Five tips for implementing AI without risking your data.
Combat the risks associated with AI and to help more organisations take advantage of it
Andrew Smith
Chief Information Security Officer
Kyocera Document Solutions UK
My top five tips to make sure any organisation can take advantage of AI, without the security pitfalls.
The Gen AI bubble might be growing slower than it was in 2023, but as adoption continues apace, organisations across the globe are still being caught out by outdated security protocols.
Tip 1: Avoid using personal or proprietary information in Gen AI LLMs
It is not common knowledge how and where data is used when utilising generative AI models. Often, end users do not know the sensitivity of the data they are uploading and are more focused on the potential outcome AI technology can generate. The important approach for business leaders is to ensure they do not restrict AI use, which in turn creates shadow use, but instead educate users on how to safely use AI and provide AI models that are safe to use in the business domain.
Tip 2: Create a company policy on AI & Privacy
From my experience, the challenge colleagues face here is the lack of reference material and best practices from which to build. Instead, the source of reference is best practices in data use, safety, and privacy, and adopting this approach in the use of AI. This way, the core topic of how data is utilised and generated is protected and considered by the foundation of well-established data and privacy policies.
Tip 3: Manage data privacy settings
Data privacy settings are challenging in this space, with many different web-based AI toolsets being launched daily.Our approach in this space involves utilising broader data privacy controls and data boundaries and sources to ensure data extraction is understood and controlled prior to uploading it to insecure sources.As more private AI tools and models are released, IT can control the use cases and abilities of the toolsets and expand the technology’s outcomes and outputs. This is where we believe mainstream adoption may be achieved.
Tip 4: Regularly change passwords and use data access controls
Companies must have strong IT policies that guide and control how users use systems, particularly the rules they must comply with. Modern IT platforms and data loss prevention policies and controls allow IT to have a greater influence on user behaviour. Still, end-user education is always essential to ensure the best possible protection for corporate IT systems.
Tip 5: Audit AI interactions and monitor data breaches
The critical element in trying to audit AI use and subsequent data breaches is to ensure strong guidance around permitted use cases and to utilise work groups that understand how users want to develop business operations utilising AI.Depending on the AI use case, and particularly with new private AI models, IT can have much greater control and insight.It is essential to utilise IT controls alongside industry-leading Cyber toolsets for data breaches to monitor and spot potential data leaks or breaches.
How can Kyocera Cyber support your business?
If you have been affected by the recent CrowdStrike incident and want to find out how Kyocera Cyber can better support your business, then reach out to our Cyber Team.
Does your business have a Disaster Recovery Plan?
Many smaller businesses put themselves at risk by not having a tested disaster recovery plan in place – discover how you can better protect your business by having a Cyber Assessment.