Tech Insights with Alisha Christian

Mercury IT

In today's rapidly evolving tech landscape, staying informed is more important than ever. "Tech Insights" by Mercury IT is your go-to podcast for expert analysis, industry trends, and actionable insights from top technology professionals.Whether you're interested in cybersecurity, IT infrastructure, emerging technologies, or digital transformation, this podcast covers it all. Tune in to stay ahead of the curve and navigate the complexities of the tech world with confidence. 

  1. 12H AGO

    AI’s New Tricks, Old Scams

    How criminals are using AI to scale familiar fraud! Think you can still spot a scam by bad grammar and odd phrasing? That edge is gone. We sit down to map how AI has supercharged classic fraud—making phishing emails flawless, internal chat messages feel authentic, and even voicemails sound exactly like your CFO. The twist? These same tools can help you work smarter, if you build the right guardrails and culture around them. We start with the modern account takeover, where compromised supplier inboxes deliver perfect‑looking document links that quietly steal credentials. From there, we break down mimicry and deepfakes: how a single headshot from a team page, plus a few seconds of public audio, can be turned into convincing video, full‑body movement from reference clips, and multilingual voice clones. This isn’t sci‑fi or enterprise‑only anymore—it’s affordable, fast, and good enough to fool busy teams. We share pragmatic defences you can apply today: limiting staff photos to low resolution, locking down external access in Teams and Slack, and verifying unusual requests through a channel you initiate. Culture sits at the centre of resilience. Urgency, authority, and secrecy are an attacker’s favourite levers—and they work best where questions are discouraged. We unpack zero trust in plain terms: verify the user, the device, and the context every time. And we explain why “healthy friction” beats speed when money or data is on the line. We also cover safe AI adoption—using an AI readiness assessment to find blind spots, enforcing clear policies, and pressing vendors on encryption, data isolation, and model‑training practices to prevent accidental data leaks. If you want concrete, real‑world steps—not fear—this conversation gives you a plan: broaden phishing awareness beyond email, harden default settings, train quarterly with fresh examples, and enforce dual control for sensitive actions. AI is a force multiplier on both sides. Use it to your advantage—without handing attackers the keys. If this helped, follow the show, share it with your team, and leave a quick review so more people can find it.

    33 min

  2. FEB 1

    AI, Sales, and the Human Touch

    AI can supercharge prospecting and polish your outreach, but it won’t replace the handshake that earns real trust. We sit down with Mercury IT’s Chief Sales Officer, Sally-Ann, to unpack how sales and marketing teams can move faster with ChatGPT, Copilot, and chatbots while keeping relationships at the centre of every deal. We start with the practical wins: speeding up lead identification, drafting clearer emails under pressure, and using paid AI tiers to protect sensitive data. From there, we dig into what machines still miss. Sally-Ann explains why in-person meetings and live events outperform online calls, how a buzzing room lets you bring specialists into conversations on the spot, and why that depth builds confidence you simply can’t manufacture through a screen. We also talk readiness. Many companies assume staff aren’t using AI when they already are. We share how to set policy, secure data, and train teams on ethics so AI enhances judgement instead of eroding trust. You’ll hear a rapid myth-versus-fact segment on chatbots, forecasting, and whether AI will replace sellers (spoiler: no), plus guidance on when to use automation for triage and when to switch to a human voice. If you care about pipeline quality, realistic forecasts, and relationships that last beyond the signature, this conversation will help you balance efficiency with empathy. Subscribe, share with a colleague who lives in their CRM, and leave a review telling us: what part of your sales process should never be automated?

    16 min

  3. JAN 6

    Cyber Risk at the Top: Why Boards Can’t Outsource Accountability

    A landmark privacy ruling just raised the bar for every Australian organisation handling personal data. We walk through the Australian Clinical Labs case—from the Medlab acquisition and the rapid breach that followed to the court‑affirmed penalties—and spell out what “reasonable steps” now look like when sensitive health and financial records are involved. The lesson is not abstract: legacy systems, weak MFA, poor patching, and unencrypted data turned a containable incident into a costly, harmful event. We share how ransomware evolved into double extortion, why backups are necessary but not sufficient, and how delayed investigation and notification magnify legal and reputational damage. You’ll hear practical guidance on reporting within 30 days, engaging the Australian Cyber Security Centre early, and using their support without fear of self‑incrimination. We also break down the $5.8m fine components, what the court prioritised, and why this outcome sets a floor for future actions under Australia’s privacy regime. Directors and boards are front and centre. Outsourcing cyber does not outsource accountability. We outline the questions every board should ask, draw on the Australian Institute of Company Directors’ guidance and the ASD’s new prompts for directors, and explain how the Essential Eight baseline would have cut several risk pathways. Beyond controls, we champion small data: keep only what you need, collect it through secure portals rather than email, set retention with automated destruction, and verify supplier security because liability follows your data. If you own risk in your organisation—CEO, director, CIO, CISO, or Practice Manager—this conversation will sharpen your priorities and your plan. Subscribe, share with your leadership team, and leave a review with the one change you’ll make this quarter.

