Digital Workplace Report 2024/01

AI chatbots use stochastic processes to generate answers that best match the query posed. The basis for this is the "knowledge" acquired during training. Training aims to process existing data and recognize patterns, such as the continuation of sentences, using various learning methods. A major advantage of AI tools is their speed: while humans often have to painstakingly compile information from various sources, AIs such as ChatGPT-4 and Bing Search sift through huge amounts of data in a matter of seconds.

An AI's ability to learn from the information it finds and from the user's individual prompt design is impressive. As a result, AI-generated text, code, and images are constantly improving. As an indication of AI's ability to learn, Finnish psychologist Eka Roivainen gave ChatGPT an IQ test, which it passed with flying colors. The result: OpenAI's chatbot currently has an IQ of 155, although some critics question the comparability of these results. It is estimated that Albert Einstein's IQ was only slightly higher, at around 160-180.

The apparent biases and reliance on stereotypes of many AI chatbots is concerning from an ethical perspective. OpenAI even acknowledges that its AI "hallucinates" answers that are misleading or even the opposite of the truth. In addition, many AIs are trained on outdated data and sources of information that may be factually incorrect. Those "polluted" data sources are usually unidentifiable and cannot be verified, which compromises the quality of the AI's responses. It's not possible to identify how an original source for an AI's response evaluates facts or how one-sided the original text is. Copyright is often unclear, which can lead to legal problems.

So it's extremely important not to accept AI-generated texts without careful consideration and to check them editorially before publication.

1. Be clear

The basic rule of prompting is that the clearer the prompt, the better the result. Accordingly, you should use clear sentences or questions, while avoiding complex sentences and dialects.

This doesn't mean that you should skimp on context. On the contrary, to get precise answers from AI tools, it helps to formulate several short sentences. Use keywords and give the AI examples and guidelines that are as clear as possible.

Specifying the following factors will help:

• Medium: Where will the text be published?
• Format: Is it a press release, an email, social media content, etc.?
• Style: Should the text be written in a witty, formal, casual, or other style?
• Target audience: Who will be reading the text? Are they professionals, non-specialists, teenagers, or other target groups?
• Context: What background information and data is available?
• Purpose: Is the text intended to entertain, inform, or persuade?
• Form: How long will the text be? How many sections, headings, tables, etc. should be included?

2. Chain prompts for complex tasks

Use "chain prompting" to break large tasks into multiple sections. This makes it easier for the AI to achieve a result that is more specific to you and your topic.

For example, a prompt chain might look like this:

• Prompt #1: Describe the optimal structure of a promotional newsletter for service XYZ. Field: Email marketing. Target audience: PR & Marketing.
• Prompt #2: What wording should I avoid in relation to the target audience?
• Prompt #3: What headlines attract attention? Give me five examples.
• Prompt #4: Where do I best place the call to action? Give me five examples of CTAs.
• Prompt #5: Please create a text based on the key points. 700 to 800 words. Four paragraphs. Style: Formal. Target audience: Marketing and PR.

If you want the AI to create a text using chain prompting, first ask for the structure of the text. The second step is to formulate a few key points, which you then specify as the basic structure for the text.

3. Chain of thought prompting

"Chain of thought prompting" makes it possible to understand the approach of AI tools, at least to some extent. By giving instructions such as "Explain to me step by step how you arrived at the result" or "... why you chose these five headings", you can instruct the tool to list a comprehensible chain of reasoning. The results of chain-of-thought prompts are often more sophisticated than normal prompts. 

4. Restart the chat

There are both pros and cons to entering many prompts on a topic, and the chat getting longer and longer as a result. On the positive side, the AI will base its search and elaboration on the chat history, making it more targeted. On the other hand, if the chat history is too detailed and/or the beginning of the chat is no longer provided as context, there's a risk that the chatbot will mix old and new requests.

AIs operate in a limited context, which can lead to meaningless or repetitive results. In the case of chain prompting, this can lead to a rapid deterioration in the quality of the results, as essential information is dropped from the context. It's therefore advisable to restart the chat from time to time.

5. Allow it to think

Let the AI come up with solutions on its own, rather than giving the supposedly correct answer directly in the prompt. This encourages more creative and varied results. For example, instead of asking whether a certain fact is correct by writing the result in the prompt, let the AI first work out its own solution and then compare it with the supposedly correct answer.

