- Chapter I.1: AI tools & Generative AI
- Chapter I.2: Effective prompt design
- Chapter II.1 Microsoft 365 Copilot in PowerPoint
- Chapter II.2 Brand consistency in a presentation
- Chapter III.1 Microsoft 365 Copilot in Excel
- Chapter III.2 Complex Excel Models
- Chapter IV Microsoft 365 Copilot in Word
- Chapter V Microsoft 365 Copilot in Outlook
- Chapter VI Microsoft 365 Copilot in Teams
- Chapter VII Cyber threats
- Chapter VIII Web applications on the rise
Prompt engineering: better results with ChatGPT & Co.
AI-based tools for creating text or images are the latest development in the digital revolution. Generative AIs such as ChatGPT, Google Bard, Microsoft Bing Chat, and Midjourney already simplify many aspects of everyday office life. Thanks to AI, you can write text, create images, and develop code in the blink of an eye. So what are we waiting for? Let's get started!
But it's not that simple, at least not if you want to get reliable results.
With so many tools and options available, it's important to master the basics. After all, the quality of results depends largely on the prompts. There are some simple but effective tricks that can help you get what you want faster. In this article, you'll find out what these tricks are and what you should keep in mind when using AI tools.
Top AI tools at a glance
ChatGPT
OpenAI's ChatGPT plays a pioneering role in the field of AI text generators and is the market leader in this field (at least as of 2024). Like all AI-based text generators, this chatbot is based on a pre-trained GPT (Generative Pre-trained Transformer) language model. While ChatGPT-3.5 relies on a database that only goes back to 2021, GPT-4 allows access to current data. ChatGPT version 3.5 is free to use, but the number of prompts that can be used every three hours is limited to 50. ChatGPT-4 is available for a fee.
Google Bard
Google's competitor to ChatGPT - Google Bard - is another AI chatbot that can generate all kinds of text. The main difference is that Google Bard uses up-to-date databases.
Microsoft Bing Chat
Microsoft Bing Chat can be accessed and used directly from the Edge browser. This is also a GPT speech model. Bing accesses the Internet in real time to research data. Of particular interest to those who use Microsoft products is that Bing can access all of a user's Microsoft applications.
Midjourney
Midjourney is a generative AI model that creates images based on a variety of training data. Midjourney is controlled by commands to a Discord bot. It synthesizes images in response to a text prompt, as is the case with text-to-text AIs.
How generative AI works
AI chatbots use stochastic processes to generate answers that best match the query posed. The basis for this is the "knowledge" acquired during training. Training aims to process existing data and recognize patterns, such as the continuation of sentences, using various learning methods. A major advantage of AI tools is their speed: while humans often have to painstakingly compile information from various sources, AIs such as ChatGPT-4 and Bing Search sift through huge amounts of data in a matter of seconds.
An AI's ability to learn from the information it finds and from the user's individual prompt design is impressive. As a result, AI-generated text, code, and images are constantly improving. As an indication of AI's ability to learn, Finnish psychologist Eka Roivainen gave ChatGPT an IQ test, which it passed with flying colors. The result: OpenAI's chatbot currently has an IQ of 155, although some critics question the comparability of these results. It is estimated that Albert Einstein's IQ was only slightly higher, at around 160-180.
The apparent biases and reliance on stereotypes of many AI chatbots is concerning from an ethical perspective. OpenAI even acknowledges that its AI "hallucinates" answers that are misleading or even the opposite of the truth. In addition, many AIs are trained on outdated data and sources of information that may be factually incorrect. Those "polluted" data sources are usually unidentifiable and cannot be verified, which compromises the quality of the AI's responses. It's not possible to identify how an original source for an AI's response evaluates facts or how one-sided the original text is. Copyright is often unclear, which can lead to legal problems.
So it's extremely important not to accept AI-generated texts without careful consideration and to check them editorially before publication.
1. Be clear
The basic rule of prompting is that the clearer the prompt, the better the result. Accordingly, you should use clear sentences or questions, while avoiding complex sentences and dialects.
This doesn't mean that you should skimp on context. On the contrary, to get precise answers from AI tools, it helps to formulate several short sentences. Use keywords and give the AI examples and guidelines that are as clear as possible.

