As AI takes centre stage in workplaces, experts warn companies against rushing in without proper preparation. Peter Shobbrook is OPC IT’s security specialist. Photo: Michelle Kroll.
Canberra businesses exploring AI might be heartened to know Peter Shobbrook uses Microsoft’s Copilot daily.
The operations manager at OPC IT says his adoption of the technology easily saves him a few hours a week.
But as October marks Cybersecurity Awareness Month with a “Stay Safe Online” theme, Peter points out any recommendation he makes to a client comes with an asterisk or two.
During the COVID-19 pandemic, organisations rapidly shifted from on-premises to cloud solutions, creating sometimes shaky foundations for rolling out AI.
“As AI takes centre stage in workplaces, OPC IT is urging businesses to pause and review their data governance practices to ensure secure and responsible access to information,” Peter says.
From ChatGPT to Google Gemini, GitHub Copilot to ZoomInfo Copilot, AI solutions are arriving fast. OPC IT mostly works with Microsoft Copilot, a natural fit for businesses already using Microsoft 365.
“Copilot helps me organise my day, summarise emails and – a big one – structure reports. It’s especially effective when you provide templates to build from,” Peter says.
“There’s no doubt it’s useful, but whatever platform you choose, don’t rush in. Get your security and governance right first, and understand the data privacy around the product.”
OPC staff regularly walk clients through AI risks and preparation steps. Peter says it starts with auditing and cleaning up permissions across cloud services, sharing links and collaboration settings.
Without this, businesses risk exposing sensitive information.
“Say a finance team member puts payroll data into the ecosystem without the right guardrails; suddenly, anyone can see what the CEO is paid,” Peter says.
“We give clients a high-level overview of their Microsoft 365 tenancy, the data within it, then cull inappropriate sharing and rework permissions.”
Fixes may include sensitivity labels, document tagging, automated rules and encryption for highly sensitive files.
Another major pitfall is holding onto unnecessary data.
High-profile breaches such as Medibank and Optus show the damage data leaks can cause – made worse when companies store too much.
“Navigating industry standards can be complex, which is why organisations need clarity around their compliance obligations. We help clients implement best-practice solutions once their requirements are defined,” Peter says.
“Reviewing legacy data is also about the quality and reliability of your AI outputs because AI trains itself on everything in your system. So if you have an archived folder with a 20-year-old procedural document in there, and you have a more recent one, your results might be unreliable.”
Whatever platform companies use, Peter says all businesses should already have clear policies on what AI is sanctioned for workplace use – especially where company data is involved – and how it should be applied.
He says follow those policies with technical controls.
“Commit to it, and block all other AIs from work computers.”
Another tip: AI readiness isn’t “set and forget”.
“Remember, everything drifts. Five years ago, with one accounts guy, it might’ve been fine to use SharePoint a certain way,” Peter says. “You must set parameters to prevent drift and reassess regularly.”
Finally, because nothing is bulletproof in the fast-changing landscape of AI, it’s important to have another layer of protection in place for when things go wrong.
OPC offers comprehensive cybersecurity services, 24/7 monitoring, and managed privacy and governance solutions to support organisations in building secure, compliant environments tailored to their needs.
“Threats can come from outside and in,” Peter says. “We have protections in place for clients that detect mass downloads of files and alerts for mass deletion.
“Our alerts go off at any time of the day, our security team jumps up to ensure your data isn’t going anywhere it shouldn’t.”
For more information, visit OPC IT.
