Blogs

• Use strong, unique passwords for every account.
• Enable Multi-Factor Authentication (MFA) wherever possible.
• Avoid sharing passwords; use a reputable password manager.

• Keep operating systems and applications up to date.
• Apply patches promptly to close vulnerabilities.
• Remove unused or outdated software.

• Connect only to secure Wi-Fi networks.
• Use firewalls and antivirus tools.
• Avoid public Wi-Fi for sensitive tasks unless using a VPN.

• Verify sender details before clicking links or opening attachments.
• Report suspicious emails immediately.
• Never share sensitive information via email without encryption.

• Lock your screen when away from your desk.
• Enable encryption on all devices.
• Keep endpoint protection active (e.g., Defender, EDR tools).

• Store sensitive data securely and encrypt it in transit.
• Apply least-privilege access controls.
• Back up critical data regularly.

• Know how to report a suspected breach or phishing attempt.
• Familiarise yourself with the organisation’s incident response plan.
• Participate in phishing simulations and awareness training.

• Complete scheduled e-learning modules on cyber security.
• Stay updated on new threats and compliance requirements.
• Engage in refresher training sessions regularly.

Cyber threats are evolving, and human error remains one of the biggest risks. Our latest blog, “User Awareness Checklist for Cyber Security”, outlines practical steps to strengthen your organisation’s defence—covering password hygiene, phishing awareness, device security, and safe browsing habits. Empower your team with knowledge to prevent costly breaches.

Contact us today to discuss tailored security awareness training and managed solutions that keep your business safe.

In recent years, cyber threats are becoming more sophisticated, but the foundations of good cyber security remain surprisingly simple. Cyber hygiene refers to the routine practices and behaviours that help individuals and organisations maintain the health and security of their digital environments.

At Stiperstone, we believe that strong cyber hygiene is not just a checklist—it’s a mindset. And with the support of AI technologies, maintaining that mindset has never been more achievable.

Cyber hygiene is much like personal hygiene. It involves regular, proactive habits that prevent problems before they arise. These habits form the first line of defence against cyber incidents, from phishing attacks to ransomware.

Key elements include:

• Using strong, unique passwords
• Keeping software and systems up to date
• Backing up data securely
• Training staff to recognise threats
• Monitoring for unusual activity

These practices may seem basic, but they are often the difference between a minor inconvenience and a major breach.

Artificial Intelligence is transforming the way we approach cyber security. As your Managed Service Provider, we integrate AI tools to make cyber hygiene smarter, faster, and more effective.

Here’s how:

1. Intelligent Threat Detection

AI continuously monitors systems for suspicious behaviour, identifying threats before they escalate. This allows for faster response times and reduces reliance on manual oversight.

2. Automated Updates and Patching

Keeping software up to date is critical. AI can automate patch management, ensuring vulnerabilities are addressed promptly without disrupting operations.

3. Behavioural Analysis

AI tools learn typical user behaviour and flag anomalies—such as unusual login times or access patterns—that may indicate a breach.

4. Enhanced Training and Awareness

AI-driven simulations and adaptive training platforms help staff stay alert to evolving threats, tailoring content to individual learning needs.

Good cyber hygiene isn’t just about technology, it’s about people. We help organisations embed security into their culture, empowering teams with the tools and knowledge they need to stay safe.

This includes:

• Regular awareness training
• Clear policies and procedures
• Support for secure remote working
• Ongoing guidance from our expert team

🔐 Password Management

• Use strong, unique passwords for each account
• Enable multi-factor authentication (MFA)
• Use a reputable password manager

🧼 System and Software Maintenance

• Keep operating systems and software up to date
• Regularly patch vulnerabilities
• Remove unused or outdated applications

🛡️ Network Security

• Use firewalls and antivirus software
• Secure Wi-Fi networks with strong encryption
• Segment networks to limit access

📚 User Awareness and Training

• Conduct regular cyber security awareness training
• Educate staff on phishing and social engineering tactics
• Promote a culture of security-first thinking

📁 Data Protection

• Encrypt sensitive data at rest and in transit
• Implement access controls and permissions
• Back up data regularly and securely

🔍 Monitoring and Response

• Monitor systems for unusual activity
• Set up alerts for potential threats
• Have an incident response plan in place

🤖 AI and Automation Support

• Use AI tools to detect and respond to threats faster
• Automate routine security tasks like patching and monitoring
• Analyse user behaviour to identify anomalies

Cyber hygiene is not a one-time effort—it’s an ongoing commitment. With AI as your ally and Stiperstone as your partner, you can turn best practices into everyday behaviours that protect your business from the inside out.