Specifying the following factors will help:
- Medium: Where will the text be published?
- Format: Is it a press release, an email, social media content, etc.?
- Style: Should the text be written in a witty, formal, casual, or other style?
- Target audience: Who will be reading the text? Are they professionals, non-specialists, teenagers, or other target groups?
- Context: What background information and data is available?
- Purpose: Is the text intended to entertain, inform, or persuade?
- Form: How long will the text be? How many sections, headings, tables, etc. should be included?
2. Chain prompts for complex tasks
Use "chain prompting" to break large tasks into multiple sections. This makes it easier for the AI to achieve a result that is more specific to you and your topic.
For example, a prompt chain might look like this:
- Prompt #1: Describe the optimal structure of a promotional newsletter for service XYZ. Field: Email marketing. Target audience: PR & Marketing.
- Prompt #2: What wording should I avoid in relation to the target audience?
- Prompt #3: What headlines attract attention? Give me five examples.
- Prompt #4: Where do I best place the call to action? Give me five examples of CTAs.
- Prompt #5: Please create a text based on the key points. 700 to 800 words. Four paragraphs. Style: Formal. Target audience: Marketing and PR.
If you want the AI to create a text using chain prompting, first ask for the structure of the text. The second step is to formulate a few key points, which you then specify as the basic structure for the text.
3. Chain of thought prompting
"Chain of thought prompting" makes it possible to understand the approach of AI tools, at least to some extent. By giving instructions such as "Explain to me step by step how you arrived at the result" or "... why you chose these five headings", you can instruct the tool to list a comprehensible chain of reasoning. The results of chain-of-thought prompts are often more sophisticated than normal prompts.
4. Restart the chat
There are both pros and cons to entering many prompts on a topic, and the chat getting longer and longer as a result. On the positive side, the AI will base its search and elaboration on the chat history, making it more targeted. On the other hand, if the chat history is too detailed and/or the beginning of the chat is no longer provided as context, there's a risk that the chatbot will mix old and new requests.
AIs operate in a limited context, which can lead to meaningless or repetitive results. In the case of chain prompting, this can lead to a rapid deterioration in the quality of the results, as essential information is dropped from the context. It's therefore advisable to restart the chat from time to time.
5. Allow it to think
Let the AI come up with solutions on its own, rather than giving the supposedly correct answer directly in the prompt. This encourages more creative and varied results. For example, instead of asking whether a certain fact is correct by writing the result in the prompt, let the AI first work out its own solution and then compare it with the supposedly correct answer.
6. Check for completeness
Large sources can lead to incomplete answers. For example, if you ask the AI to list excerpts from such a source that are relevant to a particular question, the model may stop too early and not list all the relevant excerpts. After listing each excerpt, the model must decide whether to start writing another excerpt or stop the process. For large source documents, you can often achieve better performance by instructing the model with follow-up queries to find any extracts that were missed in previous runs.
7. Write prompts in English
Keep in mind that the number of English language information sources is much larger than the number of other language texts. ChatGPT is mainly trained with English data. Submitting English prompts will usually lead to better results. The generated content can then be translated with the next prompt or, for example, with DeepL. Alternatively, you can hire a professional to do the translation.
Pay attention to privacy
Sensitive company data does not belong in a prompt of a GPT language model. On the one hand, this is due to the fact that common AI chatbots cannot guarantee 100% data security. On the other hand, there is a possibility that some voice models may re-use the entered data for other purposes. Therefore, pay special attention to the terms of service. Although the data entered isn't visible to other users, it can be viewed by the company providing the AI.
A good practice is to replace sensitive data with wildcards. For example, use "customer XYZ" or fictitious numbers for sensitive financial data. You should also make sure that the data cannot be deduced from the context. Change not only the customer name, but also the industry, region, products, and/or other details.

