Data Compliance When Using MS Copilot

Uploaded on 2024-04-02 in TECHNOLOGY-Key Areas-Artificial Intelligence, FREE TO VIEW

You’ve read the articles about how incredible Copilot is at boosting productivity and efficiency, and now everyone in your organisation is clambering for it. Some of them have tried it, others are keen to, and it makes sense that everyone wants a go.

In Microsoft’s recent Future of Work Report, they found in a Teams Meeting Study, participants with access to Copilot found the task to be 58% less draining than participants without access, and among enterprise Copilot users, 72% agreed that Copilot helped them spend less mental effort on mundane or repetitive tasks.
 
Meanwhile, 80% of executives think automation like AI can be applied to any business decision, but only 18% of organisations believe they are digitally thriving. So, what about the practicalities of implementing Copilot? Most of the people I talk to lack the confidence about what the next steps are and how to roll out Copilot successfully – and securely - across their organisation.
 
There are lots of different AI versions, from Dynamics, Salesforce, Azure, and Service Now to name a few. These new AI tools help you mine data, summarise information, and work smarter. You can also build your own AI tools with Open AI to then use specific company data in the best way for your company.
 
We expect certain things to come out when we use Copilot or similar AI tools. For example, we expect deeper and more relevant search results, and personalised, relevant, and actionable responses. We also expect tenant, group, and user protections, and AI-assisted creativity, productivity, and automation. The key to success is helping users understand how to use data properly – which all starts with policy, governance, and classification to know what you have, then training and follow-through for user adoption.
 
So, let’s dive deeper into how you can be better prepared to implement AI tools and make them work well for your organisation.  

Data Quality

Making sure the data that AI trawls for information is of a high quality, relevant, and not out of date is critical to success. You need to understand first how the AI tools use data and the potential consequences of using old or wrong data.

AI is only as good at the information you put into it and the questions you ask it.
 
First, you will need to gain visibility of all your data sources and start to assess their quality and what can be discarded, what needs updating, and what can be kept. For example, there is no point in AI trawling through PowerPoints to create a new one if the figures in the previous ones are out of date, or through customer ordering information that’s old as it will produce inaccurate data for you.
 
On average, globally, every human creates at least 1.7 MB of data every second, so it’s no wonder 47% of digital workers struggle to find the information needed to effectively perform their jobs. We waste so much time looking for what we need, so, we must all ensure that we only keep what is up-to-date, of use, and relevant. Your company data policies should address these issues.
 
IT teams will need to assess the quality of your data across functions and with various departments in the business. Potentially, many businesses will need to spend considerable time assessing and ‘cleaning up’ their data before they can start using AI effectively.   
 
Organisations should also be aware of ‘dark data’ – the data that is not necessarily immediately visible to an employee or department, but which is still accessible by AI. It could be data that has come across with a migration but is often out of date. Some organisations will have a policy to delete all data that is five or ten years old. Putting in place the right permissions and reviewing your data constantly will be critical to the successful adoption of AI.
 
By working out what data is relevant and strengthening your data quality you will improve your AI results. A data assessment will allow you to ultimately make good decisions on what content to keep, remove, or archive.

Storage

While reviewing your data it’s important to match your storage capabilities and platforms with your data needs to ensure you are not wasting money on storage, but also that you can scale up if needed to allow for the extra compute that running AI requires.
 
It’s also important to ensure you know where your data is stored in M365 and other databases, how they interconnect, what data you need from them, and whether they have the right security in place. For example, archived data can be stored outside Microsoft 365 and Copilot can’t access it, but it can be brought back online should people request it.
 
Within this companies need to ask whether they are using and storing their data in the right way to meet regulatory obligations. All this needs to be set out in an AI strategy document. By having a clear AI strategy in place adoption will become much easier. Without it, the wrong permissions could be granted to employees, and potentially cause a data leak and result in catastrophic damage and fines from regulatory bodies.
 
Data privacy, Compliance & Security
 
Organisations need the right data privacy controls - internally and externally if sharing content. Understanding your regulatory obligations and meeting all GDPR legislations require extra vigilance with Copilot. It will ‘farm’ information from a variety of different sources and databases so it’s key that anyone accessing data has the right permissions in place to meet all your regulatory obligations.
 
Think about the sensitivity of data and consider which data sets need to be locked down and what compliance needs you have as an organisation. For example, identify sensitive data, external users, and links and how items are shared internally. All information can be given a ‘category’ of risk and identified by audience, then IT admin can run assessments and work out to prevent oversharing of sensitive data.
 
