top of page

Is it safe for our staff to be using AI?

  • Scott Gorman
  • Jun 10
  • 3 min read

This is a question I have been asked a few times over the past few weeks, and I admit that on at least one occasion, I struggled to provide a good answer. So, let me fix this right now...


If you are on the right platform and the right tier of license, the risk of your data being shared across the model is relatively low. However, the real risk you need to consider is if your business has taken the right steps to prepare and manage usage.


I have provided below a breakdown on what I mean by this…


1. The tools are fine, as long as you pick the right platform and tier

Microsoft 365 Copilot, Claude for Work and ChatGPT Team all say the same thing. They will not use your corporate data to train their models, and your prompts and responses stay in your tenant. Okay, yes this requires trust that they will do the right thing and you should review the terms and conditions for yourself.


The catch however is the consumer tiers. ChatGPT's free and Plus plans use your conversations for training by default. You have to dig into the settings to turn that off, and most staff never have and never will. Ask yourself, how many of my staff members are rotating through the free-tiers of various AI platforms whenever their tokens run out?


2. Where is your data actually going?

Do you have a preferred AI tool, or can staff use whatever they like? If you do not restrict access, you simply do not know where your company data is ending up. There are plenty of less reputable platforms out there, believe me on this, and if staff are using them every day, you have lost control of where your data is going.


3. The accounts are softer targets than people realise.

Even when the tool is secure, the account often is not. A personal account with a reused password and no MFA is one leak away from exposing months of conversations. This is not theoretical. AI accounts are becoming a known target, precisely because people forget how much information they have poured into them.


4. AI will expose your existing mess

A platform like Microsoft 365 Copilot can see everything in your tenant. Emails, SharePoint, OneDrive, Teams chats. It then answers questions using all of it.


In most businesses, M365 permissions are a bit of a train wreck to be honest. SharePoint sites set up years ago and never tidied. Documents shared with "anyone with a link". HR files dropped into a shared drive because it was easier at the time. Former employees still sitting in groups. I’ve been there and it's not easy to fix!


Do you see the problem with the above? Simply rolling out something like Copilot might give someone the ability to ask "so how much is my boss earning?" and out comes the answer.


5. Train your staff, like you would for any new tool.

People use AI in ways nobody planned for. Pasting confidential client data into a free tool because it is quicker than the approved one. Trusting the output without checking it. Sending overly polished emails which sound like they were written by a game show host. Recording every external meeting without asking. Yes people will do it all - and this is probably the more well behaved ones.


Training can help, and it is not only about what to avoid. Most people are barely scratching the surface of what these tools can do. A bit of guidance turns AI from a quiet risk into something that is genuinely useful, just like when spreadsheets or the internet entered the office years ago.


So here is a short checklist to finish this post:

  1. If AI is doing real work, the company pays for the business tier. No personal accounts.

  2. Pick one preferred tool and block the rest. 

  3. Enforce proper access controls, single sign-on included, just like any other business app.

  4. Before you roll it out, review the health of your information management. 

  5. Write an AI policy and train your staff on how to use it well.


 
 
bottom of page