Adapting prompts for AI using Midjourney as an example
Depending on whether you're using AI tools for text generation and research, or whether you're using Midjourney to generate images, the prompts need to be formulated properly.
- With Midjourney, basic prompts usually give the best results. Chatbots like Bing Chat, Google Bard or ChatGPT can often handle longer and more complex input better. However, Midjourney's prompt design also works with additional parameters such as URLs to sample images, text content and/or emoticons. These additional inputs have a direct influence on the image design.
- Midjourney is controlled by commands to a Discord bot. To generate a new image, the command “/imagine” is used, followed by the actual prompt. This command recognition isn't required for other AI tools.
- Instead of text commands, you can also use image commands to generate images. So Midjourney also works as an image-to-image generator.
- It's more effective to describe what you want to see than what you don't want to see. For example, if you type "wedding party without cake" as a prompt, an image of a wedding party with a cake will probably be created. You should avoid such negative information in Midjourney prompts altogether, or use the "--no" parameter to exclude certain content.
- You can also specify the aspect ratio by adding "--ar" after the text command. Otherwise Midjourney creates images in a square 1:1 ratio by default.
- You can use the “multi-prompts” function to give different elements in your image different weights. This is especially useful for words that are strung together and separated by colons (::).
- While ChatGPT & co. work well with other languages, in Midjourney you'll get the best results with English prompts. If you write Midjourney prompts in another language, use keywords
Conclusion
AI tools already make work much easier in many areas, and this is just the beginning. Experts predict that artificial intelligence will have a learning curve that we cannot imagine in terms of time and scope. Even so, we still provide the learning material for AIs - everything we've put online so far and will continue to do in the future. And with every prompt we write!
At first glance, using an AI like ChatGPT may seem simple. However, the best results are achieved when you take a closer look at the design of the prompts. You'll certainly learn a lot from trial and error. But some basic principles for effective prompt engineering will help you get the desired result faster.
Finally, we emphasize one of the most important rules when working with AI tools: post-processing is key! Read and double-check everything the AI shows you. Cross-check and fact-check. Ideally, professional copywriters and/or translators should proofread the texts before you use or publish them.
Microsoft 365 Copilot, a generative AI integrated into Microsoft applications, promises a wide range of functions across the MS Office application suite. Depending on the Office application, Copilot can create documents and pre- sentations, summarize meeting notes, perform analytics, and much more with a single click – at least if you believe Microsoft’s claims.
The test framework
Ten empower employees spent a month testing Microsoft 365 Copilot. They tested numerous features, both according to the use cases communicated by Microsoft and on the basis
of company-specific requirements.
In this report, we present the test results for the five most pro- minent applications: Word, PowerPoint, Excel, Teams, and Outlook. Each task was accomplished by typing an appro- priate command into a chat window, also known as a prompt. You’ll see how we formulated the prompts in detail and how well or poorly Copilot responded to them.
First, an important note: for this test, we used the first released version of Copilot from November 2023. This is important because we can expect regular updates in the future, which should improve Copilot continuously.
Supporting content
Copilot in PowerPoint
We started our test with a common PowerPoint use case: we wanted Copilot to create a presentation on a specific topic. In our case, we chose carbon neutrality.
A new presentation based on a specific topic
“Create a new presentation about carbon neutrality”





The presentation took some time to create, but the result is impressive. It’s well structured and contains all the essential elements. Copilot independently researched the information it needed. The presentation provides a solid foundation to build on.
We then wanted to optimize the presentation. The image on the second slide didn’t meet our expectations, so we asked Copilot to replace it. This was no problem.
“Change the image on this slide”

We also asked Copilot to create a slide with additional sources of information.
"Insert a slide with additional resources"

When it comes to creating a simple presentation on general topics in a standard design, Copilot in PowerPoint proved to be extremely useful and took over much of the research work. In principle, Copilot can access other data sources, such as the Internet and Microsoft Graph, and thus generate information not solely from the AI model itself. That’s a step forward compared to other AI chatbots, for example, ChatGPT (in the version available at the time of testing). Note, however, that there’s no guarantee that the information provided is correct.
We’ll see later if this use case is also suitable for presentations with company data in the corporate design.
Translating a slide into another language
How helpful is Copilot for translating PowerPoint slides? We tested it and requested a Spanish translation.
“Translate this slide into Spanish”


There’s nothing wrong with the quality of the translation text. However, Copilot only translated the body text and inserted the translation into both the text placeholder and the title placeholder. The title wasn’t translated, but overwritten with the body text. The notes on the slides also weren’t translated. We tested the process several times and had the same experience each time.
A standard use case for ChatGPT still seems to be a challenge for Copilot in PowerPoint, especially when it comes to correctly assigning the translations to the corresponding slide content. In our test, Copilot proved to be less reliable here.
Since we, like most companies, strive for brand-compliant communication, we asked Copilot to help us prepare the presentation accordingly. We requested the use of our corporate font.
“Change the font type in all titles of the presentation to Segoe UI Semibold and all body text on the slides to Segoe UI”
The results were mixed:



We ran this test several times and came up with the same result. While Copilot did a good job on some slides, there were shortcomings on others. In some cases, Copilot changed the title, as shown in the figure, but not the text. It’s wasn’t immediately obvious which text elements Copilot changed and which it didn’t.
At this time, Copilot isn’t a reliable solution for ensuring brand compliance in PowerPoint, even when using very precise prompts. After using Copilot, each slide needs to be checked individually and adjusted if necessary.
Inserting a slide from another file
In everyday business, it’s common to reuse content from existing presentations in new presentations. We asked Copilot to insert a slide from another presentation, indicating exactly where the slide was located.
“Please include a new slide. The Merck reference from this document…”
However, Copilot informed us that it couldn’t yet comply with this prompt. That’s surprising since Copilot should have access to all files that the logged-in user account can access via the Microsoft Graph.
Overall, Copilot’s support in PowerPoint is still quite limited. Only in the first use case (creating a new presentation on a generic topic) did Copilot prove helpful and save us a time-consuming internet search. And bear in mind, always exercise caution exercised regarding the completeness and accuracy of the information Copilot serves up – and indeed, any AI .

