Many businesses today use helpful tools like Microsoft SharePoint to share work and collaborate. New Artificial Intelligence (AI) tools, like Microsoft Copilot, are being added to make work even easier.

While these tools are helpful, they also create new ways for cyber attackers (or "hackers") to try to steal company information. Recent reports show that hackers can sometimes use these AI tools to get passwords or secret files from SharePoint, and it can be hard even to know it happened.

For business leaders, it's essential to understand these new risks. Here are three simple, practical steps your company can take to stay safer:

1. Keep SharePoint Clean: Don’t Store Secret Information There

What to do:

* Check what files are stored in your company's SharePoint. Remove any files containing passwords or other secret information unless it is necessary to keep them there.

* If vital information must be stored in SharePoint, ensure it's protected (using encryption, which scrambles the data) and that only the right people can access it.

* Teach your employees never to upload passwords or secret files to shared work folders unless it's essential for their job and has been approved.

2. Control Who Can Use AI Helpers (Copilot Agents)

Why it matters: The AI helpers (Copilot agents) working with SharePoint can search company files. Hackers might try to use these helpers to get around standard security, or they might trick the AI into sharing information it shouldn't

What to do:

* Limit which employees can create or turn on these AI helpers in your SharePoint; approval is required before any new AI helper is used.

* Turn off these AI helpers for SharePoint areas that store highly secret or sensitive company information.

* Regularly check which AI helpers are being used and what they have permission to access. Remove any helpers that are no longer needed.

3. Use Tracking Tools to Watch AI Activity

* Why it matters: Normal computer logs might not show when an AI helper looks at a file. This makes it harder to spot if someone uses the AI to snoop around. Special tools are needed to watch this activity.

What to do:

* Set up the monitoring tools recommended by Microsoft that specifically track what AI helpers like Copilot are doing and which files they access.

* Review these tracking logs regularly. Look for unusual activity, such as AI helpers accessing files they shouldn't need to.

* Consider setting up automatic alerts that notify your IT team when AI helpers access sensitive files or when new helpers are created.

Quick Summary

What To Do

• Keep secret info out of shared folders

• Less risk of AI finding secret details

• Remove/limit secret files; teach your team

Why It Helps

• Control who uses AI helpers

• Fewer ways for hackers to misuse the AI

• Approve helpers; turn them off where needed

Simple Action

• Watch how AI tools access files

• Helps you spot suspicious activity

• Use tracking tools; check reports regularly

Stay Safe

By taking these three steps, businesses can significantly lower their risk from these newer cyber threats that target tools like SharePoint and Copilot. The best defense involves being careful where you store data, controlling how AI tools are used, and closely monitoring what's happening. Protecting your company's information is key to keeping your business running smoothly.