Photo Credit: Pexels

Keeping Your Company’s Data under Control, Wherever It Is

By Dave Warner, Systems Engineer at Cenetric

Governing access to your organization’s data is more important these days than ever before — for your customers and your business. 

Beyond the security issues brought about by using your company data with AI, working with contractors or other third parties can present challenges as well. In IBM’s Cost of a Data Breach 2025 study, compromise from third-party vendors was the No. 2 cause of data breaches and the second-most costly type of breach. It also took the longest to resolve of all breach types. 

The study points out that attacks via third parties are difficult to detect because they’re enforced by the trust you have with vendors like freelancers and consultants. But it’s just too easy for a third party to become compromised and put your own organization’s data in danger too.

Protecting data as you work with outside businesses

Microsoft Purview is a data governance program we recommend to help control your information and how it’s used inside and outside your organization. 

• Data: Purview’s sensitivity labels are a great way to protect your business data from people who shouldn’t have it while also still giving your third-party vendors the information they need to work with you effectively. It lets you mark files and emails with various permission levels in SharePoint and even extend the protection when files are downloaded by others. So even when files aren’t behind your firewall, they’re protected.
• Sharing: Purview’s data loss prevention functionality detects, monitors and protects sensitive items across Microsoft 365 services and endpoints from being accessed when they shouldn’t. This helps enforce policies for sensitive data such as financial records, health information, or intellectual property — a must for compliance.
• AI use: Purview can monitor for and detect AI use in browsers and warn or block users from sharing sensitive information on third-party generative AI sites. Many companies provide authorized AI tools but find employees still try to use AI tools outside their systems. Purview can help prevent unauthorized use.

Managing AI use inside and outside your organization

That’s especially important because IBM’s study reports that security incidents involving shadow AI (unauthorized or unknown use of AI by employees) accounted for 20% of data breaches. Putting your company’s data — whether it’s done by employees or third parties — in unapproved generative AI tools can spell disaster for your business. 

Most organizations don’t have a strong policy set up for how employees or third parties can or should use AI — 63% said they don’t have governance policies in place to manage AI

or detect shadow AI.  Setting out firm rules, monitoring AI use with tools like Microsoft Purview, and enforcing the same guidelines with your vendors and contractors goes a long way toward protecting your business.

Let Cenetric help you safely share information with third parties

Every business needs to work with outside contractors or freelancers at some point, and learning how to share data with them safely should be a priority. The team at Cenetric understands how to help you give third parties what they need to do the work you require — with less risk for data breaches or misuse — and put the right use policies in place.

If you’re not sure how to set and enforce policies around data sharing and AI inside and outside your business, rest easy. Our pros can help you make sense of it all and choose the right options. Tell us about your challenges and we’ll get to work.