Let’s talk about how we can help you build a resilient, security-first organisation.

Artificial intelligence is the current headline technology of the 2020s. With so many ways for organisations to use AI, making sure that you’re up to date with the latest advancements in AI will ensure that you have an edge against the competition.

Microsoft’s sensational AI productivity tool — Microsoft 365 Copilot — is shaping the way organisations do things. With so many functionalities and tools available with just a simple prompt, it’s making workflows far more efficient while also providing a host of new knowledge and power to the workplace.

As Copilot is integrated into all of the Microsoft 365 applications, in this article, we’ll be going over the top 5 use cases for Copilot within Microsoft Teams, to ensure that you can make the most of your organisation’s communications and collaboration capabilities by empowering them with AI.

Summarise Meeting Notes

Microsoft Teams is the epicentre of the workplace meeting. These meetings are vital — but, the only way you can take advantage of the meeting is by taking what was said in the meeting and applying it. This is why notes are so handy, as they let you turn what is essentially a discussion into an actionable list.

However, taking meeting notes can be a pain. Keeping up with everything that’s been said is difficult, and you might miss key details or even just have notes that are messy and aren’t clear.

Microsoft Copilot lets you turn your Microsoft Teams meeting into a bunch of summarised notes with just a simple prompt. All you have to do is ask — either during the meeting or afterwards in the recap screen — with a simple prompt such as ‘Summarise the meeting in simple notes’, and Copilot will do the rest.

You can also further this by customising your prompts to better suit your needs. For example, if you want to summarise the meeting and create a list of locations mentioned, you can ask Copilot to do so and it will.

Catch-up when Attending Late

Sometimes, being late can be unavoidable. Even the most organised people sometimes get hit by delays, clashes, or even traffic. Microsoft Copilot will easily ensure that you’re able to catch up with what you’ve missed, by summarising it for you so you can ensure that you’re in the loop as you go forward.

All you have to do is ask Copilot to ‘summarise the meeting so far, with all the key points’ and it will do so, giving you everything that you need to be involved in the conversation. You can also use Copilot’s meeting recap capabilities afterwards to go over everything that you’ve missed, making sure that you’re clear about everything that was discussed.

Using Chat to Create Agendas

As much as post-meeting actions are important, ensuring that your meeting is productive and successful is also vital. This is done by using an agenda — and Microsoft Copilot helps you make agendas faster than ever.

All you need to do is ask Copilot to make an agenda for a meeting — such as ‘make an agenda for my meeting with Claire about business operations’ — and it’ll use your organisational data to make an effective agenda.

You can then chat with Copilot to adjust this however you need — simply just talk to your Copilot to tell them exactly what you want from your agenda, to make sure it’s perfect. By doing so, you can create a much better and more in-depth agenda far more quickly than having to do it yourself.

Capture and Assign Actions

As mentioned previously, you can use Copilot to summarise meeting notes and ensure that the post-meeting actions are clear. However, you can also use Copilot to capture exactly who is meant to do what action — and have it presented.

By doing so, everyone is clear about what they need to be doing, meaning the meeting will have been more productive and effective — and all it takes is a simple prompt.

All you need to do is ask Copilot to ‘summarise everyone’s post-meeting actions’ and it will do so, meaning that you can have a clear list of who is meant to do what without having to remember back or relying on notes — and preventing responsibilities from getting tangled.

Catch-up on Messages After Leave

When you’re on company leave, you miss a lot of information. And while you can use your emails and memos to get a good idea of what you’ve missed, you simply miss a lot of the day-to-day conversations. However, going back through missed Teams messages can just take time and be confusing.

