Pause. Probe. Protect – cyber resilience campaign

Posted on 16/02/2026

Cyber security isn’t just about IT systems or software updates. It’s about people, habits and what happens in everyday moments at work.

Most cyber incidents don’t start with a dramatic breach.
They start when someone feels rushed.
When a request feels familiar.
When something doesn’t feel quite right – but no one wants to slow things down.

That’s where the Pause. Probe. Protect campaign comes in.

Why this campaign is needed

Crime Stoppers South Australia and OpSys have partnered to help South Australian businesses strengthen cyber resilience by focusing on culture, behaviour and early action – not just technology.

Previous cybercrime awareness campaigns showed that businesses are increasingly aware of cyber risks. But they also revealed something else: many people are unsure who should act, when to act, or how to raise concerns safely.

Our campaign is about closing that gap.

What does Pause. Probe. Protect mean?

Pause. Probe. Protect is a simple framework that reflects how cyber risks actually arise – and how they’re most effectively prevented.

1. Pause – slow down when something feels urgent, unexpected or out of the ordinary.

• Scammers rely on pressure and routine.
• Pausing creates space to think before acting.
• Remember that ‘urgent’ doesn’t mean immediate.

2. Probe – ask questions, verify details and raise uncertainty.

• You don’t need proof.
• You don’t need technical expertise.
• If something feels off, that’s reason enough to check. It’s okay to ask.

3. Protect – act early and share patterns that could affect others.

• Near-misses matter.
• What looks small in one business may be part of a bigger pattern elsewhere. Patterns protect people.

Cyber safety is everyone’s job

In many small and medium businesses, there’s no dedicated cyber team – and that’s normal.

Cyber resilience lives with finance and payroll teams, admin and reception staff, managers and team leaders, and business owners and executives.

Often, the first person to notice something unusual isn’t an IT expert – it’s someone doing their job and paying attention. Strong cyber cultures make it safe for people to speak up early.

Scoll below or click on the URL to download your copy of a free Cyber Culture checklist.

The growing risk of impersonation

Today’s cybercrime often involves impersonation, where criminals pose as trusted suppliers, colleagues or organisations.

These attempts look professional and familiar, use urgency and authority and exploit routine processes. They don’t always look like scams – which is why culture and verification matter as much as technical controls.

What counts as a near-miss?

A near-miss is any situation where something could have led to cyber harm – but didn’t, because someone paused, questioned it or spoke up early.

Near-misses might include:

• An unusual request that was checked before acting
• A process that didn’t feel right and was questioned
• A pattern of messages that raised concern

Near-misses aren’t mistakes. They’re early warnings – and they’re valuable.

Make sure you scroll below or click on the link to download your free copy of our What counts as a Near Miss flyer.

How leaders can make the difference

Workplace culture is shaped by how concerns are handled.

When leaders thank people for speaking up, slow things down instead of rushing and focus on learning, not blame then people are more likely to raise concerns next time – and risks are caught earlier.

Our Guidance for Leaders flyer below is a free, handy resource for managers and supervisors.

When to report

If you notice repeated suspicious behaviour, impersonation attempts or patterns that could affect other businesses then report it anonymously to Crime Stoppers SA.

You don’t need certainty. You don’t need proof.
And you don’t need to share personal details.

Call 1800 333 000 or go online at https://crimestopperssa.com.au

FREE DOWNLOADS

Click the image above to download your Cyber Culture Checklist	Click the image above to download the Guidance for Leaders flyer	Click the image above to download the Near Miss flyer

CASE STUDIES

The following case studies are based on de-identified real-world situations where cyber harm was narrowly avoided. In each example, no money was lost and no systems were breached – because someone paused, questioned what they were seeing, or spoke up early.

	CASE STUDY 1: Local government contractor Q: What first caught your attention? It wasn’t dramatic. The email was short and polite, asking for a document to be resent because “the original couldn’t be opened”. That happens all the time. But it was sent outside usual hours, and it asked me to send it directly instead of uploading it like we normally do. Q: What made you pause? Honestly, it was just a feeling. Nothing obvious. But we’d recently talked about slowing down when something doesn’t follow normal process, so I didn’t rush it. Q: What happened when you checked? I contacted the supplier the next day through our usual channel. They hadn’t sent the email at all. Someone had been impersonating them to collect documents. Lessons learned: We realised that near-misses don’t always involve money. Sometimes they’re about access, information or testing boundaries. Speaking up early stopped something bigger from developing.
	CASE STUDY 2: Mid-sized health services provider Q: What raised concerns? A message came through explaining a “new internal process” for approvals. It looked professional and referenced real projects and names. It wasn’t asking for payment – just cooperation. Q: Why didn’t you just follow it? The process change hadn’t been mentioned anywhere else. No meeting, no email from leadership. That felt odd. Q: What did you discover? When we checked internally, leadership had no idea about it. The message was part of an impersonation attempt designed to change how requests were handled. Lessons learned: We learned that impersonation isn’t always about money straight away. Sometimes it’s about reshaping behaviour so future scams are easier. Questioning “new processes” became a cultural norm after that.
	CASE STUDY 3: Retail operations group Q: What happened? A junior staff member noticed a series of messages coming in that all felt slightly different – different wording, different timing – but nothing obviously wrong. They weren’t sure if it was worth mentioning. Q: What made them raise it anyway? We’d made it clear that uncertainty was reason enough to speak up. So, they mentioned it casually during a team check-in. Q: Why was that important? Once we compared notes, we realised multiple teams had received similar messages. Individually they looked harmless. Together, they showed a pattern of impersonation attempts.  Lessons learned: If that staff member hadn’t felt comfortable speaking up, we wouldn’t have connected the dots. Culture turned small observations into useful intelligence.
	CASE STUDY 4: Professional services firm Q: What made this situation tricky? The supplier email was almost identical to previous ones – same structure, same language. The only difference was a subtle change in how they asked for confirmation. Q: What stopped it from going further? Someone asked a simple question: “Is this how we usually do this?” That was enough to trigger a quick check. Q: What did you find out? The supplier confirmed they hadn’t sent it, and other clients had received similar messages. Nothing had gone wrong – yet.  Lessons learned: We realised impersonation often hides in familiarity. Our biggest defence wasn’t spotting errors but noticing when things drift slightly from normal.
	CASE STUDY 5: Small logistics business Q: What made you decide to report something that hadn’t caused harm? We noticed a handful of strange messages over a few weeks. None led to losses, but they felt connected. Q: Why not just ignore them? Because it felt like testing behaviour. Someone was seeing what would get through. Q: Why did reporting matter? We later learned other businesses were seeing the same thing. Reporting early helped build a clearer picture of what was happening. Lessons learned: You don’t need a loss to contribute to prevention. Patterns matter more than single events.

This campaign is a joint initiative by Crime Stoppers South Australia and OpSys, supporting South Australian businesses to build safer, stronger and more resilient workplaces.

---

---

YOU MAY ALSO LIKE TO READ