We feel that Copilot is most useful to create a new presentation from scratch, benefiting casual users like students or anyone who needs a draft to start out from. In our testing it proved less relevant in professional scenarios where experts create presentation content and the end user’s effort focuses mainly on cumbersome formatting.
Excel poses significant challenges for many users, especially those who don’t work with the application on a regular basis. This makes Copilot's potential in this context all the greater. In the version we tested, Copilot for Excel was still in preview mode.
After entering our first query, Copilot told us that the data had to be in tabular form for it to understand. So data must first be formatted before Copilot can work with it.
Data analysis and knowledge gain
“Highlight the highest values in ‘Total Invoice (in €)’”
Copilot easily implemented a request to highlight a specific value in the table. In the chat area, Copilot also showed which cell was highlighted in color. This is especially helpful for large and complex tables.

We tested other data queries as well:
“Bold the top 10 values in ‘Pro Rata (Gross)’”

"Show only non-project expenses"
Copilot easily handled simple analysis and sorting tasks. This is especially useful for people who don’t use Excel regularly and have only basic Excel skills.

Data aggregation
We wanted to learn more about our data and asked Copilot for insights. The results were first displayed in the chat bar and could be pasted into a new worksheet using a prompt.
“Insights for net amount”

“Can I see another insight?”


“Add all insights to grid”
The results provided a good overview of the data. Copilot is especially helpful for this task if you have only basic Excel skills or aren’t a data analyst.

“Make a graphical overview of the most important figures (both valuation and operational)”
Copilot gave us country-specific results, which was acceptable because the prompt left a lot of room for interpretation. Again, the result was displayed in the chat bar and could be transferred to a new worksheet with a single click. Copilot provided a clear summary of the most important data.

“Add to a new sheet”
Copilot easily added the results to a new sheet.
However, when asked for more complex analyses, in our case for a specific valuation range, Copilot couldn’t provide answers.

“What would be a valuation range (Enterprise value) for a comparable company that has a sales growth of 10% annually until 2025, an EBITDA of €100m with a margin of 50%?”

“How can the multiples be best explained given the operational statistics?”
Copilot didn’t provide an appropriate result for this task either. Instead, the AI gave us the same result as in the first use case.

Finally, we asked Copilot for statistics for certain KPIs. Here, the AI couldn’t find any matches, couldn’t calculate the data from the table, and therefore couldn’t present a result. To be fair, this last use case was really complex and difficult.
“Create operational statistics: Sales, EBITDA, CAPEX | Sales growth, EBIT growth, EBITDA growth | EBIT margin T, EBIT margin T+1, EBIDTA margin T, EBIDTA margin T+1”

Our conclusion about Copilot in Excel is that for those who aren’t Excel professionals or don’t use the application on a daily basis, Copilot can certainly provide some assistance. The AI delivers a quick overview of data and increases efficiency when working with Excel.
Copilot currently seems less useful for advanced uses because Copilot can’t yet perform complex analyses. The restriction that all data must be in tabular form requires an extra step in practice, but thanks to the formatting options, that can be done with just a few clicks.
Note that we were only able to communicate with Copilot in Excel in English. In all other applications, it was possible to write prompts in German, which may be due to the preview mode.
We took a closer look at Copilot in Word. Our expectations were very high, as ChatGPT is quite powerful in text creation and editing.
Create a Word document based on a given presentation
“Create a proposal for a customer using Brand Control EN.pptx. Add a table comparing the features of Brand Control and Microsoft Copilot using Microsoft-copilot-whitepaper-empower-en.docx. Make the document look like Brand Compliance in Microsoft Office Proposal.docx”

We provided Copilot with a PowerPoint presentation and a Word document to create a document based on the presentation.
The content of the document Copilot produced is very good and detailed. The information was presented correctly and in a structured way, including (sub)headings, bullets, and tables. Copilot followed the presentation closely. In addition, Copilot has taken other content from the Internet, but marked it accordingly.
Unfortunately, the transfer of the design we provided as a Word document didn’t work. Despite the impressive results in terms of content and time saved, its practical application is limited due to the extra formatting required.
Formatting a document with style sheets
Since Copilot hadn’t adopted the design in the previous use case, we took it a step further. We gave Copilot specific guidelines regarding our corporate design that it should use to format the Word document. Those guidelines included information about fonts and font sizes for the headings.
“Format the document using the heading and text styles defined in this Word template C:\Users\mvsmq\OneDriveDesktop\BasicBrandGuidelines.docx”
Instead of implementing the instruction, Copilot pointed us to the Effects feature of Microsoft Word. As we discovered with PowerPoint, Copilot doesn’t yet seem able to format documents or presentations in a brand-compliant manner.