6. Check for completeness

Large sources can lead to incomplete answers. For example, if you ask the AI to list excerpts from such a source that are relevant to a particular question, the model may stop too early and not list all the relevant excerpts. After listing each excerpt, the model must decide whether to start writing another excerpt or stop the process. For large source documents, you can often achieve better performance by instructing the model with follow-up queries to find any extracts that were missed in previous runs.

7. Write prompts in English

Keep in mind that the number of English language information sources is much larger than the number of other language texts. ChatGPT is mainly trained with English data. Submitting English prompts will usually lead to better results. The generated content can then be translated with the next prompt or, for example, with DeepL. Alternatively, you can hire a professional to do the translation.

Sensitive company data does not belong in a prompt of a GPT language model. On the one hand, this is due to the fact that common AI chatbots cannot guarantee 100% data security. On the other hand, there is a possibility that some voice models may re-use the entered data for other purposes. Therefore, pay special attention to the terms of service. Although the data entered isn't visible to other users, it can be viewed by the company providing the AI.

A good practice is to replace sensitive data with wildcards. For example, use "customer XYZ" or fictitious numbers for sensitive financial data. You should also make sure that the data cannot be deduced from the context. Change not only the customer name, but also the industry, region, products, and/or other details.

Depending on whether you're using AI tools for text generation and research, or whether you're using Midjourney to generate images, the prompts need to be formulated properly.

• With Midjourney, basic prompts usually give the best results. Chatbots like Bing Chat, Google Bard or ChatGPT can often handle longer and more complex input better. However, Midjourney's prompt design also works with additional parameters such as URLs to sample images, text content and/or emoticons. These additional inputs have a direct influence on the image design.
• Midjourney is controlled by commands to a Discord bot. To generate a new image, the command “/imagine” is used, followed by the actual prompt. This command recognition isn't required for other AI tools.
• Instead of text commands, you can also use image commands to generate images. So Midjourney also works as an image-to-image generator.
• It's more effective to describe what you want to see than what you don't want to see. For example, if you type "wedding party without cake" as a prompt, an image of a wedding party with a cake will probably be created. You should avoid such negative information in Midjourney prompts altogether, or use the "--no" parameter to exclude certain content.
• You can also specify the aspect ratio by adding "--ar" after the text command. Otherwise Midjourney creates images in a square 1:1 ratio by default.
• You can use the “multi-prompts” function to give different elements in your image different weights. This is especially useful for words that are strung together and separated by colons (::).
• While ChatGPT & co. work well with other languages, in Midjourney you'll get the best results with English prompts. If you write Midjourney prompts in another language, use keywords

AI tools already make work much easier in many areas, and this is just the beginning. Experts predict that artificial intelligence will have a learning curve that we cannot imagine in terms of time and scope. Even so, we still provide the learning material for AIs - everything we've put online so far and will continue to do in the future. And with every prompt we write!

At first glance, using an AI like ChatGPT may seem simple. However, the best results are achieved when you take a closer look at the design of the prompts. You'll certainly learn a lot from trial and error. But some basic principles for effective prompt engineering will help you get the desired result faster.

Finally, we emphasize one of the most important rules when working with AI tools: post-processing is key! Read and double-check everything the AI shows you. Cross-check and fact-check. Ideally, professional copywriters and/or translators should proofread the texts before you use or publish them.

We then wanted to optimize the presentation. The image on the second slide didn’t meet our expectations, so we asked Copilot to replace it. This was no problem.

“Change the image on this slide”

We also asked Copilot to create a slide with additional sources of information.

"Insert a slide with additional resources"

However, Copilot informed us that it couldn’t yet comply with this prompt. That’s surprising since Copilot should have access to all files that the logged-in user account can access via the Microsoft Graph.

Overall, Copilot’s support in PowerPoint is still quite limited. Only in the first use case (creating a new presentation on a generic topic) did Copilot prove helpful and save us a time-consuming internet search. And bear in mind, always exercise caution exercised regarding the completeness and accuracy of the information Copilot serves up – and indeed, any AI .

We tested other data queries as well:

“Bold the top 10 values in ‘Pro Rata (Gross)’”

"Show only non-project expenses"

Copilot easily handled simple analysis and sorting tasks. This is especially useful for people who don’t use Excel regularly and have only basic Excel skills.

