Cyber Horror Stories – Part 2: How An Unmanaged Laptop Created a Major Security Blindspot

Business Focus Podcast

Cyber Horror Stories: Part 2 – How An Unmanaged Laptop Created a Major Security Blindspot

Welcome back to Part 2 of our Cyber Horror Stories series with incident response expert Matt O’Kane.

In this episode, we dig into a real-world story from the pandemic era, when a marketing manager, a BYOD MacBook, and a fractured workplace relationship led to a messy cyber security and IP theft incident. Matt also walks us through the forensic dead-ends, poor device management, and missed logging opportunities that left this company exposed.

📌 Topics we cover: – Why unmanaged devices are a ticking time bomb – The hidden value of M365 compliance features – What data is actually worth protecting

Episode Highlights & Key Takeaways

• Why unmanaged devices are a ticking time bomb
• The hidden value of M365 compliance features
• What data is actually worth protecting
• Steps IT leaders can take to safeguard their organisations
• Why proactive cybersecurity is critical for business resilience

Follow us on our channels:

Intellectual Property Theft in Australia – A Case Study on Missed Cybersecurity Controls

Not all cybersecurity incidents in Australia come with red flags. Some quietly unravel, leaving you with no answers — and no evidence.

Welcome to Part 2 of our Cyber Horror Stories series. This week, cybersecurity expert Matt O’Kane returns with a story about a suspected insider threat, a factory reset laptop, and how a lack of device and Microsoft 365 management left an Australian company flying blind.

If your business operates in Sydney, Melbourne, Brisbane or anywhere across Australia — and you’ve shifted to hybrid or remote work — this one’s for you.

How a Pandemic and an Unsecured MacBook Left This Aussie Business Exposed

In early 2020, as COVID-19 forced businesses across Australia to go remote, a well-known brand told staff to “get what you can” when it came to devices. Stock shortages were hitting everyone.

One marketing director grabbed a MacBook from a local retailer. But because the device wasn’t purchased or provisioned by the company’s IT team, it never:

• Went through corporate onboarding
• Received security policies
• Was connected to backup or monitoring tools

This was a critical misstep that would come to bite them much later.

The Suspected Data Leak Months After Employee Departure

Fast forward nine months after the marketing director’s dismissal, and the business received a tip-off that confidential information was being quietly circulated.

There were no obvious signs of data exfiltration. But in Australia, intellectual property (IP) theft doesn’t often happen with blunt force. It’s more subtle, like with:

• Unusually high salary offers from competitors
• Hints of “bringing over” customer knowledge
• Quiet sharing of renewal dates or pricing models

And in this case? There was no way to confirm or deny anything.

Cyber Forensics Fails Without Microsoft 365 Logging and Device Control

When Matt was brought in to investigate, his team quickly hit two major roadblocks.

1. No Managed Device = No Evidence

The MacBook had been returned — but factory reset. With no endpoint management, there was no record of file access, downloads, or transfers.

2. Microsoft 365 Logs Were Gone

Due to the business’s basic Microsoft licensing, audit logs had only been retained for 30–90 days. By the time suspicions were raised, the digital trail had vanished.

Without logging or forensic access, it was legally impossible to request inspection of personal devices.

Why Microsoft 365 Licensing Matters for Australian Businesses

Many Australian SMEs (small to mid-sized enterprises) assume all Microsoft 365 plans are created equal.

But here’s the catch: the cheaper licences don’t include long-term logging, compliance tools, or DLP (Data Loss Prevention).

Matt often hears business owners say:

“Why would I pay $80 per month when I’m getting Word and Outlook for $10?”

The answer: you’re not just paying for Office — you’re paying for control, accountability, and legal protection.

The True Value of Intellectual Property for Mid-Market Australian Companies

This story is a cautionary tale not just about cybersecurity controls, but about how often businesses underestimate their own IP.

