GenAI tools are quickly becoming an integral part of the modern work environment – fulfilling a range of professional tasks from drafting a report to analysing spreadsheets, among others. A global Kaspersky survey found 95% of C-suite respondents are aware that GenAI tools are used within their organisations with more than half (59%) concerned about the risks of employees inadvertently leaking sensitive information when using AI. Kaspersky experts give advice on how organisations can use GenAI tools in a risk-free way,
“GenAI tools are enabling employees to become more productive as the technology assists with data analysis and routine tasks yet many people are using AI without proper authorisation from their employers,” said Vladislav Tushkanov, machine learning technology group manager at Kaspersky. “This could hold significant risks for the organisation. For instance, data leakage remains a significant concern. Furthermore, employees can get and act upon wrong information because of ‘hallucinations.’ This is when large language models present false information in a confident way. These hallucinations can be especially dangerous when GenAI is used to provide advice on how to complete certain work functions.”
Addressing this challenge is now a business imperative. Another Kaspersky survey has revealed that 42% of respondents from South Africa now see AI as a team member at work. Adding complexity to this is how effectively malicious users have adopted GenAI tools to create more convincing social engineering attacks to target individuals. For instance, drafting personalised phishing emails; generating deepfakes that contain realistic audio, video or text content that impersonates people; and even propagating disinformation campaigns that can influence public opinion or obscure the truth.
“This does not mean that organisations should block GenAI completely. Instead, decision-makers must conduct a comprehensive risk assessment to understand which parts of the daily business routine can be automated with GenAI tools without adding to the threat level facing the business,” said Tushkanov.
Through this, organisations can adopt a centralised approach when it comes to GenAI adoption. Such a service can then be provided via an enterprise account with a cloud provider while ensuring all the necessary safeguards are in place. These can include monitoring for potential personally identifiable information in messages as well as oversight. Organisations should also educate employees on the acceptable use of GenAI and the proper, company-managed ways of accessing them.
By understanding the benefits and risks of using GenAI and ensuring the necessary security measures are in place to mitigate any potential dangers, organisations can significantly improve employee productivity while increasing job satisfaction. General rules for employees should include not disclosing confidential data to AI tools; not relying on their advice for any critical use case; verifying information; remembering that data provided to a chatbot can leak; and all computers and servers running large language model-based systems are protected with up-to-date security tools.
“Simply banning tools like ChatGPT and other solutions might be not the best option. GenAI can be used positively by finding the balance between too much and too little caution. More broadly, partnerships between the public and private sector can see GenAI becoming a critical enabler to help drive business growth, enable more resources spent on innovation and