Company specific spellings
Almost every company uses certain customized spellings, especially for products and services. At empower®, for example, this includes the ® symbol after the product name “empower”. We instructed Copilot to take this into account.
"Always write the word empower with a ‘®‘, like this: empower®"
But even the customized prompt didn’t produce the desired result. Copilot gave us a hint on how to proceed and pointed us to the “Replace” feature. That was actually helpful in this specific example, even though our overall expectations were higher. Unfortunately, this isn’t useful in every use case.
The results of this test surprised us because ChatGPT, on which Copilot is based, normally handles such requests.

Rewrite or shorten a text
In the fourth use case, we asked Copilot to paraphrase a text. This doesn’t require a prompt, as Copilot offers a paraphrase function automatically.
For paraphrasing, the interface is very intuitive and user-friendly. It allows you to completely replace your own text with the rewritten version, generate a new text, or insert the new text under the old one. The clear display of the texts one below the other ensures easy review. This corresponds to the comfort and quality we expected from ChatGPT.
Overall, however, our Copilot didn’t meet our expectations in Word. While simple tasks such as creating or rephrasing texts worked well, more specific formatting and wording requirements failed.

Outlook plays a crucial role in text creation and editing. With Copilot‘s integration, your Outlook experience is poised to become significantly smoother, particularly given the substantial volume of emails inundating your inbox daily. Say goodbye to the hassles of email management as Copilot revolutionizes your workflow within Outlook.
Summary of email threads


Copilot provides the “Summary by Copilot” feature built into Outlook to summarize long email threads.
When we tested it, the summary created by Copilot gave a good overview of the email thread and also included brief information about the people involved. The summary was in German, since the emails were written in German.
However, it’s questionable whether any summary can replace reading the individual emails in the thread, as there’s no guarantee of completeness and accuracy. Nevertheless, this feature is potentially useful, especially for people who work in large companies and are often involved in long email threads.
Optimization of an email body
In the second use case, there was no need to enter a prompt because Copilot already provided the ability to compose an email. We wanted to make our email more promotional.
The result was impressive. Copilot wrote a well-structured email that met our expectations.

Writing an email with information from a website
In this test, we asked Copilot to generate a new email based on the content of a website, namely the Wikipedia entry on Microsoft 365 Copilot. It gave us a draft email that provided a comprehensive overview of Copilot and a solid basis for further work.
“Draft a new email describing the content from https://en.wikipedia.org/wiki/Microsoft_Copilot”

Replying to emails
Instead of writing a new email ourselves, we instructed Copilot to reply to a specific email in the next step.
“Draft an answer in English telling my colleague about advantages of their new product called Microsoft Copilot”

The generated email was an excellent starting point, but it wasn’t ready to send. In this instance, Copilot focused on coding and software development, which didn’t totally answer the brief. However, we were generally satisfied with the result and only slightly adjusted the email and added an additional paragraph. That experience highlights how important it is to carefully examine anything Copilot provides.
Overall, Copilot in Outlook is a competent assistant that helps us summarize and respond to emails.
Anyone who regularly works in Microsoft Teams knows how hectic the environment can be and how easily information can get lost or overlooked. Can Copilot help us structure content in Teams, make it more accessible, and organize to-dos?
Summary of a chat
The ability to summarize Teams conversations is one of our favorite features. You can choose what content you want to summarize and over what time period. We wanted to create a summary of a particular chat. You can see the result in the chat area on the right.
“Summarize this chat”

The summary gives a good overview that makes it easy to quickly assess the relevance of the chat content, especially for people who weren’t directly involved in the conversation. But be careful: relying solely on the summaries can lead to a loss of information. For a full understanding, it’s still essential to read the full chat history.
Create a presentation of a Teams summary
Wouldn’t it be handy to automatically create a presentation from this Teams summary? We tested this as well.
“Create a PowerPoint presentation that contains the information from your summary”
Unfortunately, Copilot couldn’t comply with our request. However, the answer it gave clearly explains why and clarifies what Copilot currently does and doesn’t do.

Reply to a chat message
What about the ability to reply to a chat message?
“This chat is about the climate change. Write an answer in which you identify the main challenges in dealing with climate change”
This was just as easy in Teams as it was in Outlook. Copilot’s reply to the previous message also appeared on the right side of the chat bar. This is helpful, as there’s no risk of accidentally sending the unreviewed message directly. Interestingly, there was no copy and paste button, so the message had to be copied manually. However, the content of the message was detailed and satisfactory.

Extract tasks based on a Teams conversation
Extracting tasks from a Teams conversation was also featured in Microsoft’s marketing video. We tested this feature as well.
“Which tasks do I have?”