It’s not just patents and designs because IP includes:

• CRM and client lists
• Sales and pricing strategies
• Contract renewal schedules
• Internal proposal documents
• Marketing campaign playbooks

Once these assets leave your environment, they’re gone. And competitors know exactly how to use them.

Common Cybersecurity Gaps:

This incident could have been prevented with some simple, proactive security practices. Here’s where many companies fall short:

Device Management and Control

Unmanaged laptops = zero visibility. Any device used for work should:

• Be enrolled in mobile device management (MDM)
• Have remote wipe and monitoring capabilities
• Include disk encryption and data retention policies

Inadequate Microsoft 365 Licence Selection

Cheap licences come at a cost:

• Short log retention periods (as low as 7 days)
• No eDiscovery or activity history
• No alerts on file downloads or shares

No Data Loss Prevention (DLP) Policies in SharePoint or OneDrive

Even basic DLP features in Microsoft 365 can:

• Prevent confidential files from being emailed externally
• Restrict downloads of high-value documents
• Send alerts on unusual user behaviour

Lack of Data Mapping and Ownership

Many growing businesses don’t know:

• Where their critical data lives
• Who has access to it
• Whether it’s backed up
• How long it’s retained

What to Do if You Suspect a Data Breach in Your Business

If you receive a tip-off, you’ll need to act fast and with purpose.

But first, ask yourself:

• Do you have visibility over user activity in Microsoft 365?
• Can you determine who accessed what, and when?
• Do you have the legal grounds to investigate?
• Is your IT provider equipped to support forensic recovery?

If the answer is “no” to any of the above then you’re not ready. And once the trail goes cold, there’s little you can do to recover it.

Cyber Resilience for Australian Businesses: Prevention Over Cure

“You can’t always solve the case. Sometimes, the best investigation is simply good preparation.” – Matt O’Kane

This isn’t about creating a paranoid culture, it’s about sensible, well-scoped controls that let your team work freely and without leaving your organisation exposed.

How to Improve Cybersecurity Controls in Microsoft 365

1. Run a Microsoft 365 Security Assessment

Review your:

• Current licence tier
• Audit log retention settings
• Email forwarding and sharing policies
• External sharing settings in Teams and SharePoint

2. Map Your Intellectual Property

Identify:

• What data is commercially sensitive
• Who has access to it
• Where it’s stored
• If it’s monitored or backed up

3. Enable Basic DLP Policies

Use Microsoft Purview or your MSP to create:

• DLP policies on SharePoint/OneDrive
• Alerts on mass downloads or suspicious access
• Blocked actions on specific keywords or file types

4. Prepare a Data Breach Response Plan

Include:

• IT and cybersecurity contacts
• Legal and PR stakeholders
• Reporting templates
• Communication workflows

In Australia, you may be subject to Notifiable Data Breach (NDB) requirements, especially if personal information is involved.

IP Theft in Australia: A Silent and Growing Threat

Whether it’s a former employee walking out with a client list or subtle sharing of internal sales materials, IP theft is a serious risk to mid-sized Australian companies.

What’s worse is when it happens quietly, without ransomware or alerts, and without evidence to pursue any further action.

Final Thoughts: It’s Not About Paranoia, It’s About Preparedness

You can’t control what people do once they leave your business. But you can control:

• What data they can access
• How you track it
• How long you can investigate it
• Whether or not you’re in a position to respond

When in doubt, ask yourself:
“If this happened to us, could we prove what did or didn’t occur?”

If not, it’s time to take action.

Coming Next: Cyber Horror Stories – Part 3

In the final chapter of this series, we’ll explore a high-impact incident that nearly destroyed a business’s reputation — all because of a vulnerability they didn’t even know existed.

Need a Cybersecurity Audit for Your Business?

Our Cyber Health Check is designed for mid-market businesses across Australia, helping you:

• Secure your Microsoft 365 environment
• Protect intellectual property
• Understand your risk
• Improve your incident readiness

Available in:
Sydney | Melbourne | Brisbane | Perth | Adelaide

Let’s make sure your business doesn’t end up in the next Cyber Horror Story.