    37 min

  4. 12/02/2025

    From Fake Stores to AI Scams: Your Holiday Cyber Safety Guide

    The festive rush is a gift to scammers: more shopping, more parcels, more “urgent” messages. We unpack the most common cons hitting inboxes and phones right now and show you how a short pause and a few simple checks can save your money and identity. From fake storefronts promoted through social ads to parcel “held at customs” texts, we explain how to verify senders, match domains, and trace your original order details so you never have to click blind. We also dive into charity impersonations that mimic trusted brands and campaign tools. You’ll learn a safer donation flow that bypasses risky links altogether, plus quick ways to spot hidden URLs and domain tricks on desktop and mobile. At work and at home, gift card scams remain a favourite: we outline the classic “CEO request,” the two-step verification that kills it, and why retailers warn customers at checkout. For tax season, we break down ATO-themed lures that play on your expectations and emotions, and we share a simple system to catch fraudulent credit checks early with credit file alerts. Scammers are levelling up with AI: voice-cloned calls and realistic video can sound and look like someone you love. We offer a practical defence you can set up at dinner tonight—a family code word—and we close with three cyber habits that outperform any gadget: keep devices and apps updated, use unique long passwords with a manager, and enable MFA or passkeys everywhere. If you’ve ever wondered what to do after you accidentally click, we cover that too: scans, resets, and when to call a pro. If this helped you feel more prepared for the holiday season, follow the show, share it with someone who needs a friendly heads-up, and leave a quick review to help others find us. Since recording the free credit service is no longer available. If you are still interested in protecting your credit identity visit here for more info

    36 min

  5. 11/04/2025

    Building A Cyber Career: Training, Mentors, And Real-World Lessons

    Curiosity, clear thinking, and a calm plan can beat even the smartest phishing email. We sit down with Trent, a cybersecurity analyst at Mercury IT, to map a practical path from the help desk to a rewarding security career, showing how real client problems, steady mentorship, and daily learning build the right instincts. If you’ve ever wondered whether certifications or degrees matter more than experience, or how AI is reshaping both attacks and defences, this conversation offers a grounded, human take. Trent shares why working the help desk was an underrated superpower: it reveals how systems behave, how people really click, and where gaps hide in plain sight. We dive into internal training and phishing simulations that catch staff on those Monday mornings and Friday afternoons, not to trick them, but to build habits that last. From translating jargon for clients to designing controls that aren’t “doom and gloom,” Trent explains how trust and empathy strengthen security far more than fear ever could. We also explore concrete steps for breaking into cyber: pick one certification aligned with your tools, pair it with hands-on practice, and seek out mentors who explain without talking down. Trent outlines how AI now powers convincing social engineering—and how defenders use automation to remove repetitive tasks and focus on higher-value analysis and incident response. For small businesses who still think they’re invisible, we walk through why size offers no safety and how preparedness beats panic every time. If this resonates, follow the show, share it with a teammate who needs a nudge toward better habits, and leave a review with the one security tip you think every business should adopt next.

    19 min

  6. 10/08/2025

    Ransomware, MFA & AI Risks: What Leaders Must Know

    Think backups will save you from ransomware? We pull back the curtain on how modern extortion really works, why downtime drags on for weeks, how reputational damage multiplies the cost, and where legal obligations kick in long after systems are back online. From there, we dig into the new reality of MFA: the gaps left in non‑Microsoft apps, fatigue attacks that turn push prompts into an open door, and adversary‑in‑the‑middle kits that steal tokens and skip MFA entirely. The fix is clear and achievable: move to phishing‑resistant MFA with hardware keys or passkeys, and bring your SaaS ecosystem under SSO and policy. Shadow IT and SaaS sprawl are the quiet risks most teams underestimate. Sales, marketing and developers adopt brilliant tools on free plans, often outside governance and logging. We share a simple approach to discover what’s in use, standardise on enterprise features, and set guardrails that protect data without slowing people down. AI sits at the centre of this shift. Staff are already using it, so we talk through practical policies, training, and why a paid, enterprise-grade platform is worth it for privacy and productivity. If you’re building bots or agents, you’ll hear how prompt injection bypasses guardrails, why targeted AI red‑teaming matters, and how to scope projects small to avoid the 95% failure trap. Regulation is rising too. We walk through the Notifiable Data Breach scheme, the SOCI Act for critical infrastructure, and sector standards for finance plus what “defensible position” really means for directors. Documentation, rehearsed response plans, and board‑level ownership turn abstract risk into action. Our aim is to give leaders a concise, workable plan: migrate to phishing‑resistant MFA, map and secure your SaaS supply chain, adopt safe AI with clear rules, and build evidence you can stand behind. If this helped clarify your next steps, subscribe, share it with your leadership team, and leave a quick review. Got a gap you want us to unpack next? Tell us and we’ll cover it.

