Don't Use ChatGPT At Work

Using ChatGPT without a proper framework can be a legal minefield, endangering both employers and employees. As a consequence, it is  essential to be aware of the potential hazards associated with using ChatGPT in the workplace. 

Right now, ChatGPT has around  800 million active users per month. ChatGPT is a chatbot powered by Artificial Intelligence (AI), created by OpenAI.

It uses natural language processing to simulate conversational responses to prompts provided by users. As a result, ChatGPT can provide written content for users. This can vary from creative writing to business-related materials, like proposals and marketing plans. 

It can also generate code in programming languages such as Python and Java, as well as legal documents such as style contracts, wills and dispositions. Now, according to a study by LayerX Security , 15% of employees regularly post sensitive company data into ChatGPT, putting their employers at risk of a security breach. The research report, titled “Revealing the True genAI Data Exposure Risk”, analysed the behavior of over 10,000 employees and examined how they use generative AI apps in the workplace. 

The findings concluded that at least 15% of workers use these tools at work, and almost 25% of these times include a data paste into the app. Not only is the technology being used by an increasing number of employees, but as mush 11% of what employees are pasting into ChatGPT is sensitive data. 

ChatGPT

ChatGPT is a language model developed by OpenAI that can engage in natural language conversations with humans. It is designed to understand and respond to a wide variety of questions and topics, ranging from general knowledge to specific domains, including science, technology, history, and literature. 

The numbers provided in the report will only grow as the popularity of AI-based tools increases. "Soon, we predict, employees will be using GenAI as part of their daily workflow, just like they use email, chats (Slack), video conferencing (Zoom, Teams), project management, and other productivity tools,” say LayerX. 

This phenomenon poses significant risks to organisations concerning the security and privacy of sensitive data.

Furthermore, the report states that the top categories of confidential information being input into the GenAI tools are 43% internal business data and 31% source code, which pose the highest exposure risks.

The study also found that a significant portion of these workers do not rely solely on instructions and prompts, but also paste data directly into the app, which exposes sensitive company data. “Organizations might be unknowingly sharing their plans, product, and customer data with competitors and attackers,” LayerX report.

What is clear from the rise in popularity of ChatGPT and AI and the number of employees using it, is that the technology is likely to be here to stay. As a result, employers need to consider sooner rather than later the potential risks it poses and whether they should put in place an outright ban on its use in a work context or not.

Employers must take appropriate steps to address the risks and potential legal implications associated with using ChatGPT in the workplace. The decision to allow employees to use ChatGPT in their daily tasks is crucial and can have a significant impact on the company’s reputation and compliance obligations.

Whilst businesses shouldn’t automatically assume that their staff members are using ChatGPT, if they don’t want their employees to be using it for work purposes then they should make that clear. 

Nelsons Law:  LayerX Security:    Harper Macleod:   I-HLS:    Business Review:  Business Insider:  CyberNews:     

You Might Also Read: 

Lawyer Admits To Using ChatGPT:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Why Are Businesses Ignoring Incident Response?
USA & Europe Undergoing A Wave Of Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Ascentor

Ascentor

Ascentor specialises in independent information and cyber security consultancy. We’re experienced industry experts, providing cyber security services since 2004.

Arcitura Education

Arcitura Education

Arcitura is a leading global provider of progressive, vendor-neutral IT training and certification programs.

Computer Laboratory - University of Cambridge

Computer Laboratory - University of Cambridge

Computer security has been among the Laboratory’s research interests for many years, along with related topics such as cryptology

ThaiCERT

ThaiCERT

ThaiCERT is the national Computer Security Incident Response Team (CSIRT) for Thailand.

Cyber Command

Cyber Command

Our Managed IT service allows clients to offload the management of day-to-day computer, server, and networking support to our team of professionals.

SmartCyber

SmartCyber

SmartCyber is a company specializing in custom IT projects and Cybersecurity.

Nubeva Technologies

Nubeva Technologies

Nubeva provide a breakthrough TLS Decrypt solution with Symmetric Key Intercept to gain the visibility needed to monitor and secure network traffic.

ThreatModeler

ThreatModeler

ThreatModeler is an automated threat modeling solution that fortifies an enterprise’s Software Development Lifecycle by identifying, predicting and defining threats.

InGuardians

InGuardians

InGuardians is an independent information security consulting firm specializing in penetration testing, threat hunting, and hardware hacking.

Finnish Security & Intelligence Service (SUPO)

Finnish Security & Intelligence Service (SUPO)

The Finnish Security and Intelligence Service is a government agency tasked with combating serious threats to national security in Finland.

DeNexus

DeNexus

DeNexus is the leading provider of cyber risk modeling for industrial networks. Our Mission is to build the Global Standard for Industrial Cyber Risk Quantification.

Carahsoft Technology Corp

Carahsoft Technology Corp

Carahsoft Technology is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets.

Trickest

Trickest

Trickest enables Enterprises, MSSPs, and Ethical Hackers to build automated offensive security workflows from prototype to production.

BBS Technology

BBS Technology

BBS Technology is a company that develops and delivers next-generation cyber security technologies worldwide.

Simpson Associates

Simpson Associates

Simpson Associates is a Data Transformation and managed services provider that helps organisations gain valuable insights from their data and make better-informed decisions.

DeepSurface Security

DeepSurface Security

DeepSurface is the first risk-based vulnerability management platform that allows cybersecurity teams to automate the process of analyzing and prioritizing vulnerabilities.