Copilot helps with this immensely. You can simply ask Copilot to ‘summarise everything I’ve missed in the R&D chat since I went on vacation’ and Copilot will do the rest — giving you a summary of everything that’s happened since you went away.

However, going further than this, you can also ask Copilot if certain things have been discussed or addressed in that time. Simply just ask a question, such as ‘has the R&D team developed the second prototype name since I went on vacation?’ and Copilot will be able to use its organisational data to be able to work out the answer.

Microsoft 365 Copilot is a strong piece of technology that truly enriches Microsoft Teams, and lets you take the capabilities of the premier communications software to the next level. Using Copilot, you can easily shorten tasks that would take hours, and make sure that you’re in the loop at all times, no matter what.

If you’re looking to take advantage of Copilot but don’t know where to start, reach out to us today. Our experts are here to help you get started, and will make sure that Copilot is set up properly within your organisation — while also answering any questions you may have.

In today’s digital landscape, social engineering remains one of the most potent tools in a cyber criminal’s arsenal. But with the rise of artificial intelligence (AI), the threat—and the defence—has evolved dramatically. This blog explores how AI is reshaping social engineering, drawing on insights from recent training materials and the latest cybersecurity intelligence.

At its core, social engineering is the art of manipulating people into revealing confidential information or performing actions that compromise security: attackers exploit human psychology—trust, urgency, fear of missing out—to trick individuals into clicking malicious links, sharing credentials, or transferring funds.

Common tactics include:

• Phishing: Mass emails or texts designed to lure victims into clicking malicious links.
• Spear Phishing and Whaling: Targeted attacks on individuals or executives.
• Business Email Compromise (BEC): Impersonation of trusted contacts to request fraudulent payments or sensitive data.

These attacks often bypass technical defences by exploiting the “human loophole.”

AI has supercharged traditional social engineering in several alarming ways:

1. Hyper-Realistic Phishing

Generative AI tools can now craft phishing emails that are grammatically perfect, contextually relevant, and visually indistinguishable from legitimate communications. Attackers use AI to mimic tone, branding, and even writing styles.

2. Deepfake Voice and Video

Voice cloning and deepfake video technologies allow attackers to impersonate executives or colleagues in real-time, issuing fraudulent instructions via phone or video calls. This has led to a surge in voice phishing (vishing) attacks, where cloned voices are used to pressure employees into urgent actions like transferring funds or revealing credentials.

3. Automated Reconnaissance

AI can scrape social media and public data to build detailed profiles of targets, enabling highly personalised spear phishing campaigns.

4. Thread Hijacking at Scale

Attackers can use compromised inboxes to hijack email threads – AI can automate this process, scanning for keywords like “Re:” and crafting believable replies laced with malware.

Deepfake Detection Becomes Critical

With deepfakes now a common tool in social engineering, organisations are investing in detection tools and analogue verification protocols—such as confirming requests via known phone numbers or in person—to counteract this threat.

AI Governance and Policy Enforcement

As AI tools become embedded in daily operations, organisations must implement governance frameworks. This includes:

• Clear policies on AI use and data handling
• Regular audits of AI-generated content
• Training staff to recognise AI-generated threats

Leadership must embed these practices into organisational culture to ensure resilience.

Ransomware-as-a-Service (RaaS) and AI

Ransomware groups are using AI to identify high-value targets and optimise attack timing. AI also helps craft persuasive ransom notes and automate malware distribution, making patch management and incident response planning more critical than ever.

Insider Threats and AI Misuse

AI tools can be misused by insiders—either maliciously or unintentionally. For example, an employee might use a generative AI tool to summarise sensitive internal documents, inadvertently exposing confidential data. Organisations are now monitoring internal AI usage and applying data loss prevention (DLP) tools to mitigate this risk.

Fortunately, AI is also a powerful ally in defence. Here are key strategies organisations are adopting in 2025:

1. AI-Powered Detection

Defensive AI tools can analyse communication patterns, detect anomalies, and flag suspicious behaviour in real time—often before a human would notice.

