With Microsoft 365 Copilot’s recent wider availability, excitement crackles. However, alongside potential benefits, a new layer of complexity drapes over existing data privacy concerns. While businesses with airtight data governance within M365 might breathe easy, the reality for most paints a different picture.
How Copilot Works (and Why You Should Care):
At its core, Copilot indexes data across M365 sources like email, Teams, and SharePoint. When users pose questions, the model respects existing data governance policies. For example, summarizing emails in your inbox is fine, but not accessing a restricted SharePoint folder.
However, things get messy in imperfect environments with inconsistent permissions or lingering forgotten documents. A simple question like “What’s John’s salary?” could expose sensitive information buried in an old document accessed due to an overlooked permission.
While this data vulnerability isn’t new (bad actors already exploit it), AI amplifies the issue. An innocent user finding confidential information in mere seconds? Imagine how quickly malicious actors, whether insiders or external threats, could exfiltrate sensitive data.
File types currently supported by Microsoft 365 Copilot:
The Unlearning Dilemma: Your Data, Inked in AI
One unsettling aspect of LLM AI models like Copilot is their “unlearning” difficulty. Ingested data isn’t stored in removable files; it becomes part of the model itself. Reverting it to its initial state, the only way to remove data, is costly and impractical, offering no guarantee of an identical “clean” model.
Taking Control: What You Can Do
Despite the AI hype, fundamental principles still apply. Frameworks like IASME Cyber Assurance can help small businesses map and define data storage, access, and sharing, forming the basis for robust data governance policies and technical controls.
Don’t let data complexities overwhelm you. If you need a head start or support along the way, reach out! Our experienced team can guide you through the next steps of securing your data in the age of AI.
© Be Secure Cyber Ltd 2023