We wanted to learn more about our data and asked Copilot for insights. The results were first displayed in the chat bar and could be pasted into a new worksheet using a prompt.

“Insights for net amount”

“Can I see another insight?”

“Add all insights to grid”

The results provided a good overview of the data. Copilot is especially helpful for this task if you have only basic Excel skills or aren’t a data analyst.

“Make a graphical overview of the most important figures (both valuation and operational)”

Copilot gave us country-specific results, which was acceptable because the prompt left a lot of room for interpretation. Again, the result was displayed in the chat bar and could be transferred to a new worksheet with a single click. Copilot provided a clear summary of the most important data.

“Add to a new sheet”

Copilot easily added the results to a new sheet.

However, when asked for more complex analyses, in our case for a specific valuation range, Copilot couldn’t provide answers.

“What would be a valuation range (Enterprise value) for a comparable company that has a sales growth of 10% annually until 2025, an EBITDA of €100m with a margin of 50%?”

“How can the multiples be best explained given the operational statistics?”

Copilot didn’t provide an appropriate result for this task either. Instead, the AI gave us the same result as in the first use case.

Finally, we asked Copilot for statistics for certain KPIs. Here, the AI couldn’t find any matches, couldn’t calculate the data from the table, and therefore couldn’t present a result. To be fair, this last use case was really complex and difficult.

“Create operational statistics: Sales, EBITDA, CAPEX | Sales growth, EBIT growth, EBITDA growth | EBIT margin T, EBIT margin T+1, EBIDTA margin T, EBIDTA margin T+1”

We provided Copilot with a PowerPoint presentation and a Word document to create a document based on the presentation.

The content of the document Copilot produced is very good and detailed. The information was presented correctly and in a structured way, including (sub)headings, bullets, and tables. Copilot followed the presentation closely. In addition, Copilot has taken other content from the Internet, but marked it accordingly.

Unfortunately, the transfer of the design we provided as a Word document didn’t work. Despite the impressive results in terms of content and time saved, its practical application is limited due to the extra formatting required.

Since Copilot hadn’t adopted the design in the previous use case, we took it a step further. We gave Copilot specific guidelines regarding our corporate design that it should use to format the Word document. Those guidelines included information about fonts and font sizes for the headings.

“Format the document using the heading and text styles defined in this Word template C:\Users\mvsmq\OneDriveDesktop\BasicBrandGuidelines.docx”

Instead of implementing the instruction, Copilot pointed us to the Effects feature of Microsoft Word. As we discovered with PowerPoint, Copilot doesn’t yet seem able to format documents or presentations in a brand-compliant manner.

Almost every company uses certain customized spellings, especially for products and services. At empower®, for example, this includes the ® symbol after the product name “empower”. We instructed Copilot to take this into account.

"Always write the word empower with a ‘®‘, like this: empower®"

But even the customized prompt didn’t produce the desired result. Copilot gave us a hint on how to proceed and pointed us to the “Replace” feature. That was actually helpful in this specific example, even though our overall expectations were higher. Unfortunately, this isn’t useful in every use case.

The results of this test surprised us because ChatGPT, on which Copilot is based, normally handles such requests.

In the fourth use case, we asked Copilot to paraphrase a text. This doesn’t require a prompt, as Copilot offers a paraphrase function automatically.

For paraphrasing, the interface is very intuitive and user-friendly. It allows you to completely replace your own text with the rewritten version, generate a new text, or insert the new text under the old one. The clear display of the texts one below the other ensures easy review. This corresponds to the comfort and quality we expected from ChatGPT.

Overall, however, our Copilot didn’t meet our expectations in Word. While simple tasks such as creating or rephrasing texts worked well, more specific formatting and wording requirements failed.

Copilot provides the “Summary by Copilot” feature built into Outlook to summarize long email threads.

When we tested it, the summary created by Copilot gave a good overview of the email thread and also included brief information about the people involved. The summary was in German, since the emails were written in German. 

However, it’s questionable whether any summary can replace reading the individual emails in the thread, as there’s no guarantee of completeness and accuracy. Nevertheless, this feature is potentially useful, especially for people who work in large companies and are often involved in long email threads.