2. Zero Trust Architecture

Implementing zero trust principles—where no user or device is automatically trusted—helps limit the damage from compromised accounts.

3. Multi-Factor Authentication (MFA)

MFA remains a cornerstone of defence, making it harder for attackers to exploit stolen credentials.

4. Enhanced Awareness Training

Training must evolve to teach employees how to spot AI-generated content, including deepfakes and hyper-realistic phishing. Awareness is no longer about spotting typos—it’s about questioning even the most convincing messages.

5. Monitoring and Governance of AI Systems

Organisations must inventory and monitor their own AI tools to prevent misuse or compromise, including guarding against data poisoning and prompt injection attacks.

The goal isn’t to memorise every attack type—it’s to cultivate a mindset of healthy scepticism. Social engineering thrives on trust. In an AI-powered world, that trust must be earned, verified, and never assumed.

Whether at work or in your personal life, vigilance is your best defence.

In an increasingly interconnected digital world, the strength of your cyber security is only as robust as the weakest link in your supply chain. Recent events have once again brought this reality into sharp focus—most notably, the cyber attacks on UK retail giant Marks & Spencer and global sportswear brand Adidas.

According to the Financial Times, Marks & Spencer attributed its breach to a supplier vulnerability, which is expected to cost the company approximately £300 million in operating profit for the 2025/26 financial year.

Just weeks later, Adidas disclosed that a third-party customer service provider had been breached, exposing customer data from individuals who contacted Adidas support centres in Turkey and South Korea in 2024 or earlier.

The compromised data included names, email addresses, phone numbers, and the content of customer service messages.

These incidents underscore a critical truth: even the most sophisticated internal defences can be bypassed if third-party partners are not held to the same security standards.

Supply chain attacks occur when cybercriminals infiltrate an organisation by targeting its suppliers, vendors, or service providers. These attacks exploit the trust and access granted to third parties, allowing malicious actors to bypass perimeter defences and gain entry to sensitive systems.

As outlined in a recent article by SentinelOne, these attacks can be software-based—injecting malicious code into updates or libraries—or hardware-based, compromising devices during manufacturing. The infamous SolarWinds breach is a textbook example, where attackers inserted a backdoor into a software update, affecting thousands of organisations globally.

Several factors make supply chains attractive targets:

• Weak Security Controls: Many vendors lack robust cyber defences, making them easier to compromise.
• Lack of Visibility: Organisations often have limited insight into their suppliers’ security postures.
• Complexity and Scale: The more vendors you work with, the larger your attack surface becomes.
• Trust Exploitation: Once inside, attackers can move laterally across networks, often undetected.

A recent article from Calcalist Tech highlights how attackers are increasingly targeting the “soft underbelly” of organisations—third-party providers who may not be subject to the same rigorous security protocols. In fact, 62% of network intrusions now originate from third-party sources, with financial impacts exceeding those of direct breaches due to reputational damage and business disruption.

Mitigating supply chain risk requires a multi-layered approach:

1. Vendor Risk Assessments: Regularly evaluate the security posture of all third-party partners.
2. Zero Trust Architecture: Never assume trust—verify every user, device, and connection.
3. Continuous Monitoring: Use tools that provide real-time visibility into third-party activity.
4. Contractual Security Clauses: Ensure vendors are contractually obligated to meet specific security standards.
5. Incident Response Planning: Include third-party breach scenarios in your response playbooks.

At Stiperstone, we’ve seen first hand how devastating supply chain attacks can be—not just in terms of financial loss, but in eroding customer trust and operational resilience.

If you’re unsure about the security of your own supply chain, don’t wait for a breach to find out. Contact Stiperstone today for expert guidance on securing your digital ecosystem. Our team can help you assess your current risks, implement best practices, and build a resilient supply chain that supports—not threatens—your business goals.

Artificial intelligence is a now a significant aspect of the modern business world. After all, with so many new innovations and ways to empower your business, AI’s benefits cannot be understated.

