Don't Use ChatGPT At Work

Uploaded on 2023-06-26 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, FREE TO VIEW

Using ChatGPT without a proper framework can be a legal minefield, endangering both employers and employees. As a consequence, it is  essential to be aware of the potential hazards associated with using ChatGPT in the workplace. 

Right now, ChatGPT has around  800 million active users per month. ChatGPT is a chatbot powered by Artificial Intelligence (AI), created by OpenAI.

It uses natural language processing to simulate conversational responses to prompts provided by users. As a result, ChatGPT can provide written content for users. This can vary from creative writing to business-related materials, like proposals and marketing plans. 

It can also generate code in programming languages such as Python and Java, as well as legal documents such as style contracts, wills and dispositions. Now, according to a study by LayerX Security , 15% of employees regularly post sensitive company data into ChatGPT, putting their employers at risk of a security breach. The research report, titled “Revealing the True genAI Data Exposure Risk”, analysed the behavior of over 10,000 employees and examined how they use generative AI apps in the workplace. 

The findings concluded that at least 15% of workers use these tools at work, and almost 25% of these times include a data paste into the app. Not only is the technology being used by an increasing number of employees, but as mush 11% of what employees are pasting into ChatGPT is sensitive data. 

ChatGPT

ChatGPT is a language model developed by OpenAI that can engage in natural language conversations with humans. It is designed to understand and respond to a wide variety of questions and topics, ranging from general knowledge to specific domains, including science, technology, history, and literature. 

The numbers provided in the report will only grow as the popularity of AI-based tools increases. "Soon, we predict, employees will be using GenAI as part of their daily workflow, just like they use email, chats (Slack), video conferencing (Zoom, Teams), project management, and other productivity tools,” say LayerX. 

This phenomenon poses significant risks to organisations concerning the security and privacy of sensitive data.

Furthermore, the report states that the top categories of confidential information being input into the GenAI tools are 43% internal business data and 31% source code, which pose the highest exposure risks.

The study also found that a significant portion of these workers do not rely solely on instructions and prompts, but also paste data directly into the app, which exposes sensitive company data. “Organizations might be unknowingly sharing their plans, product, and customer data with competitors and attackers,” LayerX report.

What is clear from the rise in popularity of ChatGPT and AI and the number of employees using it, is that the technology is likely to be here to stay. As a result, employers need to consider sooner rather than later the potential risks it poses and whether they should put in place an outright ban on its use in a work context or not.

Employers must take appropriate steps to address the risks and potential legal implications associated with using ChatGPT in the workplace. The decision to allow employees to use ChatGPT in their daily tasks is crucial and can have a significant impact on the company’s reputation and compliance obligations.

Whilst businesses shouldn’t automatically assume that their staff members are using ChatGPT, if they don’t want their employees to be using it for work purposes then they should make that clear. 

Nelsons Law:  LayerX Security:    Harper Macleod:   I-HLS:    Business Review:  Business Insider:  CyberNews:     

You Might Also Read: 

Lawyer Admits To Using ChatGPT:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Why Are Businesses Ignoring Incident Response?
USA & Europe Undergoing A Wave Of Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ON-DEMAND WEBINAR: Harnessing the power of Security Information and Event Management (SIEM)

ON-DEMAND WEBINAR: Harnessing the power of Security Information and Event Management (SIEM)

Join our experts as they give the insights you need to power your Security Information and Event Management (SIEM).

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

SSL247

SSL247

SSL247 is Europe's leading Web Security Consultancy Firm. We enjoy long-standing partnerships with Certificate Authorities including Symantec, GlobalSign, Entrust Datacard, Comodo, Thales and Qualys.

Caldew Consulting

Caldew Consulting

Caldew specialise in providing information assurance and cyber security consultancy, covering the full spectrum of the security life cycle.

4N6

4N6

4N6 is a privately-owned firm founded with the goal of providing expert knowledge of computer forensics.

Graphus

Graphus

Graphus provides a simple, powerful, automated solution that eliminates 99% of social engineering and spear phishing attacks against G Suite business Gmail users.

Accolade Technology

Accolade Technology

Accolade provides the most technologically advanced host cpu offload, 100% packet capture FPGA-based PCIe adapters and 1U platforms available in the network monitoring and cyber security markets.

Avira

Avira

Avira provide a portfolio of antivirus, security and performance applications for Windows, Android, Mac, and iOS.

CyberFortress

CyberFortress

CyberFortress is an insuretech startup offering a new kind of online business interruption policy designed for small business.

Cyber Security Africa

Cyber Security Africa

Cyber Security Africa is a full-service Information Security Consulting firm offering a comprehensive range of Services and Products to help organizations protect their valuable assets.

Cobalt Iron

Cobalt Iron

Cobalt Iron is a global leader in SaaS-based enterprise backup and data protection technology.

UK Cyber Security Council (UKCSC)

UK Cyber Security Council (UKCSC)

The role of The UK Cyber Security Council is to champion the cybersecurity profession across the UK, provide representation for the industry, accelerate awareness and promote excellence.

Outseer

Outseer

Outseer is a leading technology company in the fight against payments fraud. Outseer reliably determines authentic customers from fraudulent behavior.

Ankura Consulting Group

Ankura Consulting Group

Ankura is a global expert services and advisory firm that delivers services and end-to-end solutions in a wide range of areas including cybersecurity and digital transformation.

Buchanan & Edwards

Buchanan & Edwards

Buchanan & Edwards delivers forward-focused technology solutions that help our clients transform the way they perform their missions.

Zigrin Security

Zigrin Security

Zigrin Security offer comprehensive, hands-on security testing of internal networks, applications, cloud-based solutions, e-commerce applications and mobile devices.

ShieldIO

ShieldIO

ShieldIO Real-Time Homomorphic Encryption™ enables your organization to reach regulatory compliance without compromising data availability.

DynTek

DynTek

DynTek delivers exceptional, cost-effective professional IT consulting services, end-to-end IT solutions and managed IT services.