Reading Time: 6 minutes

How Copilot Can Boost Your Company’s Cyber Security Efforts

15th October 2024

Reading Time: 6 minutes

“Copilot can help a company with its cyber security posture”

The following 5 questions were sent to me, so, I met up with Nick Hayes, Offensive Security Director at Cyber Security Associates to get his take on just how Copilot can help a company with its cyber security posture. Nick, is a seasoned Technical Leader in the Cyber Security industry, he specialises in driving strategic growth and innovation within organisations.

Copilot ensures that your passwords are unique and difficult to crack

GJ: How can Copilot assist in creating strong passwords?

NH: For users looking to understand security and protect their network, Copilot can be a major asset in designing your business passwords.

Passwords are at the heart of everything we do in IT and, unless you’re using a password manager to store them safely, it can be hard to remember them all. So, people often opt for the easy option and use something simple. Lots of people don’t understand the value of a secure password; they might just use “123456789,” but hackers know that.

Copilot can be really useful in providing you with guidance in designing a password. It might suggest that you use three numerals, three letters and three special characters, or seven numbers and seven characters and in what order.

Additionally, Copilot can help you generate passwords that are both strong and memorable, reducing the risk of breaches. By leveraging advanced algorithms, Copilot ensures that your passwords are unique and difficult to crack, enhancing overall security. This proactive approach helps prevent unauthorised access and protects sensitive information.

Peace of mind

GJ: How can Copilot help me secure my personal devices?

NH: Back in the day, you would have read an article or a how-to guide, but it can be a rather tedious process doing it that way. It’s all in how you frame the question to Copilot; they call it prompting.

So, if you ask Copilot to create a basic outline policy for managing 15 iPhone or Android devices, it will provide you with step-by-step instructions on how to get there. Your Copilot prompt could be: what kind of profile should it look like, what device restrictions should I have, for example, you might mandate that your team use lengthy passcodes and not just four-digit numbers.

You can ask Copilot to mandate that biometrics are OK, or what applications can run and which ones can’t. Can users install Angry Birds or not? Let Copilot know exactly what you want to achieve, and it will provide you with the exact steps you need to follow.

Moreover, Copilot can assist in setting up remote wipe capabilities, ensuring that if a device is lost or stolen, sensitive data can be erased immediately. This adds an extra layer of security, giving you peace of mind.

Can users install Angry Birds or not?”

Is this page malicious?

GJ: What advice can Copilot give on safe browsing habits?

NH: Microsoft Edge has a native Copilot extension, but not everyone uses Edge. Some people prefer Chrome, which doesn’t have Copilot integration. However, you can still ask Copilot to analyse web pages. For instance, if you visit a page that seems suspicious, you can ask Copilot, “Is this page malicious?”

While Copilot can’t directly analyse the website itself, it can provide guidance on what to look for. Some AI extensions can analyse websites directly, but Copilot offers general advice. For example, you can ask it to check the URL for signs of legitimacy. Does it say microsoft.com, and is it really microsoft.com? Ensure the site uses HTTPS, indicated by a padlock icon, which means the site is secure and uses encryption.

Although Copilot doesn’t offer deep-level protection, it can prompt you with useful questions and tips to help you identify potentially malicious sites. This way, you get decent information on what to be cautious about online.

How can I perform a security audit on my network?

GJ: How can Copilot help me identify potential security threats?

NH: Copilot can be incredibly valuable in identifying potential security threats. It can provide both general advice and specific. You can get it to generate a list of actionable steps to enhance your cyber security posture. For instance with:

Cyber Hygiene Training: Ask Copilot for basic cyber hygiene training. It can generate a list of best practices:

Threat Detection: Copilot can help identify potential threats by analysing patterns and behaviours. For instance, you can ask, “What are some signs of a phishing attack?”

Security Audits: You can request Copilot to guide you through a security audit with a step-by-step checklist. For example, “How can I perform a security audit on my network?”

It can be really useful when you look at Incident Response Planning: You know in the event of a security incident, you might ask Copilot, “What should I do if I suspect a data breach?” So, it can outline some steps for you.

What about Regular Updates and Alerts: Copilot can keep you informed about the latest security threats and vulnerabilities and provide you with updates on recent malware, ransomware attacks, and other emerging threats. For example, you can ask “What are the latest cyber security threats?”

That’s the thing by leveraging Copilot’s capabilities; you can stay proactive in identifying and mitigating potential security threats, ensuring a safer digital environment for your personal and business activities.

What are the latest cyber security threats”

Copilot aids GDPR compliance tasks.

GJ: How can Copilot help me understand and comply with data privacy regulations?

NH: Well, it can certainly help you comply with GDPR. Personal and business security is very much the day’s topic, and you need to get it right. Equally, you might not know where to start.

So, first off, you will need to appoint a Data Protection Officer within your business who knows how to implement technical measures and controls. Whoever that is will need to be registered with the ICO, so that ICO know who to contact in the event of a data breach.

Copilot can help the Data Protection Officer with the sequence of work of what to do: like initial assessments, gap analysis, and data audits. What to look for, developing policies and procedures as well, such as a data protection policy, data breach response planning, subject rights, all that kind of stuff. It will talk you through how to do that. When you want to jump into a section, you can say, “Can you give me an example of a data protection policy?”

You can ask Copilot: “How to do data training awareness”. So, you know how to talk to your staff about GDPR and all the privacy regulations. But also, crucially, what to do from documentation, record-keeping, monitoring, and improvements perspective; all the kind of stuff you might not know about or if you do, that you forget to do.

All decisions will fall on you to get them right”

Conclusion

GJ: Are there any drawbacks to using Copilot for your cyber security practices

NH: While Copilot can generate outputs for you, it’s crucial to verify them. Since it’s your work and your business, applying your own critical thinking is essential to ensuring the answers are correct.

Even if an answer appears legitimate, it might not be. At this early stage of Copilot’s development, consider it a collaborative tool to help you generate ideas, but always remember that the end user must check the responses. All decisions will fall on you to get them right.

If you would like to find out more about how to use Copilot in your workplace contact the team at: sales@cnc-ltd.co.uk or call us on 01273 384 100.

By Gary Jowett

Gary has always focused on making sure the most appropriate solution is provided to help customers, not just what's new and shiny. With over 30 years in the IT industry Gary has the experience to tell the difference between something that's game-changing or is just a passing fad!

READ GARY'S POSTS

LET'S TALK

We’re always open for a chat, so get in touch to find out how we can help

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-functional	1 year	The cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
cookielawinfo-checkbox-others	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Others".
cookielawinfo-checkbox-performance	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
elementor	never	This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_20840989_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.