16 June 2026
ACA is committed to providing valuable resources that support members in their professional practice and everyday operations. In collaboration with Harvey Norman Technology for Business, we’re pleased to share practical guidance to help strengthen your technology safeguards.
Phishing remains one of the most common and successful cyber threats affecting Australian businesses and counselling practices are no exception. While many people associate phishing with obvious scam emails or poor grammar, today’s attacks are far more sophisticated, targeted, and difficult to spot. In 2026, phishing has evolved into a highly convincing threat that preys on trust, urgency, and everyday digital habits.
For counsellors, the risk is amplified by the nature of the information handled every day. Client records, session notes, and payment details, and sensitive personal information are all highly valuable to cyber criminals. Phishing attacks are often the first step attackers use to gain access to this data.
Modern phishing emails are designed to look legitimate. They may appear to come from trusted businesses such as banks, software providers, professional bodies, or even clients. Messages often reference familiar processes like invoice payments, document sharing, password resets, referrals or appointment confirmations, which makes them easy to mistake for normal communications.
In many cases, phishing no longer relies on random mass emails. Cyber criminals increasingly research their targets, tailoring messages to specific industries and roles. Small practices and sole practitioners are frequently targeted because they are less likely to have layered security controls or dedicated IT support in place.
The consequences of a successful phishing incident can be serious. A single click can expose login credentials, allowing attackers to access email accounts, cloud systems, or practice management software. From there, they may steal data, lock systems with ransomware, or impersonate the practice to clients. Beyond financial loss and operational disruption, the impact on client trust and professional reputation can be long‑lasting.
Phishing does not depend on technical failure it relies on human interaction. Even experienced professionals can be caught off‑guard, particularly during busy periods or when messages appear urgent or familiar. That’s why cyber security is no longer just a technical issue; it is an essential part of everyday operations.
The good news is that phishing risk can be significantly reduced with the right foundations in place. Simple measures such as strong access controls, email protection, regular updates, staff awareness, and secure backups make a meaningful difference. Risk mitigation frameworks like the Australian Cyber Security Centre’s Essential Eight exist specifically to help counsellors take practical, achievable steps to reduce cyber risk.
A Practical Phishing Awareness Check
Phishing is harder to spot because so many messages look normal. Instead of judging emails on appearance, use this quick check:
“What is this message asking me to do and what happens if I do it?”
Pay extra attention when a message asks for:
- a login (especially via a link or QR code)
- a payment or change to payment details
- an attachment or file you weren't expecting
- an approval outside your normal process
- a new "sign in to view" step for something you already access regularly, is unexpected, and asks you to click on a link
If it involves money, access, or credentials slow down and verify by contacting the company you regularly do business with.
How Harvey Norman Technology for Business Can Help
At Harvey Norman Technology for Business (HNTFB), we understand the unique challenges counsellors face when it comes to protecting sensitive client information. Many practices rely on digital systems every day but don’t have the time, resources, or specialist knowledge required to manage cyber security on their own.
Our managed IT and cyber security services are designed to make security practical and affordable using frameworks such as the ACSC Essential Eight, ensuring your systems are protected, meet Australian privacy requirements, and protect against common cyber threats.
As a member of the Australian Counselling Association (ACA), you are entitled to a complimentary Essential Eight Security Risk Assessment (valued at $499). This assessment provides clear visibility into your current security posture and practical recommendations tailored specifically to your practice.
Our team of experienced professionals works alongside you to:
- identify and reduce cyber risk
- strengthen protection of client records and communications
- support compliance with Australian privacy and security obligations
- provide ongoing guidance and support as your practice evolves