    40 min

  7. 09/01/2025

    When Algorithms Meet Shadows: The Hidden Business Impact of AI

    The AI revolution is here, and it's already reshaping how businesses operate—whether you're aware of it or not. In this eye-opening conversation with cybersecurity expert Chris Haigh, we explore the startling reality that approximately 70% of employees are currently using AI tools without their company's knowledge or approval. We dive deep into the cybersecurity implications of this "shadow AI" phenomenon and why it represents a significant risk to your business. When employees feed company proprietary information or personally identifiable data into free AI models, this sensitive information can be used to train the models, potentially making it accessible to others. Even with paid versions of tools like ChatGPT, your data might still be training models unless you specifically change the default settings—a crucial tip that many business leaders miss. The discussion examines AI's dual nature as both a potential security threat—enabling more convincing phishing attempts—and a powerful tool for enhancing security operations. Before implementing AI solutions, businesses need thorough preparatory work including proper data classification, permission settings, and information governance. Without these foundations, AI tools might inadvertently expose sensitive information or bypass security controls. While most executives (78%) acknowledge that AI will be necessary for business growth, only 48% believe their organisations are prepared—and even that figure likely overestimates actual readiness. Chris outlines essential elements of an AI strategy that business leaders should prioritise developing before year-end, including auditing current usage, implementing appropriate policies, and providing adequate training. Register for Chris's upcoming live event on AI readiness to receive practical advice on building an AI strategy.  Access the free AI readiness assessment tool, and an AI usage policy template for your business here Don't wait until you're falling behind—now is the time to understand and prepare for AI's transformative impact on your organisation.

    28 min

  8. 08/05/2025

    Deepfakes & Zero-Days: Cybersecurity’s Darkest Threats!

    The cybersecurity landscape is evolving at breakneck speed, demanding ever-greater vigilance from organisations of all sizes. Our latest deep dive with cybersecurity expert Chris reveals three critical threats that will shape the digital battlefield in 2025. We begin by dissecting the SharePoint zero-day crisis that sent shockwaves through the security community. This sophisticated attack targeted on-premises SharePoint servers, allowing Chinese threat actors to bypass authentication protocols and compromise systems across universities, critical infrastructure, and government agencies worldwide. The incident highlights a sobering reality: even with perfect patch management and compliance, zero-day vulnerabilities can still leave you exposed. Chris emphasises that while robust defence is essential, having a well-rehearsed resilience plan is equally crucial when faced with inevitable breaches.  Supply chain vulnerabilities emerge as another significant concern through our analysis of the Allianz vendor breach. The discussion reveals how third-party security failures can directly impact your business operations and reputation. Chris delivers a wake-up call about vendor assessment, noting that under Australian law, you remain responsible for notifying customers of data breaches even when they occur through external suppliers. For smaller businesses, we explore how certifications like SMB 1001 offer an accessible framework for both demonstrating and verifying security compliance. Perhaps most alarming is the rapid evolution of AI-powered threats. Chris demonstrates how deepfake technology has become remarkably accessible, with voice cloning now requiring just three minutes of audio to create convincing replicas. While large organisations may be primary targets for sophisticated deepfake attacks, AI-enhanced phishing presents an immediate danger to businesses of all sizes. We explore how criminals are bypassing multi-factor authentication through methods like device code flow, which exploits legitimate Microsoft authentication processes. Have you evaluated your vendor security requirements or tested your incident response plan recently? Join us to discover practical steps for strengthening your cybersecurity posture against these emerging threats before they find the weaknesses in your defences.

    37 min
See All (16)

About

In today's rapidly evolving tech landscape, staying informed is more important than ever. "Tech Insights" by Mercury IT is your go-to podcast for expert analysis, industry trends, and actionable insights from top technology professionals.Whether you're interested in cybersecurity, IT infrastructure, emerging technologies, or digital transformation, this podcast covers it all. Tune in to stay ahead of the curve and navigate the complexities of the tech world with confidence. 

Information