3 Ways To Maintain Safety When Using GenAI

By Dana Simberkoff, AvePoint Chief Risk, Privacy and Information Security Officer

As businesses increasingly adopt advanced AI tools like Microsoft 365 Copilot to streamline operations and drive innovation, cyber threats are also rising, with 75% of security professionals witnessing an uptick in attacks in the last year. While AI tools offer numerous benefits, they also introduce significant data governance and security challenges.

According to Gartner, enterprises that fail to implement comprehensive AI Trust Risk and Security Management (AI TRiSM) controls are more vulnerable to security threats. Moreover, AI tools like Microsoft 365 Copilot lack native enterprise policy controls for GenAI, and traditional security measures are inadequate for addressing these threats. Here are three strategies to stay safe and avoid these threats’ monetary and business continuity costs.

Implement Comprehensive Data Classification and Labeling 

As many organizations are aware by now, AI effectiveness depends on high-quality, classified data—and without that, you won’t get the results you’re looking for from tools like Microsoft 365 Copilot or Salesforce Einstein. So, it’s important to invest in data classification and labeling processes to not only ensure data quality but also protect sensitive information with security measures like encryption and access controls. By categorizing and tagging data based on its content, context, and sensitivity, data classification maintains data integrity at scale – ensuring consistent application of security measures across the organization. In fact, Deloitte reports that 62% of organizations plan to audit their existing data governance programs this year and explore new measures.

Related:AI Chatbots Ditch Guardrails After 'Deceptive Delight' Cocktail

Data classification also enables automated enforcement of permissions and information governance policies, reducing the risk of unauthorized access and data breaches. Continuous monitoring and updating of classifications ensure that data remains accurately categorized and protected as it evolves, maintaining its integrity over time. 

Tighten Access Controls and Improve Monitoring 

In 2024, 40% of data breaches involved information stored across multiple cloud environments, and over one-third involved shadow data (data stored in unmanaged sources), underscoring the increasing difficulty in managing and tracking access and protecting critical data. With this, multi-cloud data protection is crucial: You cannot only prioritize Microsoft 365 and forget about your Salesforce environments, for example.

Related:Master AI Cybersecurity: Protect and Enhance Your Network

In Gartner’s 2023 Microsoft 365 survey, almost 60% of respondents stated that oversharing was among the biggest risks to their organizations’ Microsoft 365 environments. Enhancing access controls and monitoring critical data is vital because it ensures only authorized users access sensitive information, reducing data breaches and maintaining data security and privacy.

Moreover, continuous monitoring of data access and usage allows organizations to detect and respond to potential security threats in real time, ensuring that any anomalies or suspicious activities are promptly addressed. This proactive approach not only safeguards the organization's data but also enhances overall trust in AI-generated outputs. 

Invest in Ongoing Data Hygiene  

Utilizing AI-powered data governance tools enables organizations to automate critical tasks like permissions management and information lifecycle policies. These tools ensure precise data classification, labeling, and protection—crucial for maintaining data quality and security. Additionally, they provide real-time insights and support the efficient enforcement of data governance and security policies, enhancing the effectiveness of these tools.

Ultimately, data governance at every step of the way is the cornerstone of data security. A better understanding and management of your data is security by design, ensuring that data is consistently and meticulously protected. Without it, your usage of any AI tools is too risky.

Related:White House Urges Agencies To Adopt AI for Military, Spy Use

About the Author

Dana Simberkoff is Chief Risk, Privacy and Information Security Officer at AvePoint.