When based on a simple chat history, Copilot answered the question without any problems. We also ran the test with more complex chat histories and meetings and were satisfied with the results. But there’s no guarantee that Copilot will actually list all the tasks that need to be done when it reviews a chat history.
We did this test not only in English, but also in German. Unfortunately, the summary didn’t work in German, neither in this use case nor in the simpler chat process before.
Similar to Outlook, Copilot works well in Teams to help you reply to messages and keep track of chats and the tasks that result from them.
Our conclusion
Microsoft 365 Copilot is especially helpful when creating or editing text. Whether it’s researching, summarizing, or rewriting, Copilot handles these tasks very well.
However, we have yet to see it revolutionize ever- yday office life. Many of the use cases presented by Microsoft and their results didn’t pass our real world tests. When it comes to more complex queries, the AI still too often reaches its limits. The same goes for adherence to brand specifications.
The ability to summarize in Teams and Outlook should be a great help to many people. Copilot is therefore a valuable assistant for people who work a lot with Outlook and Teams.
Business presentations aren’t yet easy to create with Copilot. The use of Copilot in PowerPoint is still very limited, especially for formatting tasks.
When it comes to Excel, Copilot is helpful for peop- le with basic skills. However, the AI doesn’t yet offer significant benefits for Excel professionals.
In Word, similar to Outlook and Teams, Copilot can assist by paraphrasing, summarizing, or giving text a different style.
Working with Copilot has been a pleasure and has given us an interesting taste of what is to come. The potential is considerable and we’re excited to see what improvements will come with the next updates from Microsoft.
The rise of cyber attacks on businesses is one of the greatest challenges of our time. These attacks are increasingly insidious and are often difficult to detect at first glance. Victims of hacking face ransom demands and the loss of highly sensitive data. In the worst-case scenario, the very existence of the company is at risk.
Recent statistics from the European Union Agency for Cybersecurity from July 2021 to July 2022 illustrate the extent of the threat: with more than 10 terabytes of data stolen per month, ransomware Trojans are one of the biggest cyber threats in the EU, with phishing currently considered the most common initialization vector for such attacks. Denial of Service (DoS) attacks are also among the most serious threats.
These figures underscore the urgency for companies to strengthen their cyber defenses. According to a study commissioned by the German digital industry association Bitkom, data theft, espionage and sabotage will cost the German economy €206 billion in 2023. This will be the third year in a row that the damage has exceeded the 200 billion euro mark (2022: 203 billion euros, 2021: 223 billion euros).
Supporting content
Social engineering and human vulnerability
Cyber security isn’t just about computer systems and networks. Users of these technologies are at least as important. Social engineering allows perpetrators to target the human factor as the perceived weakest link in the security chain. According to the European Union Agency for Cyber Security, a whopping 82% of all data breaches in 2022 succeeded due to social engineering.
When advanced software, firewalls, and virus scanners fail, cyber criminals try alternative methods to get users to install malware or reveal sensitive information such as passwords.
Similar to doorstep scams, cyber criminals rely on pretending to have a personal relationship with the victim or luring them in with the promise of a prize. There are many variations of this approach, known as phishing. In some cases, indirect contact is even made through friends of the actual victim. Social engineering cleverly exploits human traits such as helpfulness, trust, fear, or a sense of authority to manipulate people.
Cyber criminals use social engineering to trick victims into revealing confidential information, bypassing security, transferring money, or installing malware on personal devices or computers on the corporate network.
Social engineering is nothing new and has been the basis of scams since time immemorial. But in the age of digital communication, criminals have new, highly effective ways to reach millions of potential victims.
Recognizing phishing emails
Probably the best known form of social engineering is phishing. Cleverly crafted emails often look deceptively real and are designed to trick people into clicking on a link in the email. On the fake website that opens, the user enters credentials that are intercepted by the attackers.
In addition to the mass sending of phishing emails, a more precise variant of this method, known as spear phishing, is increasingly effective. Here, emails are specifically tailored to small groups or individuals after prior research, which significantly increases the "hit rate".
Another sophisticated variant is CEO fraud, in which criminals attempt to manipulate decision-makers or employees in companies who are authorized to make payments. They pretend to be acting on behalf of the company's top management and attempt to initiate what they claim to be urgent transfers of large sums of money.
Recognizing phishing emails requires vigilance. Employee awareness training is essential to stay ahead of the ever-evolving scams and ensure data security.
There are clues that characterize fraudulent emails. These are almost identical in the personal and business environments.
Grammar and spelling errors
Emails with incorrect language are the easiest to spot. Often they aren’t crafted in the target language, but the email is a translation from the original language via an automatic translation service – the result of a machine translation often sounds strange or even incorrect. Other signs of such emails can be punctuation errors or the absence of umlauts. But beware: the increasing use of artificial intelligence and ever-improving machine translation accuracy, such errors either won't occur at all or only very rarely in the future.
Emails in foreign languages
Emails in foreign languages are also suspicious. German banks or organizations, for example, usually communicate in German. If you get an email supposedly from your bank in a different language, it's likely a scam.
Lack of a personal salutation
Legitimate senders, such as your bank or online payment services, will always address you by name in emails and will never use generic salutations such as "Dear customer" or "Dear user". But be careful: phishers often have access to your name and use it to address you personally.

