Small Business Need-to-Know Guidelines for Using ChatGPT
In February, we released a blog about the looming uncertainties surrounding the new ChatGPT tool that was beginning to take root in what seemed like every nook and cranny. As this phenomenon has exploded, it's come to our attention that the uncertainty still surrounding this tool might put businesses and especially our customers in a difficult spot. How should SMBs utilize AI to benefit their business all while keeping security at the forefront? Centre has some suggestions we're implementing internally. Check out our suggestions you should be using with ChatGPT and other AI software below. ⬇️
Main Concerns of ChatGPT
I heard it just last week (as I'm sure have, too), that "AI is the taking over the world for better or for worse." Unfortunately, this onslaught of Artificial Intelligence (AI) systems over the past few months can reassure you that we're using technology for a better tomorrow, but it's also deeply unsettling. AI is rapidly evolving and businesses are having to prepare for its utilization in order to not fall behind. Perhaps you're one of those feeling the ChatGPT heat. Even if you're not, you're probably wondering how it will impact your operations and whether or not your organization is swinging to the "better" or "worse" side of that pendulum.
While AI has the potential to provide numerous benefits, there are also concerns surrounding its potential impact on jobs, privacy, and security. Recent confirmations of Chat GPT data leakage and privacy violations (minor ones dealing with access to chat history but breaches nonetheless) have elicited worries. Some common concerns of AI are:
- Additional and more major leakages, some involving Nonpublic Personal Information (NPI) which, if you're a financial institution, the FTC is cracking down on.
- Exposition of business "secrets" or sensitive documents held for ransom (don't forget the humans can do this as well. Remember National Guardsman, Jack Teixeira, who leaked government documents on the popular a gaming forum? It's not just AI you have to worry about!)
- The overall cyber risks for employers that's involved with AI. This include things like: fake invoices, inhuman applicants who then infiltrate systems, and the untrustworthiness of AI chatbots.
- The safety concerns endemic to anything "unknown"
So what is Centre doing to protect themselves and others from the "bad guys"? What should you do? Especially when we can use ChatGPT for the benefit of our company, what are we putting in place to make sure this tool stays firmly placed on the side of the good guys?
- We adhere to our Non-Disclosure Agreements (NDAs) and keep all customer data confidential. We would never leverage any organizational data without explicit permission by the customer or partners.
- We carefully review digital assets via an enterprise risk management process. This includes but not limited to network topology, credentials, infrastructure, IPs, physical servers, virtual servers, proprietary code, virtual service information or any other digitally defined asset.
- Any use of public domain data via ChatGPT runs in enable “History Off” mode in that prevents other users from viewing chat history and prevents the input from being added to the AI algorithm training. **NOTE: Data will still be stored by OpenAI.**
- A key reminder to stay safe; if you are looking to use the current version of ChatGPT which is the non-business version, transact only with data that would otherwise be openly available on the web and accessible in the public domain.
- Only use a validated OpenAI ChatGPT version to ensure you are not using a compromised version. Many clone releases are out there that can compromise the computer environment.
Additionally, our Chief Information Security Officer, Anthony Leatherwood, reinforces that "this guidance does not replace a sound corporate system Acquisition, Development, and Maintenance Policies that should require all vendors to go through a Vendor Risk Assessment (VRA)." Basically, the above guidelines are not instead of our policies but in addition to the ones we already have. We recommend this model to your business as well! Need help on building a VRA framework to protect your organization, please contact us to help you get started.
What's the Future of AI for Small Businesses?
It's important to proactively prepare for AI's evolution and address these concerns head-on. We understand that SMBs may not have the resources or expertise to navigate this complex landscape on their own, which is why we're committed to helping our customers stay ahead of the curve and prepare for the future. By proactively addressing these concerns, we can help SMBs leverage the power of AI while minimizing its potential risks.
At Centre, we believe technology can be used for good, hence why we work to protect your systems to the fullest. But the world isn't perfect and not everyone feels as warm and fuzzy about the use of technology like we do. Because good exists, there must be the presence of bad as well. In our previous February post about ChatGPT, we mentioned that the generator has the ability to spit out codes which the user can then input into their systems. This service should be used for good, right? Faster upkeep of your internal systems and maximizing your output in a way that produces better overall operational efficiency. But what if I ask ChatGPT to mutate that code and create a ransomware code? At the touch of anyone's fingers is now the ability to take down companies from small to large.
Furthermore, more often than not, it's our SMB spaces that don't have the necessary precautions in place to protect themselves from the ChatGPT-fueled cyber criminals out there. As a reminder, regular people now have the ability to know as little or too much at the tip of their fingers. This means more attacks than ever before whether it be internally, hackers with an agenda, or as simple as a kid just messing around. It doesn't really matter and if you're not prepared, you're already behind the eight ball. If this sounds like you, Centre can help you by filling in your gaps.
Regardless, it's still too early to assess the future evolvement of this tool. There are too many variables and too many directions this tool could take. Microsoft and OpenAI are even working on a business ChatGPT version which should be available later this year. Either way, we're staying on top of the trajectory of this tool and remaining protected in the process.
If you're still unsure of your business's next steps, let us know. We can help protect you and keep your business on the right side of the AI trend.
Be a thought leader and share: