Tech Talks With Kinsoft

WA Government – Systemic Microsoft 365 Security Failures


Listen Later

A WA Office of the Auditor-General report (released 6 March 2026) found systemic Microsoft 365 security failures across seven state entities. Two concrete incidents: sensitive information about 32 people (including minors) was emailed to a third party who uploaded it to a later-compromised Dropbox; and a senior officer's M365 account was phished (weak MFA), leading to a business email compromise and a $71,000 fraudulent-invoice theft. The audit flagged weak governance, identity/access management, no broad DLP, poor logging and phishable SMS-based MFA. We turn it into practical guidance: phishing-resistant MFA, DLP, controlling unmanaged cloud storage, and BEC defences.

Worried about M365 hardening and BEC? Visit www.kinsoft.com.au to talk through your security and IT needs.

Sources: iTnews; Computer Weekly.

...more
View all episodesView all episodes
Download on the App Store

Tech Talks With KinsoftBy Steven Kinnas