Five tips for implementing AI without risking your data.
Andrew Smith
Chief Information & Security Officer
Kyocera Document Solutions UK
My top five tips to make sure any organisation can take advantage of AI, without the security pitfalls.
The Gen AI bubble might be growing slower than it was in 2023, but as adoption continues apace, organisations across the globe are still being caught out by outdated security protocols.
Tip 1: Avoid using personal or proprietary information in Gen AI LLMs
It is not common knowledge how and where data is used when utilising generative AI models. Often, end users do not know the sensitivity of the data they are uploading and are more focused on the potential outcome AI technology can generate. The important approach for business leaders is to ensure they do not restrict AI use, which in turn creates shadow use, but instead educate users on how to safely use AI and provide AI models that are safe to use in the business domain.
Tip 2: Create a company policy on AI & Privacy
From my experience, the challenge colleagues face here is the lack of reference material and best practices from which to build. Instead, the source of reference is best practices in data use, safety, and privacy, and adopting this approach in the use of AI. This way, the core topic of how data is utilised and generated is protected and considered by the foundation of well-established data and privacy policies.
Tip 3: Manage data privacy settings
Data privacy settings are challenging in this space, with many different web-based AI toolsets being launched daily.Our approach in this space involves utilising broader data privacy controls and data boundaries and sources to ensure data extraction is understood and controlled prior to uploading it to insecure sources.As more private AI tools and models are released, IT can control the use cases and abilities of the toolsets and expand the technology’s outcomes and outputs. This is where we believe mainstream adoption may be achieved.
Tip 4: Regularly change passwords and use data access controls
Companies must have strong IT policies that guide and control how users use systems, particularly the rules they must comply with. Modern IT platforms and data loss prevention policies and controls allow IT to have a greater influence on user behaviour. Still, end-user education is always essential to ensure the best possible protection for corporate IT systems.
Tip 5: Audit AI interactions and monitor data breaches
The critical element in trying to audit AI use and subsequent data breaches is to ensure strong guidance around permitted use cases and to utilise work groups that understand how users want to develop business operations utilising AI.Depending on the AI use case, and particularly with new private AI models, IT can have much greater control and insight.It is essential to utilise IT controls alongside industry-leading Cyber toolsets for data breaches to monitor and spot potential data leaks or breaches.
Under attack? Get help from THE Cyber team.
Cyber Blog.
Cyber Solutions.
Managed Endpoint Detection and Response.
Protect your business against the latest cyberthreats with our Managed Endpoint Detection and Response (M-EDR) service.
Managed Phising Defence.
Our managed service tackles the challenges faced by IT teams in educating and maintaining cyber security awareness within organisations.
Cyber Assessments.
The nature and complexity of cyber security threats are increasing, IT teams need to have the tools and functionality to combat them.
Our cyber assessments cover three levels and are designed to be applicable irrespective of the size of the company.