Microsoft 365 Copilot - Is Your Bank Ready for the AI That’s Already There?

If you feel like everyone is talking about AI these days, you're not wrong. Much of the conversation focuses on tools like ChatGPT - chatbots that live outside your organization and used for chat-based Q&A, research or content generation. What I want to focus on today is the AI that's already inside your organization.

Microsoft 365 Copilot is embedded directly into the tools your bank likely uses every day: Outlook, Teams, SharePoint, Word, and Excel. It also has a chatbot function: Copilot Chat.  But unlike a standalone chatbot, Copilot doesn't just answer questions from the internet, it answers questions using your data. Emails, documents, HR files, loan records, board materials.  If it lives in your Microsoft 365 environment and a user has permission to access it, Copilot can find it, summarize it and use it.

Consider this scenario: a branch manager is preparing for an employee performance review and asks Copilot to pull together some talking points. Copilot does this, and along with the talking points, it surfaces salary history and disciplinary notes from an HR folder the manager technically had access to but was never meant to read.

In IT audits, I sometimes hear this when an employee has access that they shouldn't: "They wouldn't know how to find this or use this anyway." This was probably true.  But now, Copilot gives all users the ability to find and use that data effortlessly, whether or not they were ever supposed to have it. It's not just a productivity tool. It's an amplifier for whatever permission problems already exist in your environment.

So should your bank avoid it?  No, definitely not!  For one reason, you can’t.  Copilot is already embedded in Microsoft’s suite of tools.   It is also becoming too capable to ignore.  Chances are somebody in your organization is using it already, regardless of whether you have officially “rolled it out.”  The question isn't when to roll it out - it's how to secure it, knowing it will be used sooner rather than later.

There are many security considerations to review, but here are a few areas to start:

• What Copilot Has Access To - First, we need to understand what data Copilot can access.  Out of the box it will have access to SharePoint and OneDrive files, Teams chats, emails, and calendar entries.  Connectors can also be utilized so Copilot has access to network file shares.  In short, Copilot has visibility into many of your stores of information and communications.

• Permissions Review - Permissions are one of the highest risks associated with M365 Copilot -and a significant risk whether or not you use Copilot at all. But Copilot vastly multiplies those risks, as described in our example above. At the end of the day, we need to make sure people only have access to what is needed for their job. We also know that folder structures can easily get away from us as people create new folders and move things around. Here are a few specifics:

  • Review and restrict SharePoint access. In the SharePoint Admin portal, restrict specific sites as needed from M365 Copilot under the settings tab. Microsoft provides built-in security and compliance tools that can help identify ways to tighten access. Content management assessments are one such tool that can help identify sites that can be further restricted. Finally, SharePoint has the ability to restrict sharing outside your organization entirely - meaning files and links can be kept internal, which is a reasonable baseline for most banks.

• Protect Data with Sensitivity Labels - Even with SharePoint restrictions in place, not every sensitive document lives on a restricted site. Sensitivity labels fill that gap. Placing sensitivity labels - either manually or automatically - on emails, files, or folders enforces controls such as encryption or access restrictions on them. This will keep Copilot from accessing these documents in ways not intended.

• Preventing Data Leakage - Configure Data Loss Prevention (DLP) policies in Microsoft Purview to protect sensitive information from being used in prompts. You can prevent users from adding information such as Social Security numbers or non-public personal information (NPI) into prompts. Inadvertently adding sensitive information is very easy to do when attaching items such as spreadsheets.

• Understanding Microsoft’s Responsibilities - Microsoft has built-in protections for Copilot, and appropriate vendor management reviews are needed for them. But we also need to understand where Microsoft’s protections end. For instance, Microsoft recently added Anthropic (the makers of Claude AI) as a sub processor - a third party authorized to process your data as part of delivering the service - with the ability to use their Sonnet model. If you are using this option, certain data may go to Anthropic servers, and you would need to understand those data security implications. This relationship should be documented in your vendor management program.

• Acceptable Use and Education - Even with the right technical controls, people still need clear guidance on what Copilot should and shouldn’t be used for. This includes ensuring that users understand Copilot is not always accurate. Microsoft is straightforward about this: “The responses that generative AI produces aren’t guaranteed to be 100% factual.”  We also need to educate users on what types of data are appropriate in prompts - such as NPI or other sensitive bank information. Ensure that AI acceptable use requirements are incorporated into your overall Acceptable Use Policy.

The topics covered here represent some of the most important starting points - but they are by no means everything your bank should consider when it comes to Copilot security. Every organization’s Microsoft 365 environment has its own history, configuration, and risk profile. Microsoft 365 Copilot is not a future consideration for your bank - it’s very much a present one. The good news is that the controls exist to use it responsibly, and most of them are already included in your existing Microsoft 365 licensing. The permissions cleanup, sensitivity labels, DLP policies, and acceptable use guidance outlined above aren’t just Copilot-specific projects - they’re good security practices that benefit your entire Microsoft 365 environment whether or not you’re actively using Copilot today. Now is the time to get ahead of the curve.