- Rebeka Šťastná
Much has been written about ChatGPT from an information security and privacy perspective. The supervisory authorities are putting the brakes on the train and trying to draw attention to how dangerous this tool is. Somehow, you don't want to believe the intoxication of its charm and skills, because vague terms like non-transparent information obligation, insufficient legal title or inadequate security measures do not mean much to you, and worse things have happened to data in the past anyway.
Making work easier vs. protecting society
Do you know the risks of using chatbots? What if we looked at a specific and real risk that could threaten your company?
Imagine a situation where you task your employee to check the terms of a contract with a vendor to see if, by chance, the new Cybersecurity Act is missing from an existing contract. The employee is drenched in sweat because he has never heard of such a law in his entire life, plus he plans to leave work early undetected to catch a family party. What now? The contract in its entirety and with your sensitive information is in ChatGPT, and it's already analyzing whether anything should be added.
What can you do?
We're not saying not to use AI, but we would like to point out that whenever you use ChatGPT or a similar tool as part of your work, data about your work is sent to an external open model that is no longer under your control.
Using ChatGPT can also potentially violate any contractual confidentiality agreements you have with customers, copyright, or reveal information or knowledge that should not be disclosed.
The solution to this is to educate your employees, adopt specific guidelines for the use (or non-use) of chatbots or, for example, implement your own internal ChatGPT-based system. We've put together some basic guidelines for employees to guide them in using technologies like ChatGPT responsibly and safely.
- Do not share any sensitive or confidential information about the company, clients or colleagues that could violate privacy and information policies.
- Do not discuss internal company plans or strategies turnover.
- Respect copyrights and licenses, make sure you have the right to use the texts and materials you work with.
- Only record and share information that is relevant to the task you are addressing and avoid disclosing unnecessary details.
- Neposkytujte informace, které by mohly ohrozit bezpečnost technologických systémů nebo přijaté organizačně technická opatření společnosti nebo klientů.
- Attend regular cybersecurity and privacy training sessions to ensure you are well informed about the latest threats and measures.
- Comply with company guidelines.
