Exploring Artificial Intelligence, Data Governance, and Cybersecurity

In a world where business artificial intelligence (AI) is no longer “optional,” understanding how to balance innovation with security has never been more critical.

Recently, we hosted a live webinar, “AI Readiness: Balancing Cybersecurity, File Permissions, and Data Governance,” featuring our own technology leaders Jason Fenoglio (Director of Information Security) and Andrew Kon (Regional Director of Technology Solutions). Their discussion explored how businesses of all sizes can unlock the power of AI while minimizing risk, a topic that’s shaping the future of nearly every industry.

Whether you’re just starting your AI journey or refining your data governance strategies, this recap can help serve as your guide to moving forward with clarity and confidence.

Why AI Readiness Can’t Wait

AI Is Already Embedded in Your Business

One of the most powerful insights from the webinar was this: AI isn’t some abstract concept on the horizon—it’s already here. If you’re using tools like Microsoft Copilot, Zoom’s AI assistant, or any cloud application with built-in intelligence, you’re relying on AI every day.

As Andrew Kon noted, “AI capabilities are rapidly becoming standard features. Ignoring them is not a sustainable strategy because they’re woven into the platforms businesses already depend on.”

The Competitive Edge, or the Risk of Falling Behind

Businesses embracing AI are already seeing improvements in efficiency, automation, and decision-making. From analyzing customer trends to streamlining back-office workflows, AI can dramatically improve how teams operate.

However, there’s another side to the coin—failing to prepare for AI adoption can leave you vulnerable. Organizations on the sidelines risk losing ground to more agile competitors who leverage AI to deliver faster and smarter services.

The Cybersecurity Risks You Can’t Ignore

AI Sees Everything (Even What You Forgot About)

One of the biggest takeaways from Jason Fenoglio’s remarks is that AI doesn’t discriminate in what it finds. If a file is accessible, even if it’s hidden away in a dusty folder, AI can surface it.

Jason illustrated this perfectly: “Anything AI can find, it might share. That includes old payroll spreadsheets, private customer records, or internal strategy documents. If you don’t proactively secure and govern your data, you’re inviting accidental exposure.”

Think of AI like a well-meaning intern who enthusiastically digs through every file cabinet. If you haven’t defined what’s off-limits, nothing stays private.

An Expanded Attack Surface

Adding AI to your environment is like installing a new entrance to your building. Sure, it’s convenient, but if you don’t secure it, you’re providing a fresh opportunity for cybercriminals.

AI applications can be exploited if not properly configured and updated. Outdated AI systems, much like unpatched software, become low-hanging fruit for attackers.

Shadow AI

Another emerging AI risk is the rise of shadow AI—this occurs when employees use unapproved AI tools without IT’s knowledge, such as a free widget downloaded from the internet or a personal AI subscription connected to work systems.

Imagine someone propping open a side door because it’s “easier.” Shadow AI creates blind spots that make it impossible for IT to monitor data flows or prevent breaches.

Managing Data Access in an AI-Driven Workplace

Security by Obscurity Doesn’t Work

In the past, companies relied on security by obscurity, hoping that important files buried deep in folders would remain unseen. With AI, this approach collapses.

If the AI system has access permissions, it will discover every file it can reach. As Andrew Kon explained, “AI doesn’t get tired or skip steps. If you let it, it will find everything.”

Audit and Clean Up Permissions

Before unleashing AI tools, organizations need to conduct a detailed audit of file permissions. Broad access rights and outdated folder structures are a recipe for accidental disclosure.

Implementing Least Privilege

Implementing the principle of least privilege access is a cornerstone of cybersecurity in the era of AI—this means granting employees (and AI tools) only the minimum access necessary to perform their duties.

For example, your marketing team doesn’t need open access to your finance records. By limiting the scope, you reduce the potential blast radius if something goes wrong.

Assign Data Owners

Data governance shouldn’t be just an IT responsibility. Every department should designate a data steward—someone accountable for managing permissions, reviewing access logs, and enforcing policies.

This clear ownership ensures that sensitive data doesn’t slip through the cracks and that questions can be addressed quickly.

Expire and Log Access

Finally, organizations should implement expiring access and robust logging. If an intern or contractor requires temporary permissions, set an expiration date rather than leaving access open indefinitely.

Detailed audit trails help track who accessed what and when, so if something looks suspicious, you can respond quickly.

Evaluating Your Business’s AI Readiness

Step 1: Map Your Data and Workflows

You can’t protect what you don’t know exists. Start by inventorying where all your data lives: cloud drives, databases, SaaS apps, and local servers. Document how information moves between systems and departments.

This exercise helps create your baseline for AI readiness and identify potential gaps.

Step 2: Assess Your Current Access Controls

Review your current security posture. Are you enforcing least privilege today, or does everyone have access to everything? Identify areas where permissions are too broad and flag them for remediation.

This step is crucial because AI tools inherit whatever access your environment allows.

Step 3: Establish AI Usage Policies

Without clear policies, employees will make their own decisions about which AI tools to use and how to utilize them.

That’s risky.

Define clear guidelines—policies set guardrails that protect your business:

  • Which AI platforms are approved?
  • What types of data can be input into AI systems?
  • What data must remain confidential?

Step 4: Train and Prepare Your Team

As Jason Fenoglio emphasized, “People are a huge part of readiness. Even the best tools fail without awareness and buy-in.”

Offer training that explains AI’s capabilities, potential risks, and best practices. When employees understand the “why,” they’re more likely to adopt safe behaviors.

Step 5: Perform an AI Readiness Audit

Consider partnering with a managed IT services provider to conduct an AI-focused risk assessment or security audit. This audit should include simulated breaches (penetration testing) and reviews of policies and controls to help ensure the effectiveness of security measures.

An audit highlights weaknesses before they become real threats and demonstrates to leadership that your organization is taking proactive steps.

We Make Things Easier.

As Andrew Kon closed the session, he reminded attendees that “Preparing for AI doesn’t mean you have to do it alone.”

With over 40 years of experience, High Touch Technologies supports businesses through every stage of their technology journey, from cybersecurity assessments to managed IT services and strategic planning.

AI isn’t just a trend—the businesses that act now will lead their industries tomorrow. If you’re ready to strengthen your cybersecurity, improve data governance, and ensure your team is prepared for the future of AI, High Touch Technologies is here to help.

Contact us today to learn how our managed IT services, cybersecurity solutions, and consulting can transform your business.

Related Pages

Related Blogs

Categories

Categories and Tags:

Categories: IT Solutions, Products & Services, Securing Your BusinessTags: , , , , , , , , ,