In the second use case, there was no need to enter a prompt because Copilot already provided the ability to compose an email. We wanted to make our email more promotional.

The result was impressive. Copilot wrote a well-structured email that met our expectations.

In this test, we asked Copilot to generate a new email based on the content of a website, namely the Wikipedia entry on Microsoft 365 Copilot. It gave us a draft email that provided a comprehensive overview of Copilot and a solid basis for further work.

“Draft a new email describing the content from https://en.wikipedia.org/wiki/Microsoft_Copilot”

Instead of writing a new email ourselves, we instructed Copilot to reply to a specific email in the next step.

“Draft an answer in English telling my colleague about advantages of their new product called Microsoft Copilot”

The generated email was an excellent starting point, but it wasn’t ready to send. In this instance, Copilot focused on coding and software development, which didn’t totally answer the brief. However, we were generally satisfied with the result and only slightly adjusted the email and added an additional paragraph. That experience highlights how important it is to carefully examine anything Copilot provides.

Overall, Copilot in Outlook is a competent assistant that helps us summarize and respond to emails.

Wouldn’t it be handy to automatically create a presentation from this Teams summary? We tested this as well.

“Create a PowerPoint presentation that contains the information from your summary”

Unfortunately, Copilot couldn’t comply with our request. However, the answer it gave clearly explains why and clarifies what Copilot currently does and doesn’t do.

What about the ability to reply to a chat message?

“This chat is about the climate change. Write an answer in which you identify the main challenges in dealing with climate change”

This was just as easy in Teams as it was in Outlook. Copilot’s reply to the previous message also appeared on the right side of the chat bar. This is helpful, as there’s no risk of accidentally sending the unreviewed message directly. Interestingly, there was no copy and paste button, so the message had to be copied manually. However, the content of the message was detailed and satisfactory.

Extracting tasks from a Teams conversation was also featured in Microsoft’s marketing video. We tested this feature as well.

“Which tasks do I have?”

When based on a simple chat history, Copilot answered the question without any problems. We also ran the test with more complex chat histories and meetings and were satisfied with the results. But there’s no guarantee that Copilot will actually list all the tasks that need to be done when it reviews a chat history.

We did this test not only in English, but also in German. Unfortunately, the summary didn’t work in German, neither in this use case nor in the simpler chat process before.

Similar to Outlook, Copilot works well in Teams to help you reply to messages and keep track of chats and the tasks that result from them.

Cyber security isn’t just about computer systems and networks. Users of these technologies  are at least as important. Social engineering allows perpetrators to target the human factor as the perceived weakest link in the security chain. According to the European Union Agency for Cyber Security, a whopping 82% of all data breaches in 2022 succeeded due to social engineering.

When advanced software, firewalls, and virus scanners fail, cyber criminals try alternative methods to get users to install malware or reveal sensitive information such as passwords.

Similar to doorstep scams, cyber criminals rely on pretending to have a personal relationship with the victim or luring them in with the promise of a prize. There are many variations of this approach, known as phishing. In some cases, indirect contact is even made through friends of the actual victim. Social engineering cleverly exploits human traits such as helpfulness, trust, fear, or a sense of authority to manipulate people.

Cyber criminals use social engineering to trick victims into revealing confidential information, bypassing security, transferring money, or installing malware on personal devices or computers on the corporate network.

Social engineering is nothing new and has been the basis of scams since time immemorial. But in the age of digital communication, criminals have new, highly effective ways to reach millions of potential victims.

Probably the best known form of social engineering is phishing. Cleverly crafted emails often look deceptively real and are designed to trick people into clicking on a link in the email. On the fake website that opens, the user enters credentials that are intercepted by the attackers.

In addition to the mass sending of phishing emails, a more precise variant of this method, known as spear phishing, is increasingly effective. Here, emails are specifically tailored to small groups or individuals after prior research, which significantly increases the "hit rate".

Another sophisticated variant is CEO fraud, in which criminals attempt to manipulate decision-makers or employees in companies who are authorized to make payments. They pretend to be acting on behalf of the company's top management and attempt to initiate what they claim to be urgent transfers of large sums of money.

Recognizing phishing emails requires vigilance. Employee awareness training is essential to stay ahead of the ever-evolving scams and ensure data security.

There are clues that characterize fraudulent emails. These are almost identical in the personal and business environments.

