By Dr. Tim Sandle
July 9, 2024
The EU concluded Microsoft's tie-up with OpenAI does not mean the US tech giant has control of the ChatGPT maker - Copyright AFP/File Charly TRIBALLEAU
Data privacy is at risk with the rise of generative AI. Over 77 percent of companies are either using or exploring the use of artificial intelligence, and amid this widespread adoption, more than three-quarters of these companies have experienced AI-related security breaches.
Nearly one-third of employees have admitted to placing sensitive data into GenAI tools and 39 percent cited the potential leak of sensitive data as a top risk to their organization’s use of public GenAI tools.
With this in mind, the company Kiteworks has shared advice on how to keep sensitive data secure when using GenAI tools with Digital Journal. The main points are:
Avoid Using Personal or Proprietary Information in GenAI LLMs
Data security and privacy should be the top priority when using large language models (LLMs) and generative AI tools, which may be subject to different regulations across countries and regions.
Given the allure and ubiquity of GenAI LLMs, it’s essential for employees to remove any personal or proprietary data when using these tools. This includes customer information, financial data, proprietary strategies, personally identifiable information (PII), or any confidential documents.
This approach helps mitigate risks of unauthorized access to sensitive data as GenAI LLMs typically store the data they’re given and can re-purpose it for similar queries.
Create a Company Policy on AI and Privacy
LLMs and generative AI tools present significant accuracy, accountability, privacy, and security challenges. Implementing and enforcing company policies that specify what can and cannot be shared with LLMs and generative AI tools can mitigate many of these risks. It is imperative therefore for employees and business owners to work together to ensure these policies are clearly communicated and consistently followed.
Ongoing training for employees is crucial to keep them informed about the latest data privacy standards, potential risks, and the correct usage of AI tools. Implementing data loss prevention (DLP) technologies can help in identifying and protecting sensitive information, ensuring that it is not inadvertently shared or accessed by unauthorized entities.
Additionally, monitoring file activity, such as downloads and uploads, can provide insights into unusual or unauthorized actions, allowing for swift intervention.
Manage Data Privacy Settings
To prevent company data from being used for AI model training, it’s vital to safeguard sensitive information. Most GenAI tools have a feature that disables the tool from storing queries and information uploaded. A typical disablement feature looks something like this: navigate to “Settings” and, under “Data Control,” disable the “Improve Model for Everyone” option.
Regularly review permissions to prevent unnecessary data access, ensuring privacy and thwarting unauthorized access.
Ensure chats are deleted to reduce the risk of sensitive information being stored. OpenAI typically deletes chats within 30 days, however, it is specified in their usage policy that some can be retained for security or legal reasons. To delete chats, access the AI tool’s settings, and find the option to manage or delete chat history. Periodically delete all chats to maintain data privacy and minimize vulnerabilities.
Regularly Change Passwords and Use Data Access Controls
Strong passwords and data access controls are vital for safeguarding accounts from cybercriminals, especially for securing accounts linked to AI systems. A six-character lowercase password can be cracked within minutes. Ensure password strength by creating long and complex passwords, with at least eight characters and special symbols.
Use unique passwords for each AI-related account, consider a password manager for tracking, and enable multi-factor authentication (MFA) for added security. MFA options like email, SMS, app, or biometric authentication add an extra layer of protection, significantly reducing the risk of unauthorized entry to AI systems and enhancing overall security posture.
Audit AI Interactions and Monitor Data Breaches
Private, work-related content should never be shared in public LLMs. However, almost 1 in 20 global employees (4.7 percent) have admitted to entering confidential corporate data into ChatGPT.3 Regularly audit activity logs to monitor suspicious file activity, particularly GenAI logins and file uploads. If the logs show these activities, investigate immediately to mitigate potential risks and maintain data integrity.
Utilize automated tools and anomaly detection systems to flag irregular patterns and behaviors that may indicate a potential breach or misuse. Conduct regular security assessments and penetration tests to identify vulnerabilities in your AI systems. Additionally, establish a response protocol for breaches that includes immediate containment measures, notification procedures, and steps for data recovery and mitigation.
Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.
No comments:
Post a Comment