Stop Zero-Click Attacks in Microsoft Outlook
Your business security is only as strong as your last update. This week, Microsoft released critical patches for two major vulnerabilities in the Outlook Preview Pane. These flaws are particularly dangerous because they are "zero-click" attacks. This means an attacker can compromise your system simply by sending an email that appears in an employee's preview pane. No link needs to be clicked and no attachment needs to be opened for the damage to begin.
At Cubit Cyber, we recommend that all Australian business owners verify their systems are up to date immediately. These Remote Code Execution (RCE) flaws allow hackers to gain control over your workstations from a distance. If your team uses Windows laptops or desktop PCs, you must ensure that Windows Update has been run and all Microsoft 365 security settings are fully configured and patched.
Secure Your Apple Devices and Mobile Fleet
It is not just Windows users who need to be on alert. Apple has also released significant security updates for iOS and macOS this week, fixing over 80 different vulnerabilities. One of the most critical fixes involves a bypass for "Stolen Device Protection." Previously, a thief with physical access to an iPhone could potentially bypass biometric security using only the device passcode.
For any small business cyber security strategy, mobile devices are often the weakest link. If an employee's phone is lost or stolen, these vulnerabilities could give a criminal access to your company passwords and sensitive data stored in the keychain. We advise all staff to update their iPhones and iPads to version 26.4 immediately. You should also enable "Security Responses & System Files" in your device settings to ensure you receive these lightweight patches as soon as they are available.
New OAIC Rules for Identity Document Storage
Beyond technical patches, there is a major regulatory shift happening in Australia. The Office of the Australian Information Commissioner (OAIC) has issued new guidance regarding the storage of identity documents like passports and drivers' licenses. As of March 31, 2026, businesses should no longer retain full copies or scans of these documents once the initial verification is complete.
This is a significant change for industries like finance, real estate, and professional services. Holding onto digital scans of identity documents makes your business a high-value target for hackers. If your business is breached and this data is stolen, the legal liability and notification costs will be far higher under the Australian Privacy Act. Cubit Cyber recommends auditing your onboarding process today. Move toward a system where you record that a verification event occurred, rather than keeping the digital file itself.
Practical Steps to Protect Your Business Today
Taking action now prevents a crisis later. Many business owners wait until an incident occurs to think about security, but by then, the costs have already spiralled. The average cost of a cyber incident for an Australian small business has now reached over $50,000. Following these three steps will significantly reduce your risk:
- Run Windows Update: Ensure every computer in your office has the latest Microsoft 365 patches installed.
- Update Apple Devices: Push the version 26.4 update to all company-managed iPhones and Macs.
- Audit Your Data: Identify where you are storing customer identity documents and begin a secure deletion process for any files that are no longer legally required.
Cubit Cyber provides managed security services that handle these updates and compliance checks for you, allowing you to focus on running your business. For endpoint protection beyond patching, read our guide on modern endpoint detection and response (EDR) — behavioural detection catches the threats that patches miss.
Is Your Business Fully Protected?
Security is a moving target. If you are unsure whether your business is compliant with the latest Australian regulations or if your systems are fully patched, we can help. Contact Cubit Cyber today for a professional security assessment to identify gaps in your defense before they are exploited.
Take our free M365 security assessment to see where your Microsoft 365 environment stands, and get a quote for your security assessment to discuss your specific risk profile with our team.