Supposedly urgent action
If you receive an email asking you to act quickly or within a short period of time, you should also be suspicious - especially if the request is accompanied by a threat, such as an announcement that your credit card or online access will be blocked.
Request to enter data
You may be asked to enter personal information such as PIN, TAN, or password. Financial institutions never request personal information by phone or e-mail. This is one of the most important security rules.
Request to open files
An increasing number of phishing emails ask you to open a file that is either attached to the email or available for download via a link. If you receive an unexpected email, don't download or open such a file. They usually hide a malicious program, such as a virus or Trojan horse. Always be suspicious of emails that contain a file attachment.
Asking you to click on links or fill out forms
Only in exceptional cases do banks and other service providers send you emails with links that you are asked to click. They may email you to notify you of new terms and conditions, but never to ask you to log in to your account. It's better to visit the website yourself by typing the address directly into your browser's address bar.
Emails from unknown senders
Do you receive emails from a bank that doesn't normally send you emails or may not know your email address? Or are you being contacted by other service providers, online stores, or companies with whom you have no existing relationship? In these cases, you should delete those emails - but only if the scam is clear. However, if you've already clicked on a link or opened an attachment that may have infected you with a Trojan, you shouldn't delete the email as it is important evidence.
Verifying the trustworthiness of the sender
Some phishing emails are very well crafted. The sender's email address looks trustworthy, the link in the body looks trustworthy, and the language is correct. However, don't automatically assume that the email is authentic. Sender information and links in emails can be easily forged or even spoofed with look-alike characters like using a Russian Cyrillic symbol instead of a Western character. Careful checking is essential.
Tip for internal company email: Use the "sender check" with the Teams status if you use Microsoft Teams. If the status is missing from a supposedly internal email, you can assume it's invalid. But even if the email contains this information, it's not necessarily 100% safe. Double check with the sender via Teams chat instead of return email to be sure.
Link verification

