Mike Bellido

Mike Bellido, Solution Architect, CSI Ltd 

The business community is understandably hyped with the launch of the long-awaited Microsoft Copilot. Microsoft Copilot is a powerful AI-powered productivity tool that uses Large Language Models (LLMs) to help enhance creative and collaborative projects, whilst honing skills and focus. As the name infers, ‘Co-Pilot’ works alongside you in Microsoft 365 applications, including every favourite, Word, Excel, PowerPoint, and Outlook. Microsoft’s new AI tool supports efficient project management by undertaking tasks such as drafting documents, summarising text, and finding information on the user’s behalf. It can perform tasks such as language translation and even ‘write’ creative content such as company updates or client facing blogs.  

Amongst all the excitement around its capabilities, there are important considerations around data protection. Onboarding any new AI resource requires a business to take precautions in protecting data from unauthorised access, use, or disclosure. 

It is therefore critical that businesses keep in mind what data is being used. Copilot will utilise Office 365 data, extracting from sources such as SharePoint, OneDrive, and your email. With potentially sensitive, private, or confidential data spread across your O365 suite, there’s a costly risk that even with the best intentions AI could expose protected information.

So, how does your business ensure that its data remains secure while taking advantage of this innovative technology?

Understanding how sensitive your data is

If you are to safely protect your data, you first need to identify what kind of data you have and how sensitive it is. This is where Azure Information Protection becomes key in understanding your types of data. AIP is a cloud-based solution that helps you discover, classify, label, and protect your data across different locations and devices.

By using AIP, a business can ensure that its data is properly labelled and protected, helping to comply with various regulations such as HIPAA (Health Insurance Portability and Accountability Act, 1996) and GDPR (General Data Protection Regulation).

As a key example, a business could use AIP to classify customer data as “confidential” and then apply a set of security controls to that data set, such as requiring users to enter a password before they can access it. These technical controls create a kind of security baseline, controlling the ebb and flow of your O365 data and supporting confidentiality, privacy and all-round guarding data that requires strict levels of compliance.

Manage the risks with a data governance policy

Data governance is a set of policies and processes that ensure the effective and efficient use of information in your organisation. It covers aspects such as data quality, data security, data privacy, and data lifecycle.

By implementing data governance in your organisation, you can manage the risks associated with data, such as breaches, leaks, errors, or misuse. It also helps you optimise the value of data by enabling better decision-making, innovation, and performance. For example, administrators can create a data governance policy that requires all employees to use Microsoft Copilot in a secure fashion. This policy could include requirements such as using strong passwords, not sharing Copilot-generated content with unauthorised users, and deleting Copilot-generated content when it is no longer needed.

Enforce Data Loss Prevention (DLP) Rules and Actions

Data loss prevention (DLP) is a technology that helps you prevent your data from being leaked, stolen, or misused by unauthorised parties. DLP can help you detect and block sensitive data from leaving your organisation, alert users, or administrators when a potential data breach occurs, and enforce remediation actions such as deleting, quarantining, or encrypting the data. For example, you can create a DLP rule that prevents users from exporting confidential customer data from Microsoft Copilot. This rule would be triggered if a user tries to export a document that is classified as “confidential” to a USB drive or email.

Detect and respond to data threats by monitoring anomalies

Monitoring and auditing your data activities is crucial to data security. It helps you detect and respond to any anomalies or threats that may compromise your data, investigate, and resolve any data breaches or incidents that may occur, and identify and address any gaps or weaknesses in your data security posture. For example, you can enable logging and auditing for your Microsoft 365 environment to track all user activity in Copilot. This will allow you to see who is using Copilot, what they are doing with it, and when they are doing it.

By following these steps, you can ensure that your data is secure while using Microsoft Copilot. With a little planning and effort, you can harness the power of AI without compromising your data security.

Bringing AI capabilities into your business

Microsoft Copilot is an exciting, powerful use of artificial intelligence that can meaningfully and beneficially improve an organization’s ability to collaborate, create, and manage its O365 workflows. 

Copilot is not just a content engine, it is a smart assistant that can help employees regain better focus and tackle time-sensitive, demanding workloads. However, as with any AI tool or resource, it is important to take precautions in protecting business data so your business isn’t exposed or people using sensitive data inappropriately.  

 


 

Mark your calendars for an exhilarating rendezvous on 6th - 7th February 2024, 155 Bishopsgate London! Embark on a captivating journey as we bring together trailblazing data visionaries from diverse industries at CDAO UK.

This extraordinary event promises not only the exchange of wisdom but also the unveiling of ingenious strategies and creative solutions. Don't miss out on this unique opportunity to forge connections that transcend boundaries and ignite your intellect with key themes that encompass.

Get your ticket today!