checked, the wristband proves you belong there. If an attacker steals that wristband, they … Continue reading The “Session Cookie” Hijack: Why MFA Can’t Always Save You
“Make No Mistakes” and Other Things That Don’t Work
There’s a running joke online that the trick to getting good work out of ChatGPT or Claude is to tell it to “make no mistakes.” Sometimes it gets dressed up — “you are a world-class expert, take a deep breath, and make no mistakes” — but the punchline is always the same. Say the magic words and the machine stops being lazy. It’s a good … Continue reading “Make No Mistakes” and Other Things That Don’t Work
The “Legacy Debt” Audit: Identifying the 3 Oldest Risks in Your Server Room
The most dangerous thing in a server room is often the phrase, “Don’t touch that.” It’s usually said with a half-joke and a grimace. It refers to the old box that “still works”, runs something important, and has survived so many fixes and workarounds that nobody feels confident changing it anymore. That’s legacy debt. Not just “old tech”, but old tech that’s become a dependency. … Continue reading The “Legacy Debt” Audit: Identifying the 3 Oldest Risks in Your Server Room
The “Backup Exit” Strategy: Can You Move Your Data Without the Vendor’s Help?
When you first sign up for a software-as-a-service (SaaS) platform, everything is designed to feel effortless. The problem is that the first real test of a SaaS relationship isn’t the onboarding. It’s the exit. For many small businesses, the front door is wide open, but the emergency exit is bolted shut: exports are incomplete, key data sits in proprietary formats, and leaving requires expensive vendor … Continue reading The “Backup Exit” Strategy: Can You Move Your Data Without the Vendor’s Help?
Micro-SaaS Vetting: The 5-Minute Security Check for Browser Add-ons
Browser add-ons have a funny reputation. They feel “small”. A quick install. A tiny productivity boost. A harmless little helper that lives in your toolbar. But in practice, a browser extension is more like a micro-SaaS vendor sitting inside your browser session. It can see what you see, interact with the pages you open, and sometimes access the same cloud apps your business runs on … Continue reading Micro-SaaS Vetting: The 5-Minute Security Check for Browser Add-ons
Microsoft 365 phishing is spreading through church organisations. Here’s how to spot it.
Over the past week we’ve watched a phishing campaign tear through Sydney’s Christian church networks. It’s clever, it’s working, and your email filter won’t stop it. Here’s why, and what to do. The mechanic An attacker compromises one Microsoft 365 mailbox — usually because someone earlier in the chain fell for a phishing email and handed over their password. Once they’re in, they use the … Continue reading Microsoft 365 phishing is spreading through church organisations. Here’s how to spot it.
LinkedIn “Social Engineering”: Protecting Your Staff from Fake Recruitment Scams
A fake recruiter message is one of the cleanest social engineering tricks around because it doesn’t look like a trick. That’s why LinkedIn recruitment scams work so well inside real businesses. They don’t arrive as malware. They arrive as a normal conversation that nudges someone toward one small action: click this link, open this file, “verify” this detail, move the chat to a different app. … Continue reading LinkedIn “Social Engineering”: Protecting Your Staff from Fake Recruitment Scams
Securing your business in the AI Era
Join Andrew Yager and Phil Meyer from Catalyst 345 as they talk about how to use the Microsoft Ecosystem to deliver Secure AI in your business. Continue reading Securing your business in the AI Era
“Clean Desk” 2.0: Securing Your Home Office from Physical Data Leaks
In the traditional office, a “Clean Desk” policy was a simple habit: shred the sensitive stuff, lock it away, and don’t leave passwords where someone can see them. In 2026, the same idea still matters but the “desk” has changed. For many teams, the home office is now the default workspace, and that means physical access can quickly become digital access. An unlocked screen, a … Continue reading “Clean Desk” 2.0: Securing Your Home Office from Physical Data Leaks
The Essential Checklist for Securing Company Laptops at Home
At home, security incidents don’t look like dramatic movie hacks. They look like stepping away from your laptop during a delivery, or leaving it unlocked while you grab something from another room. Those ordinary moments, repeated over time, are how work devices end up exposed. A remote work security checklist focuses on simple, practical controls that hold up in real life. Put it in place … Continue reading The Essential Checklist for Securing Company Laptops at Home