Emails with incorrect language are the easiest to spot. Often they aren’t crafted in the target language, but the email is a translation from the original language via an automatic translation service – the result of a machine translation often sounds strange or even incorrect. Other signs of such emails can be punctuation errors or the absence of umlauts. But beware: the increasing use of artificial intelligence and ever-improving machine translation accuracy, such errors either won't occur at all or only very rarely in the future.

Emails in foreign languages are also suspicious. German banks or organizations, for example, usually communicate in German. If you get an email supposedly from your bank in a different language, it's likely a scam.

Legitimate senders, such as your bank or online payment services, will always address you by name in emails and will never use generic salutations such as "Dear customer" or "Dear user". But be careful: phishers often have access to your name and use it to address you personally.

If you receive an email asking you to act quickly or within a short period of time, you should also be suspicious - especially if the request is accompanied by a threat, such as an announcement that your credit card or online access will be blocked.

You may be asked to enter personal information such as PIN, TAN, or password. Financial institutions never request personal information by phone or e-mail. This is one of the most important security rules.

An increasing number of phishing emails ask you to open a file that is either attached to the email or available for download via a link. If you receive an unexpected email, don't download or open such a file. They usually hide a malicious program, such as a virus or Trojan horse. Always be suspicious of emails that contain a file attachment.

Only in exceptional cases do banks and other service providers send you emails with links that you are asked to click. They may email you to notify you of new terms and conditions, but never to ask you to log in to your account. It's better to visit the website yourself by typing the address directly into your browser's address bar.

Do you receive emails from a bank that doesn't normally send you emails or may not know your email address? Or are you being contacted by other service providers, online stores, or companies with whom you have no existing relationship? In these cases, you should delete those emails - but only if the scam is clear. However, if you've already clicked on a link or opened an attachment that may have infected you with a Trojan, you shouldn't delete the email as it is important evidence.

Some phishing emails are very well crafted. The sender's email address looks trustworthy, the link in the body looks trustworthy, and the language is correct. However, don't automatically assume that the email is authentic. Sender information and links in emails can be easily forged or even spoofed with look-alike characters like using a Russian Cyrillic symbol instead of a Western character. Careful checking is essential.

Tip for internal company email: Use the "sender check" with the Teams status if you use Microsoft Teams. If the status is missing from a supposedly internal email, you can assume it's invalid. But even if the email contains this information, it's not necessarily 100% safe. Double check with the sender via Teams chat instead of return email to be sure.

Special attention is required if the destination of a link in the email doesn't match the displayed text. The link destination is displayed by hovering the mouse over the link. The actual destination is then displayed in a pop-up window.

Identifying the destination domain is crucial. To do this, analyze the components of the domain, i.e. everything between the protocol handler (https) and the first slash. What comes before and after the last period is particularly relevant: the domain name and the top-level domain.

If the link can be uniquely associated with the organization from which the email originated, the link is likely to be secure.

Determining the domain owner 

If the link domain doesn’t clearly match the originating domain, tools such as who.is can be used to determine the true owner of the domain. Unfortunately, this isn’t possible for all top-level domains. For example, .eu domains can only be queried through their central registry. However, who.is usually provides information on where else the owner can be queried.

If the owner and the originating domain match, it's safe to open the link. If they don't, proceed with caution. When in doubt, contact the sender by phone, consult your company's internal contact person, or follow ISO guidelines.

External link check

If you’re still unsure after all the previous checks, perform an external malware and reputation check using tools such as the VirusTotal URL Checker. It's important to use the full URL and not just the domain. However, this tool should be used with caution as links may contain confidential information.

As a general rule, no technical protection measure is 100% secure.

The effectiveness of IT security is only as good as the people who operate the systems. Therefore, people should not be viewed as a potential security vulnerability, but as a shield against cyber attacks. More and more companies realize that IT security cannot be achieved through technical measures alone. Training personnel also plays an important role in protecting against cyber attacks. People aren't just part of the problem, they're also part of the solution. IT security affects every employee and every department in the organization.

Rapid detection of cyber attacks or social engineering attempts can prevent significant economic and intangible damage. Promoting appropriate awareness of the problem and security issues, as well as regular training, are therefore crucial preventive measures to strengthen the "human security factor".