Don't Use ChatGPT At Work

Uploaded on 2023-06-26 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, FREE TO VIEW

Using ChatGPT without a proper framework can be a legal minefield, endangering both employers and employees. As a consequence, it is  essential to be aware of the potential hazards associated with using ChatGPT in the workplace. 

Right now, ChatGPT has around  800 million active users per month. ChatGPT is a chatbot powered by Artificial Intelligence (AI), created by OpenAI.

It uses natural language processing to simulate conversational responses to prompts provided by users. As a result, ChatGPT can provide written content for users. This can vary from creative writing to business-related materials, like proposals and marketing plans. 

It can also generate code in programming languages such as Python and Java, as well as legal documents such as style contracts, wills and dispositions. Now, according to a study by LayerX Security , 15% of employees regularly post sensitive company data into ChatGPT, putting their employers at risk of a security breach. The research report, titled “Revealing the True genAI Data Exposure Risk”, analysed the behavior of over 10,000 employees and examined how they use generative AI apps in the workplace. 

The findings concluded that at least 15% of workers use these tools at work, and almost 25% of these times include a data paste into the app. Not only is the technology being used by an increasing number of employees, but as mush 11% of what employees are pasting into ChatGPT is sensitive data. 

ChatGPT

ChatGPT is a language model developed by OpenAI that can engage in natural language conversations with humans. It is designed to understand and respond to a wide variety of questions and topics, ranging from general knowledge to specific domains, including science, technology, history, and literature. 

The numbers provided in the report will only grow as the popularity of AI-based tools increases. "Soon, we predict, employees will be using GenAI as part of their daily workflow, just like they use email, chats (Slack), video conferencing (Zoom, Teams), project management, and other productivity tools,” say LayerX. 

This phenomenon poses significant risks to organisations concerning the security and privacy of sensitive data.

Furthermore, the report states that the top categories of confidential information being input into the GenAI tools are 43% internal business data and 31% source code, which pose the highest exposure risks.

The study also found that a significant portion of these workers do not rely solely on instructions and prompts, but also paste data directly into the app, which exposes sensitive company data. “Organizations might be unknowingly sharing their plans, product, and customer data with competitors and attackers,” LayerX report.

What is clear from the rise in popularity of ChatGPT and AI and the number of employees using it, is that the technology is likely to be here to stay. As a result, employers need to consider sooner rather than later the potential risks it poses and whether they should put in place an outright ban on its use in a work context or not.

Employers must take appropriate steps to address the risks and potential legal implications associated with using ChatGPT in the workplace. The decision to allow employees to use ChatGPT in their daily tasks is crucial and can have a significant impact on the company’s reputation and compliance obligations.

Whilst businesses shouldn’t automatically assume that their staff members are using ChatGPT, if they don’t want their employees to be using it for work purposes then they should make that clear. 

Nelsons Law:  LayerX Security:    Harper Macleod:   I-HLS:    Business Review:  Business Insider:  CyberNews:     

You Might Also Read: 

Lawyer Admits To Using ChatGPT:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Why Are Businesses Ignoring Incident Response?
USA & Europe Undergoing A Wave Of Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

National Cyber League (NCL)

National Cyber League (NCL)

The NCL provides a virtual training ground for participants to develop, practice, and validate their cybersecurity knowledge and skills.

App-Ray

App-Ray

App-Ray provides fully automated security analysis of mobile applications to find security issues, privacy breaches and data leaking potentials.

UM Labs

UM Labs

UM Labs is a developer of security products for Voice over IP (VoIP), protecting SIP trunk connections, safeguarding mobile phone communications and enabling BYOD.

Qufaro

Qufaro

Qufaro is a new initiative designed to make it simpler for those with career ambitions in cyber security to access the UK’s cyber-specific education and innovation opportunities.

MaskTech

MaskTech

MaskTech supplies highest security embedded chipsets, operating systems and related middleware for electronic identification cards, travel documents and authentication solutions.

National Accreditation Authority Hungary (NAH)

National Accreditation Authority Hungary (NAH)

NAH is the national accreditation body for Hungary. The directory of members provides details of organisations offering certification services for ISO 27001.

Alertot

Alertot

Hackers attack minutes after a new vulnerability is published. Alertot helps to decrease exposure time in organizations by notifying new issues when they are disclosed.

Accurics

Accurics

Accurics enables self-healing cloud native infrastructure by codifying security throughout your development lifecycle.

QGroup

QGroup

QGroup has been re-designing the consultancy industry since 2012. We're a rapidly expanding group of consulting companies that deliver bespoke IT services including cybersecurity.

North West Cyber Resilience Centre (NWCRC)

North West Cyber Resilience Centre (NWCRC)

The North West Cyber Resilience Centre is a trusted, not-for-profit venture between Greater Manchester Police and Manchester Digital.

LogicBoost Labs

LogicBoost Labs

LogicBoost Labs has the expertise, experience, funding and connections to make your startup succeed. We are always interested in new ways to change the world for the better.

Apollo Information Systems

Apollo Information Systems

Apollo is a value-added reseller that provides our clients with the complete set of cybersecurity and networking services and solutions.

Alpha Omega Integration

Alpha Omega Integration

Alpha Omega creates new possibilities through intelligent end-to-end mission-focused government IT solutions.

V3 Cybersecurity

V3 Cybersecurity

V3 Cybersecurity is a unique company focused on contextualization of security programs from a business perspective. Our mission is to provide enterprise IT Risk Management capabilities.

Institute for Applied Network Security (IANS)

Institute for Applied Network Security (IANS)

For the security practitioner caught between rapidly evolving threats and demanding executives, IANS Research is a clear-headed resource for decision making and articulating risk.

Coastline Cybersecurity

Coastline Cybersecurity

Coastline Cyber is a cybersecurity consulting firm dedicated to helping organizations strengthen their security posture by reducing risks, mitigating threats, and protecting against attacks.

Early Game Ventures (EGV)

Early Game Ventures (EGV)

Early Game Ventures invests in startups that jumpstart new industries in the emerging markets of Europe.