🔐 Cyber Security Tips in the Age of AI

AI has amplified both cyber‑defence and cyber‑crime. Attackers now use AI to automate phishing, craft personalised lures, probe networks, and find vulnerabilities faster than ever. At the same time, AI strengthens our ability to detect threats, automate responses, and enforce policy.

Below are action‑ready recommendations, that we regularly push for both our staff and customers.

1️⃣ Strengthen Identity & Access Controls

Conditional Access, MFA, and access logging are critical defences.

• Use Multi‑Factor Authentication (MFA) everywhere you can.
• Implement Conditional Access policies to control who/when/where/how users access data. This reduces your attack surface.
• Regularly review global admin roles, privileged accounts, and access logs to reduce blast radius in case of compromise.

Why this matters in an AI threat landscape:
AI-driven attacks can crack weak passwords, bypass poor access controls, and automate privilege‑escalation attempts. Strong identity controls are your front line.

2️⃣ Educate Staff on Safe AI Usage

A major AI risk: staff pasting sensitive business data into unsanctioned AI tools.

Teach your team to:

• Never upload internal documents into free or unapproved AI platforms.
• Sanitise input if AI assistance is required.
• Understand AI tools may hallucinate, fabricate facts, or mix data from unknown sources.
• Only use approved, vetted AI tools that meet your organisation’s privacy and data protection standards.
• Check if your AI tools have disabled the AI tool from using your data to train their model.

3️⃣ Stay Alert to Phishing & Social Engineering

AI allows attackers to craft highly personalised emails, deepfakes, and realistic messages.
‍

Be aware and on the lookout:

• Recognising and reporting phishing attempts.
• Exercising caution with external emails (e.g., “Caution: This is an external email…” security banner).
• AI can now fake voice and video, it can even respond in realtime with chat. If something seems off, verify.

Practical tips:

• Inspect the sender address carefully.
• Never click unknown links; hover first.
• If unsure, verify via a separate communication channel. (Pick up the phone and call)

4️⃣ Keep Devices & Software Updated

Out of date software may have security holes that hackers love to exploit.

AI malware can scan for vulnerabilities and exploit them within minutes of discovery.
Ensure:

• OS, browsers, plugins, and apps are always current.
• Servers are patched promptly.
• Endpoint protection is next‑generation (behaviour‑based, not signature‑based).

5️⃣ Protect Data with Governance & DLP Controls

Many cloud technologies like Microsoft 365 have some great tools for warning and/or blocking accidental or malicious sharing of data:

• Implemen Data Loss Prevention (DLP) and controlled who and what can be shared.
• Ensuring staff can’t accidentally share sensitive data externally.

With AI tools capable of ingesting and redistributing information, tightening data governance is essential.

Measures include:

• Restrict external sharing.
• Classify data with sensitivity labels.
• Enforce least‑privilege access.

6️⃣ Implement AI‑Aware Network Defences

Utilise new age firewalls and security software to block AI‑powered attacks at the network edge. AI can quickly create fake websites, hijack DNS and make something look real within seconds. But your browsers and web protection software can help you...

Key steps:

• Use DNS filtering to block malicious domains before connection occurs.
• Monitor abnormal DNS behaviour (AI can generate domain patterns at scale).

7️⃣ Train Continuously — Humans Are Still the Weakest Link

Training and awareness are essential, most cyber attacks utilise people to allow access to systems. So educating yourself and your team is important

• Regular cyber awareness training should be part of your organisations Cyber security measures.
• Training must cover reporting, role‑based access, suspicious online activity, safe collaboration, and AI usage.
• Reinforce messages frequently Remind people regularly.
• AI accelerates threats — your people must be just as fast in recognising them.
• Bring up recent cyber security attacks in staff meetings to remind people of the dangers

8️⃣ Strengthen Backup, Recovery & Business Continuity

Make sure you have multiple backups, online/offline and well protected, and make sure they work.:

• Regularly review and make sure your critical data (and personal data at home) are protected and backed up.
• Strengthening backup and recovery to meet RTO/RPO requirements.
• Test your backups and make sure they are working when you need them.

AI ransomware can encrypt systems faster than traditional variants — verified, offline, and recoverable backups are essential.

9️⃣ Review Vendor & Supply Chain Security

Make sure your vendors, suppliers and partners are practicing good cyber security:

• Any data you share with 3rd parties becomes at risk of their systems.
• Ensure your suppliers are cyber safe, as a critical outage for them could have a big impact on your business if they are key suppliers.
• Many attacks come from one organisation being compromised, and using the information found in that attack to target other companies with commercially sensitive information.

AI attacks often propagate through less secure suppliers.

‍

If in doubt, reach out to our team to see how we can help.