Don't Use ChatGPT At Work

Using ChatGPT without a proper framework can be a legal minefield, endangering both employers and employees. As a consequence, it is  essential to be aware of the potential hazards associated with using ChatGPT in the workplace. 

Right now, ChatGPT has around  800 million active users per month. ChatGPT is a chatbot powered by Artificial Intelligence (AI), created by OpenAI.

It uses natural language processing to simulate conversational responses to prompts provided by users. As a result, ChatGPT can provide written content for users. This can vary from creative writing to business-related materials, like proposals and marketing plans. 

It can also generate code in programming languages such as Python and Java, as well as legal documents such as style contracts, wills and dispositions. Now, according to a study by LayerX Security , 15% of employees regularly post sensitive company data into ChatGPT, putting their employers at risk of a security breach. The research report, titled “Revealing the True genAI Data Exposure Risk”, analysed the behavior of over 10,000 employees and examined how they use generative AI apps in the workplace. 

The findings concluded that at least 15% of workers use these tools at work, and almost 25% of these times include a data paste into the app. Not only is the technology being used by an increasing number of employees, but as mush 11% of what employees are pasting into ChatGPT is sensitive data. 

ChatGPT

ChatGPT is a language model developed by OpenAI that can engage in natural language conversations with humans. It is designed to understand and respond to a wide variety of questions and topics, ranging from general knowledge to specific domains, including science, technology, history, and literature. 

The numbers provided in the report will only grow as the popularity of AI-based tools increases. "Soon, we predict, employees will be using GenAI as part of their daily workflow, just like they use email, chats (Slack), video conferencing (Zoom, Teams), project management, and other productivity tools,” say LayerX. 

This phenomenon poses significant risks to organisations concerning the security and privacy of sensitive data.

Furthermore, the report states that the top categories of confidential information being input into the GenAI tools are 43% internal business data and 31% source code, which pose the highest exposure risks.

The study also found that a significant portion of these workers do not rely solely on instructions and prompts, but also paste data directly into the app, which exposes sensitive company data. “Organizations might be unknowingly sharing their plans, product, and customer data with competitors and attackers,” LayerX report.

What is clear from the rise in popularity of ChatGPT and AI and the number of employees using it, is that the technology is likely to be here to stay. As a result, employers need to consider sooner rather than later the potential risks it poses and whether they should put in place an outright ban on its use in a work context or not.

Employers must take appropriate steps to address the risks and potential legal implications associated with using ChatGPT in the workplace. The decision to allow employees to use ChatGPT in their daily tasks is crucial and can have a significant impact on the company’s reputation and compliance obligations.

Whilst businesses shouldn’t automatically assume that their staff members are using ChatGPT, if they don’t want their employees to be using it for work purposes then they should make that clear. 

Nelsons Law:  LayerX Security:    Harper Macleod:   I-HLS:    Business Review:  Business Insider:  CyberNews:     

You Might Also Read: 

Lawyer Admits To Using ChatGPT:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Why Are Businesses Ignoring Incident Response?
USA & Europe Undergoing A Wave Of Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

AV Test

AV Test

The AV-TEST Institute is a leading international and independent service provider in the fields of anti-virus research and IT security.

Canadian Security Intelligence Service (CSIS)

Canadian Security Intelligence Service (CSIS)

CSIS collects and analyzes threat-related information concerning the security of Canada in areas including terrorism, espionage, WMD, cybersecurity and critical infrastructure protection.

Center for Identity - University of Texas at Austin

Center for Identity - University of Texas at Austin

The mission of the Center is to deliver the highest-quality discoveries, applications, education, and outreach for excellence in identity management, privacy, and security.

Platin Bilişim

Platin Bilişim

Platin Bilisim is an IT Security company providing consultancy, solutions and operational support services.

German Accelerator

German Accelerator

German Accelerator supports high-potential German startups in successfully entering the U.S. and Southeast Asian markets.

Cyber Smart Defense

Cyber Smart Defense

Cyber Smart Defense is a specialist provider of penetration testing services and IT security audits.

Kinnami Software

Kinnami Software

Kinnami is a data security company that equips organizations with the tools they need to secure and protect highly confidential documents and data.

Lightspin

Lightspin

Lightspin is a contextual cloud security platform that continuously visualizes, detects, prioritized, and prevents any threat to your cloud stack.

Cubro Network Visibility

Cubro Network Visibility

Cubro network visibility solutions remove network monitoring ‘blind spots’ to provide enhanced visibility and control of all data transiting a company’s network.

Belcan

Belcan

Belcan is a global supplier of engineering, manufacturing & supply chain, workforce and government IT solutions to customers in the aerospace, defense, automotive, industrial, and private sector.

SecurIT360

SecurIT360

SecurIT360 is a full-service specialized Cyber Security and Compliance consulting firm.

Guidepost Solutions

Guidepost Solutions

Guidepost Solutions are a diverse, global team of investigators, experienced security and technology consultants, and compliance and monitoring experts.

MyCISO

MyCISO

MyCISO is the World’s first SaaS application that will vastly simplify security management for all.

Hetz Ventures

Hetz Ventures

Hetz Ventures is a global-facing VC investing in highly talented and ambitious Israeli founders who operate at the cutting edge of deep technology.

Arsen Cybersecurity

Arsen Cybersecurity

Arsen is a French cybersecurity startup, dedicated to enhancing human behaviors in cybersecurity.

OrbiSky Systems

OrbiSky Systems

OrbiSky Systems is a British tech startup specializing in data management and cybersecurity solutions.