When combined with the other most important part of your business, your data strategy, AI can be one of the key technologies in helping your business prosper. Especially with new tools such as Microsoft Fabric, there are now more ways than ever to take advantage of AI’s data capabilities.

In this blog, we will go over everything you need to know about building a robust strategy. We’ll tell you why it’s important to have one and how you can easily leverage Microsoft Fabric to supercharge your business.

Data is at the heart of your business, and is the information that flows through every decision that you make and every step that you take. Making sure that you have a robust data strategy will ensure that you can easily leverage the power of data to make the best decisions possible.

Here are a few ways that having a data strategy can be such a valuable asset:

• Informing your decision making: A strong data strategy will ensure that all of the information and data that you have can be used easily to make decisions based on evidence and grounded in data.
• Efficiency: A data strategy will streamline your data management process and minimise any errors and low-quality areas throughout your data handling process.
• Compliance: With so many compliance regulations becoming commonplace, a data strategy will ensure that all data is handled correctly, which will ensure that you don’t end up falling in breach of compliance.

By investing in your data strategy, you ensure that all of the data that you are using is optimised, handled correctly, and easy to use within your decision-making process.

Data management is the core of any good data strategy, as it refers to the wider way in which you manage your data and ensure that it is accurate, available, secure, and usable.

By ensuring that you have strict data management rules and robust processes, you can keep your data in a state that makes it both easy to use and organised enough for easy indexing, governance, and integration across the board.

Without having a robust data management system in place, you cannot even begin to look at other aspects of your data strategy, data management is the core of everything, and it’ll define your whole strategy.

Data integration is the process of bringing together data from different sources into one unified place, enabling your whole organisation to consistently access all of your data.

This helps with analytics, reporting, and getting a wider picture of your organisation’s data to make decisions, as one piece of data won’t be enough to make well-thought-out decisions and observations.

Failing to consider data integration will mean that you’ll fail to meet your full potential, making your data much less valuable than it could’ve been. By bringing your data together, you can connect the dots and make much more valuable observations, letting you innovate and take a step into the future, and ahead of your competition.

Data governance is the act of managing data regarding security and responsibility. It essentially ensures that data meets all security requirements and regulatory rules to ensure the sanctity and integrity of your data.

This is vital, as governance means that you can rest assured that the data you’re using is both safe and secure. Part of this is accountability, and making sure that everyone within your organisation has clear roles and responsibilities, democratising the role of data management throughout your company.

In the modern world, governance has become hugely important. Failing to focus on governance will lead to a host of security, compliance, and integrity issues and will ultimately compromise your data and your business altogether.

Being one of the leaders in AI in the modern world, Microsoft has taken AI-based data strategisation to the next level. Microsoft Fabric is a Software as a Service (SaaS) based data platform that is designed to help revolutionise your data strategy by bringing all components of it together, powered by OneLake.

OneLake is a centralised data lakehouse, which allows you to bring data from anywhere within your organisation together with ease. Instead of having to utilise data silos, Fabric and OneLake ensure that your data is consistent across all tools and even supports both structured and unstructured data in tandem.

With this, you can take advantage of the many AI features that supercharge your data and its power, from machine learning through Microsoft Azure, to Power BI, creating democratised analytics. By using Fabric, you can utilise your data throughout the Microsoft data intelligence ecosystem, taking advantage of the powerful tools that Microsoft has developed to help businesses take control of their data.

Finally, Fabric is scalable, much like the Azure ecosystem that it’s built upon. This means it’s adaptable to your needs and can support massive data workloads if necessary, allowing you to reach your full potential without having to worry if your infrastructure can support it. Microsoft has built their platform with scaling in mind, and will accommodate your growth to its highest limit.

Microsoft Fabric is an essential component of any organisation’s data strategy, and allows you to take advantage of a data ecosystem that pushes your business’s data potential to the next level. By utilising your data effectively, you can make better decisions and break barriers that’ve never been broken before.

If you’re looking to get started with Fabric and Azure and need a helping hand, reach out to us today. We’re here to help and to ensure you have everything you need to succeed with your data strategy.

Get in touch with us now and see how we can help.