Probably the most promising of all the artificial intelligence solutions mushrooming onto the scene is Microsoft’s Copilot. There’s a ton of interest across the board, too, with the recent webinar we hosted together with Dicker Data drawing a substantial and highly engaged audience.
The overriding impression we got from this session is just how powerful Copilot potentially is – and it also showed what you’ll need to do to get lasting value from an intriguingly capable tool.
It’s not hard to see why people are interested, but there are a couple of quite significant caveats, all covered in the webinar.
The biggest is that unlike the #Copilot you’ve probably experimented with on your personal PC or via Microsoft’s Bing search engine, Copilot at work doesn’t arrive ready to use. Not only will it require some (potentially quite significant) customisation and configuration, but there are entirely new security challenges too.
Since Satya Nadella announced it with some fanfare late in 2023, Copilot has looked like exactly the sort of thing we all need to make our lives easier: a ‘turbocharged’ assistant working on our own data, emails, documents and so on, as well as publicly available data resources, helping us get more done faster and with less hassle.
And make no mistake, demonstrated in a ‘lab’ setting, Copilot is a thing of beauty. Among our favourite features are summaries of lengthy email chains (hallelujah) relating to a single task or topic, or the automated creation of a PowerPoint presentation. After all, death by PowerPoint is a double-edged sword, as anyone who has ever made a lengthy set of slides knows all too well!
Now, not to puncture the balloon of excitement or anything like that, but making Copilot work well while delivering the value that makes it worth paying the license fee – that’s right, Copilot for business isn’t free – requires setup, configuration, security…and user training.
No discretion and the new security challenges
This was made clear by two of our presenters. First up, Advantage’s vCISO Alistair Ross made a series of points around security (and as an aside, the level of interest is further confirmed by massive interest in this free Foundations of AI Security course from AttackIQ.
Any AI tool relies on data, but the problem with AI is its complete absence of discretion. Unless your data is organised, categorised, hierarchical, and appropriately permissioned and protected, there will be problems.
If access is too wide, malicious intent doesn’t even necessarily come into it; it’s just not a good look if the company secrets are coming out in ‘everyman’ emails composed by or with Copilot’s help. This extends to the potential for unchecked data exfiltration.
Alistair’s recommendations include analysing and defining data, shares, policies, and permissions, and clearing out what he calls ‘chuff’ – outdated, inaccurate, or dead data. There is a bit more to it, but you probably get the idea.
Educating your people on new ways of working
Next up, Dicker Data’s Lauren Nobbs took us through Copilot itself, including outlining various packages offered by Microsoft, sharing insights from the vendor’s Work Trend Index (yes, all about how useful Copilot is!), and demonstrating how it works on her own inbox and data.
This is instructive, because by watching you’ll appreciate that these are new ways of working; some features were particularly interesting, including tonal analysis which might prevent the exchange of snarky emails.
Not only will your setup and configuration matter here, but training your people on when, where, and how to use Copilot became abundantly clear. This isn’t a case of throw it to the users and let them figure it out, because doing so could be risky from a security perspective (as already discussed), a reputational perspective, and also a ROI (or otherwise) perspective. Knowing when, where, and how to use any tool has a flip side: knowing when and where it absolutely shouldn’t be used is just as important.
The large number of queries from the audience again showed that demonstrations can’t possibly anticipate how people will react to, seek to use, and indeed break the tools they’re given. For example, one related to the automatic meeting summaries Copilot produces: what if the meeting has two components, a general one, followed by ‘board only’? Copilot won’t differentiate, so there’s another potential security situation arising.
In summary, this was an excellent webinar because it provided a glimpse into a ‘very near’ future where a lot of mundane tasks are going to get better, faster, and easier. But that future doesn’t come without risks and overheads: getting your organisation Copilot-ready requires complete awareness and thorough preparation.
Do that, and this is an AI which may very well prove to be a pot of gold.
If you’re interested in checking the webinar out for yourself, please get in touch, and we will share it with you.
And do yourself a favour, if you haven’t already, register for the free Foundations of AI Security course from AttackIQ or catch the next webinar Microsoft SMB Briefing: Get Copilot Ready (dickerdata.co.nz).
