FireOak Strategies Blog

Insights and articles related to knowledge management, information security, technology, data and analytics, business process automation, platform management, and other related topics, from our experienced team of consultants.

Security Risks with ChatGPT & Artificial Intelligence (AI)

May 9, 2023

While ChatGPT and other AI platforms have tons of work related benefits they also introduce new security risks for organizations Read more about the risks and FireOak s recommendations

Abby Clobridge

Abby Clobridge is the founder of FireOak Strategies. She works with clients around the world to enhance how organizations manage, secure, and share their knowledge. You can reach Abby at [email protected].

AI in the Workplace: Guidance for Organizations

ChatGPT and several other AI-related tools have taken off at astonishing speed over the past few months. While these tools can be incredibly useful to help increase productivity, expedite mundane tasks, and spark creativity within the workplace, your staff members might be using these platforms in ways that can unintentionally create risk for your organization.

Our top concern is that staff are using unauthorized tools in conjunction with data that is classified as confidential or private/internal as defined by your organization’s data classification policy. Reports of staff from Samsung doing exactly this made headlines earlier this month, but anecdotal evidence indicates that this is a widespread problem.

In March, OpenAI confirmed reports of a bug (which OpenAI claims has been fixed) that allowed some users to see other users’ chat histories.

These are just a few examples that have emerged over the past few months; as usage becomes even more widespread, and AI tools are incorporated into more third-party platforms, we expect further disruptions and an uptick in security-related issues.

Security Risks with ChatGPT

Data leakage: Confidential data or internal intellectual property could be leaked to unauthorized parties, including attackers who could leverage this data for malicious purposes.
Legal and compliance risks: Depending on the nature of your data, it’s possible that your organization may be in violation of regulatory obligations or contractual agreements with clients, which could result in fines or legal action.
Reputational data: If confidential data is leaked, it can lead to reputational harm for your organization. If that happens, will clients, customers, donors, investors, or other stakeholders trust your organization if confidential data has been leaked?

Recommendations

To minimize and/or mitigate these security risks with ChatGPT and other AI platforms, FireOak strongly recommends that each organization establish clear guidelines for staff around the use of AI platforms, including ChatGPT. These guidelines should align with your organization’s Data Classification Policy (DCP). Through these guidelines, provide clear guidance to employees on the ways in which they can (and can’t) use AI tools and which platforms have been authorized for which purpose(s).

If your organization doesn’t have a data classification policy, address this issue at the same time!

To be clear, we are not suggesting that all organizations immediately discontinue the use of AI tools. There are plenty of use cases and secure mechanisms for incorporating AI into workflows. But be transparent in identifying what’s acceptable and what’s not. And, at a high level, explain the reasoning behind this guidance.