
Sign up to save your podcasts
Or


A WA Office of the Auditor-General report (released 6 March 2026) found systemic Microsoft 365 security failures across seven state entities. Two concrete incidents: sensitive information about 32 people (including minors) was emailed to a third party who uploaded it to a later-compromised Dropbox; and a senior officer's M365 account was phished (weak MFA), leading to a business email compromise and a $71,000 fraudulent-invoice theft. The audit flagged weak governance, identity/access management, no broad DLP, poor logging and phishable SMS-based MFA. We turn it into practical guidance: phishing-resistant MFA, DLP, controlling unmanaged cloud storage, and BEC defences.
Worried about M365 hardening and BEC? Visit www.kinsoft.com.au to talk through your security and IT needs.
Sources: iTnews; Computer Weekly.
By Steven KinnasA WA Office of the Auditor-General report (released 6 March 2026) found systemic Microsoft 365 security failures across seven state entities. Two concrete incidents: sensitive information about 32 people (including minors) was emailed to a third party who uploaded it to a later-compromised Dropbox; and a senior officer's M365 account was phished (weak MFA), leading to a business email compromise and a $71,000 fraudulent-invoice theft. The audit flagged weak governance, identity/access management, no broad DLP, poor logging and phishable SMS-based MFA. We turn it into practical guidance: phishing-resistant MFA, DLP, controlling unmanaged cloud storage, and BEC defences.
Worried about M365 hardening and BEC? Visit www.kinsoft.com.au to talk through your security and IT needs.
Sources: iTnews; Computer Weekly.