Page 152 - Cyber Defense eMagazine Annual RSA Edition for 2024
P. 152

Do you know where your data is stored in M365 and other databases? How do they interconnect, what
            data do you need from them, and do they have the right security in place? For example, old data can be
            stored  outside  Microsoft  365  and  Copilot  can’t  access  it,  but  it  can  be  brought  back  online  should
            someone want to use it for a project.


            Also, consider whether you are using and storing data in the right way to meet any regulatory obligations
            you have. Set it out in an AI strategy document - having a clear strategy in place will make adoption
            easier too. Without it, the wrong permissions might be granted to someone and potentially cause a data
            leak which results in a fine from your regulatory body.



            Have strong data privacy, compliance, and security in place.

            Understanding your organisation’s regulatory obligations and meeting all GDPR legislation requires extra
            vigilance with Copilot. It will ‘gather’ information from a variety of different sources so it’s key that anyone
            accessing data has the right permissions in place to meet all your regulatory obligations. And think about
            both  internal  and  external  sharing  of  content  too.  For  example,  most  companies  share  sensitive
            information with suppliers so having the right data privacy controls in place is important.

            How sensitive is your data? Consider which data sets need to be locked down and what compliance
            needs  you  have  as  a  company.  Identify  sensitive  data,  external  users,  and  how  items  are  shared
            internally. Then give all information a risk category, identified by audience, then your IT admin team can
            run assessments and work out how to prevent the oversharing of sensitive data.

            It's also important to clean up permissions and enforce policies. Remove shadow users who have access
            but haven’t used specific data because they have moved departments. Who has access to a specific set
            of data can be reviewed and permissions set by your IT team. For example, ‘leases’ can be put on
            workspaces to allow time-limited access to data sets.  When your data and environment are clean and
            secure you can use AI and automation to manage and govern your data.



            Train your staff well


            The  final  part  of  a  successful  AI  rollout  is  training  your  staff  how  to  use  Copilot  properly,  including
            understanding what prompts to use for it to come back with useful information. Your IT team should have
            a clear overview of the people who are licensed to use Copilot and how they are using it. They can then
            suggest who needs more training or support if they are not using it.

            Employees also need to understand the risks around AI-generated information and check its veracity
            every  time.  For  example,  if  they  are  using  Chat  GPT  across  internal  data are  they  asking  the  right
            questions to retrieve the best answers, and are they checking the data is recent and relevant?

            In theory, if you started with a data assessment, your data should be clean and up to date. However, we
            know that data goes out of date quickly, so all employees need to be aware not only of how to use the
            tools but also of how to review and assess whether the information that it generates is useable.







                                                                                                            152
   147   148   149   150   151   152   153   154   155   156   157