Alongside this, it's important to clean up permissions and enforce policies. For example, removing shadow users who have access but haven’t used the data because they have moved department. Who has access to what and how people can set up project teams that have access to certain data sets can all be reviewed and given permissions from the IT team. For example, ‘leases’ can be put on workspaces to allow access to data sets for a certain period only. 
 
Once your data and environment are clean and secure you can then use AI and automation to manage and govern your data.

Adoption 

Training people how to use Copilot properly and understanding what prompts to use for it to come back with useful information is the final part of a successful rollout. With the latest management tools, the IT team can have a clear overview of the people who are licensed to use Copilot and how they are using it. If they are not making the most of it, do they need more training?
 
Employees must also understand the risks around AI-created information and how to ‘check’ its veracity.

For example, if employees are using Chat GPT across internal data are they asking the right questions to retrieve the best answers, and are they checking the data is recent and relevant?
 
In principle, your data should be up to date if you have started your journey with a data assessment so that your AI tools only have access to high-quality data. However, we all know data goes out of date very quickly, so all employees need to be aware through appropriate training not only how to use the tools, but also how to review and assess whether the information that it spits out is useable.

We still need to use our intelligence to assess whether AI has given us useful, useable information or not.
 
The right strategy, policies, and security combined with good training will enable your workforce to make the most of AI and its amazing capabilities.

Mike Bellido is Cloud Solution Architect at CSI Ltd

Image: Ideogram

You Might Also Read: 

Insights From An Early Adopter Of Microsoft 365 Copilot:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« The Dynamic Influence Of AI On Business Cybersecurity
What Will The NIS2 Directive Mean For Smaller Organisations? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

SecWest

SecWest

SecWest is the organizer of CanSecWest, PACSEC, originator of PWN2OWN, security auditing, and virtual engagement/training.

Centre for Cyber Security (CFCS) - Denmark

Centre for Cyber Security (CFCS) - Denmark

The Centre for Cyber Security is the Danish national IT security authority, Network Security Service and Centre for Excellence within cyber security.

Cybercrime Investigation & Coordinating Center (CICC)

Cybercrime Investigation & Coordinating Center (CICC)

The Cybercrime Investigation and Coordinating Center (CICC) is an attached agency of the Philippines Department of Information and Communications Technology (DICT).

Office of the Government Chief Information Officer (OGCIO) - Hong Kong

Office of the Government Chief Information Officer (OGCIO) - Hong Kong

OGCIO supports the development of community-wide information technology infrastructure and setting of technical and professional standards to strengthen Hong Kong’s position as a world digital city.

Network Integrated Business Solutions (NIBS)

Network Integrated Business Solutions (NIBS)

NIBS is an IT services provider offering a range of services with the aim of simplifying and securing technology.

AlertEnterprise

AlertEnterprise

AlertEnterprise uniquely eliminates silos and uncovers blended threats across IT Security, Physical Access Controls and Industrial Control Systems.

Arqit Quantum

Arqit Quantum

Arqit's mission is to use transformational quantum encryption technology to keep safe the data of our governments, enterprises and citizens.

Cyber Protection Group (CPG)

Cyber Protection Group (CPG)

Cyber protection Group specialize in Penetration Testing. We work with enterprise level companies as well as small to medium sized businesses.

Green Enterprise Solutions

Green Enterprise Solutions

Green Enterprise Solutions are a Namibian company providing Information and Communication Technology (ICT) services to corporate Namibia.

Frontal

Frontal

Frontal is a specialized unit in Blockchain and Web3.0 cybersecurity. Securing Digital Assets, Cryptocurrency, DeFi, Blockchain and Web3.0 ecosystem.

Hexagon

Hexagon

Hexagon is a global leader in digital reality solutions. We are putting data to work to boost efficiency, productivity, quality and safety.

Effectiv

Effectiv

Effectiv is a real-time fraud & risk management platform for Financial Institutions and Fintechs.

Onum

Onum

Onum helps security and IT leaders focus on the data that's most important. Gain control of your data by cutting through the noise for deep insights in real time.

Integrated Cyber Solutions (ICS)

Integrated Cyber Solutions (ICS)

Integrated Cyber Solutions is a managed security service provider that humanizes cybersecurity managed services to the Small-to-Medium Business (SMB) and Small-to-Medium Enterprise (SME) sectors.

Start-Up Chile (SUP)

Start-Up Chile (SUP)

Start-Up Chile is a business accelerator program created by the Chilean Government for high-potential tech entrepreneurs.

NST Cyber

NST Cyber

NST Cyber provides comprehensive Threat Exposure Management to Global banks and Forbes 2000 companies.