What are the biggest security concerns for IT admins?
Table of contents
We asked Microsoft MVPs at the European Collaboration Summit what they thought were the biggest security concerns for IT admins right now. We compiled their answers into a short video montage below. You can also read their full answers in this blog post to gain more of their awesome insights.
Organizations have been practicing security by obscurity – Emily Mancini
I think a lot of organizations have been practicing security by obscurity and with the launch of Copilot, as employees start to ask new questions, some data that’s irrelevant is going to start to surface, or maybe pieces they shouldn’t have access to. So the IT admins are going to get a lot of inbound requests for help to make sure we get those permissions correct.
I think it’s really important to have clear governance that supports your employees needs and if they’re not following that governance, to sit down and have a conversation with them about it, to see where the gap is, because there’s potentially a different way that you need to be sharing content that you can support them through, and they’ll be more likely to then follow those better practices.
If there is a data leak, one of your best tools is to check the audit log and see who has read it and who has already had access to it so you can start addressing the concern immediately based on those people specifically after you’ve locked it down.
Educate people on oversharing – Gokan Ozcifci
I would say it’s more about oversharing what we have in our organization. Today with M365 becoming the central point for collaboration, people aim to share a lot of stuff. And the fact of sharing is OK, but whenever you don’t control it or when you don’t know what you share, it can be problematic, so oversharing is one thing for sure.
To address oversharing, organizations can implement reports, use third party tools, have regulatory meetings, a bunch of stuff. I would go for third parties because they know what they do. You can extract a lot of reports from those tools and at least remediate to those oversharings. And the most important one, education. Educate people on what they can, should or should not share.
AI deep fakes – Simon Hudson
I guess the biggest issue is now the ability of AI to create deep fakes. So it’s always been for the last decade, social attacks of being the way into people’s security systems.
It’s harder to breach the tech than it is to breach the people. And you know we’ve done a certain amount to get people to be conscious of possible personal hacks.
But now, the ability to create deep fakes of people that you maybe know and love and get into people’s insights that way. That’s a whole new level of threat. So one of the first things I’m doing when I get back to the UK on Saturday morning is setting up OnePass for my family so that my family can’t be hacked and use that as a route into the stuff that I do for myself and my clients.
What can Copilot actually access? – Elio Struyf
The biggest security concerns are what can Copilot actually access? And thinking of it, it’s like when we all started to use search in SharePoint. All of a sudden you saw documents that you weren’t supposed to see, but you had access to it, but people or the IT department started to say, oh we accidentally forgot this part of the Intranet or this part of the document centre to put access on top of it to prevent people to go there and we see the same things now happening with Copilot.
IT admins are now discovering that people can access a couple of things that they shouldn’t be accessing. It’s actually a good thing that they now see these things and that they can work on it and then prevent people from accessing these documents or content.
Copilot having access to a bunch of data – Marijn Somers
The big security concerns definitely in Europe is NIS2 coming up. So there are many challenges with that. Well, not many challenges, but at least a lot of questions around what does that mean for my organisation? What does that mean for my data? For my procedures, for my policies? How do I interact with it? What do I do with it? So I think that’s a fairly big point right now.
Also, all the new tools, all the new technologies that are coming out that allows sharing with external parties. For example, how can I tone that down? How can I dial that down?
And third, I would say Copilot. Copilot having access to a bunch of data, surfacing that data in a very fluent, nice way. You need to make sure that your back-end security is all fixed and all set up so that everything will work and you don’t have any nasty surprises.
Copilot can resurface information you shouldn’t actually see – Karoliina Kettukari
I think AI brings a lot more new security concerns we haven’t had before. So for example, if you ask something from Copilot, it will surface a lot of information, a lot of data you weren’t aware you are actually sharing. So even though Copilot complies to your access rights, your data management policies, it still can resurface information you shouldn’t actually see.
Oversharing is a huge problem in organizations, but one great tip for oversharing is to advise every employee to go to their OneDrive and click on the shared button “shared by me” and there you will see all the files you have actually shared with other people and especially go through the files where you have shared documents with everyone in the organization, and maybe go through those settings once again.
Companies don’t know who is in their tenants – Adis Jugo
I see two security concerns. One is that people are not aware security is necessary. And the second one, I’m coming back to oversharing, but one thing which is usually not possible with Copilot, can be a problem in other scenarios. We speak about external users. It’s incredible how many Microsoft 365 companies who are using it don’t even know who is in their tenants. Don’t know how many shared links they have. Don’t know with whom those links are shared.
This is in my opinion in the moment, by far if you speak about Microsoft 365, by far the largest issue is people don’t know who has access to the files. It’s very much connected to what we spoke about Copilot a few seconds ago, but it’s basically two angles of the same problem.
Would you like to know more?
It was great hearing what Microsoft MVPs had to say about the biggest security issues for IT admins. Thank you to all the Microsoft MVPs for their insights!
If you’re looking for ways to enhance the security of your Microsoft 365 tenant or secure and govern Microsoft Copilot, see how Syskit Point can help with a 21-day free trial.