Special attention is required if the destination of a link in the email doesn't match the displayed text. The link destination is displayed by hovering the mouse over the link. The actual destination is then displayed in a pop-up window.
Identifying the destination domain is crucial. To do this, analyze the components of the domain, i.e. everything between the protocol handler (https) and the first slash. What comes before and after the last period is particularly relevant: the domain name and the top-level domain.
If the link can be uniquely associated with the organization from which the email originated, the link is likely to be secure.
Determining the domain owner
If the link domain doesn’t clearly match the originating domain, tools such as who.is can be used to determine the true owner of the domain. Unfortunately, this isn’t possible for all top-level domains. For example, .eu domains can only be queried through their central registry. However, who.is usually provides information on where else the owner can be queried.
If the owner and the originating domain match, it's safe to open the link. If they don't, proceed with caution. When in doubt, contact the sender by phone, consult your company's internal contact person, or follow ISO guidelines.
External link check
If you’re still unsure after all the previous checks, perform an external malware and reputation check using tools such as the VirusTotal URL Checker. It's important to use the full URL and not just the domain. However, this tool should be used with caution as links may contain confidential information.
As a general rule, no technical protection measure is 100% secure.
The human security factor
The effectiveness of IT security is only as good as the people who operate the systems. Therefore, people should not be viewed as a potential security vulnerability, but as a shield against cyber attacks. More and more companies realize that IT security cannot be achieved through technical measures alone. Training personnel also plays an important role in protecting against cyber attacks. People aren't just part of the problem, they're also part of the solution. IT security affects every employee and every department in the organization.
Rapid detection of cyber attacks or social engineering attempts can prevent significant economic and intangible damage. Promoting appropriate awareness of the problem and security issues, as well as regular training, are therefore crucial preventive measures to strengthen the "human security factor".
Microsoft’s move to cloud services and solutions began in the early 2000s with services such as MSN Hotmail (later renamed Windows Live Hotmail), one of Microsoft’s first web-based email services. But the move to cloud technologies really took off with the introduction of Microsoft Azure in 2010.
Office 365 (now known as Microsoft 365) marked another significant milestone in this transformation. As a subscription service, Office 365 moved Office applications to the cloud, enabling users to create, edit, and share documents online, re- gardless of location or device. It eliminated the need to install desktop applications.
Overview of Microsoft web applications
Microsoft web applications are crossplatform and can be used on a variety of devices including PCs, laptops, ta- blets, and even smartphones through supported web browsers. They offer a user interface that’s similar to their desktop counterparts. Even so, they dif- fer in their functionality.
Microsoft web applications seamlessly integrate with the company’s cloud platform, specifically Microsoft One- Drive for Business. This allows users to store their files directly in the cloud and access them from anywhere, as long as they have an Internet connection. Like web applications, web add-ins require an online connection to function properly.
Although web applications offer many of the features of desktop versions, they aren’t equivalent in all respects. Some features aren’t yet supported in the web environment. For example, you can’t create charts in PowerPoint Online. Formatting, table layouts, and design options are also limited on the web. In addition, Excel Online lacks some chart types and visualization options that are available in the desktop version.
The transition to web technology and its impact on existing add-ins
How does the move to web applications affect the use of traditional add-ins? Web applications don’t support traditional add-ins designed for desktop applications, but require specially designed web add-ins. Why is this?
A key issue is the incompatibility of the COM interface. Most Microsoft desktop applications can be extended through an interface known as the Component Object Model (COM). The COM interface has been around since Office 2000 and was developed by Microsoft to facilitate interoperability between different software components on Windows-based systems. Through the COM interface, add-ins can communicate with
the underlying software or other COM-based compo- nents to exchange data, extend functionality, or provi- de additional functionality.
In contrast, the web applications of the Office suite don’t provide a COM interface for extension. Instead, they rely on web technologies such as web APIs (e.g., Microsoft Graph) or web hooks. Because of the diffe- rent architecture, traditional COM add-ins can’t integ- rate with web applications. While the COM interface has grown and matured over the past 20 years, web interfaces are still in their infancy by comparison.
But that’s not all. Since VBA applications and VSTO add-ins are also based on the COM interface, they also are affected by this incompatibility and can no longer be used.
New Outlook for Windows gets you started
In September 2023, Microsoft introduced a new version of Outlook for Windows 11. Unlike the previous version known from the Microsoft Office Suite, the new Outlook is based on the outlook.com web application and initially offers only a fraction of the previous features. COM and VSTO add-ins are no longer compatible with the new Outlook, only web add-ins are supported.
Beginning in 2024, new Windows 11 devi- ces ship with the new Outlook for Windows as the default free mail application. Currently, Windows users have the option to try the new Outlook for Windows by actively selecting the new version of the email client via the “Try new Outlook” button.
Microsoft plans to establish the new Outlook for Windows as the future replacement for the classic version in the Microsoft 365 subscription or Office Suite. All existing versions of Outlook will be standardized on a common code base and interface. Although the exact timing of this transition hasn’t yet been officially announced, it’s not expected to happen before the end of 2025 or during 2026 at the earliest. Until then, some functionality gaps will need to be filled, as the desktop version of Outlook offers advanced email management features and additional calendar management features that’re missing from the online version. Based on Microsoft’s previous announcements and their actual implementation, we can assume that the “old” Outlook won’t be replaced so quickly.
According to Microsoft, its own COM add-ins for Outlook have either already been replaced by Web add-ins or integrated into other features. Nonetheless, many organizations still use older or homegrown add-ins that they can’t easily replace or re-develop. Since add-ins often play an important role in business processes, their incompatibility with the new Outlook could cause problems and at least delay the final replacement of the “old” Outlook. It should be noted, howe- ver, that web add-ins can also be used with classic Outlook.
Benefits and capabilities of web add-ins
In principle, web add-ins offer the same advantages as web applications. They’re platform-independent, easily accessible, easy to update, and don’t require local installation. Web clients can be accessed from any location without the need to install a desktop client. This is particularly advantageous for large organizations that often have a large number of software applications on their systems. The ability to use applications online without the need for manual installations or updates greatly simplifies work processes.
In addition, web add-ins offer the benefit of increased stability and security through the use of sandbox technology. This minimizes the risk of crashes or delays when launching host applications, resulting in a better user experience.
Advantages of web applications
Platform independence:
Web applications can be used on multiple devices, regardless of operating system or hardware.
Automatic updates:
Updates and maintenance are performed on the server side, so users always have the latest version of the application without having to do anything.
Quick access:
Web applications don’t require a lengthy installation process and are typically faster to access because they can be launched directly from a web browser.
Reduced resource requirements:
Because web applications aren’t installed locally on a device, they often require less storage and resources on the user’s computer or device.
From Our Blog
Practical office insights, inspirational stories, market assessments on PowerPoint & Excel.

Stakeholder Engagement Drives the Success of IT Software Implementations

Controlled creativity: How AI maintains brand voice
