ChatGPT and AI chatbots – Is my organisation at risk?

Australia, Dec 8, 2023

Published by Logicalis Australia
Author: Adrian Alatsas 

Introduction

impromtu ebook 

If you’re a C-level executive, IT manager or board member and you aren’t having conversations around artificial intelligence (AI) chatbots within your organisation, you are already late to the party. Why? Because your staff have already had a play and, while they are yet to understand the true potential of these types of platforms, they’re intrigued, and rightly so. Original concepts for AI chatbots were around automating and creating code; however, they’ve significantly matured in an extremely short timeframe. What can they do? Well, that’s not really the right question, because we’re yet to truly see how impressive and/or damaging these platforms can be. Do these types of platforms pose a risk to your organisation? Bingo, and the answer may be undoubtably yes, a significant risk, in my opinion.  


What can these platforms REALLY do? 

If you’re yet to be sold on the power of AI chatbot platforms, entrepreneur, investor and strategist, Reid Hoffman, provided GPT-4 (ChatGPT’s latest chatbot from OpenAI) enough prompting to create the first end-to-end book (220 pages) written by AI chatbots. The book, “Impromptu; Amplifying Our Humanity Through AI” is now available on Amazon (Kindle) for $0.99USD or can be viewed online for free here: https://www.impromptubook.com/wp-content/uploads/2023/03/impromptu-rh.pdf. I highly recommend a read to fully understand what, with suitably prompted information, these platforms are capable of. Yes, it feels impersonal, and the language and empathy needs work; however, the outcome is truly incredible. Oh, and it also includes references, links, and data sources if you don’t trust the accuracy of the facts included in the writing.  


So, how does this impact your organisation? 

Well, if a book can be written to the above standard, just imagine what a staff member could use it for. As with any information sharing platform (Teams, Slack, Google Drive, OneDrive, SharePoint, email etc.), staff will use the corporate provided platform as long as it’s fit for purpose, but in most cases will still use other apps depending on their specific or customer requirements. AI chatbots are available for free on the web through any browser or on any smartphone. So, what’s stopping staff from sharing corporate information on an AI chatbot? Why would they want to? The real question is why wouldn’t they?

If I am a CFO and I’m asked to write a report about the most or least profitable areas within the business, and all my statistics are in Excel spreadsheets or my finance application (with exportable data) this could potentially take me days or weeks. If I upload my Excel spreadsheet into GPT-4 and ask for a report to be written with the correct prompts, I can have this report within seconds. So, I guess that’s a tick for using AI chatbots to improve efficiency, reduce man hours, and provide an evidence-based outcome in no time. However, I just shared my company’s profit and loss (P&L) information on a platform outside my organisation’s control and security policies. Who now owns that data? Who has access to it?

Around mid-March 2023, GPT-4 experienced a glitch, which allowed some users to see the titles of other users’ conversations as well as their content. In the above scenario, imagine your company’s P&L, or even customer data, was shared. Should we be concerned? Yes. But where do we start? 


What should organisations be talking about? How do we tackle this? 

Well, sophisticated AI chatbots are still new, so I’d be lying if we said we had all the answers. Keeping things simple can sometimes be hard; however, the foundations remain the same for every new emerging technology that hits the market (which is happening more frequently). Focus on three key areas within your organisation. The people, the policy/process and the technology. 


The people –  Are staff and contractors appropriately educated? 

Educate your employees. Like with anything new, staff don’t know what they should or should not be doing. Should we look into using AI chatbots to improve efficiency? If so, with what? Educate them about the potential risks and associated improvements that can be achieved. Communicate with your employees about the organisational impact that data leaks can have, and their individual and team liabilities of using these platforms with privileged information. The age of thinking that ‘no one at our organisation would be silly enough to use this technology with company data’ has ended. Enablement and effective awareness programs around the improvements and risks are a must. 


The policy / process – Do you have one that incorporates AI chatbots? 

Acceptable use and information management policies may have been written 10-15 years ago, or even updated five years ago. If you’re not updating these policies at least yearly, with the high frequency change in technology, you’re already out of date. Do these policies have the guardrails in place to ensure you are protected against information sharing on platforms of this nature? More importantly, ask yourself if you even know what’s in your information management policy or if you can even find it? Educate your staff frequently about their personal obligations to maintain the organisation’s information security. Mandating an update to a policy that no one needs to read is as effective as the cookie you clicked ‘okay’ to accepting when shopping on eBay. We might not really know what’s in it, but we’re sure it’s there doing something. 


The technology – Should you lock everything down? 

If you’re already thinking, ‘let’s lock everything down and block these sites’, you may find that this is actually a little tricker than expected. Google Bard is currently being integrated into Google Search, and blocking Google Search most likely isn’t an option. GPT-4 is being integrated into Microsoft’s new Bing, which will be released in the coming months. So, what can you do? Well, if you haven’t already, an information management strategy should be current and active within your organisation. Ensuring your data is secure from external sharing from corporate systems should already be something you’ve implemented or are working on. Regardless of the sharing platform (email, Teams, OneDrive, Google Drive, Slack etc.), you should be securing your data in a way that only those that need it see it and those that can access it can only do so in the ways the organsiation needs them to. Staff should not be able to share information that poses a risk to the organsiation regardless of the transport method.  


Conclusions 

There’s a lot to take in when it comes to AI chatbots. These platforms are new and rapidly changing, faster in most cases than we can consume them. Like with anything new, it’s going to take time to realise their potential to improve organisations or recognise their ability to harm them. Making the assumption that these platforms are another fad, and delaying your organisation from having these conversations and suitably preparing, is an organisational risk in itself. It’s important to have the conversation and start preparing now. If you’re not sure what to talk about and where to start, reach out to your trusted partners, ask questions and tap into their expertise. Check out these interesting statistics.

If a colleague or staff member hasn’t at least created an account or had a play on these platforms, regardless or your industry or position, I’d be absolutely astounded. The use cases and possibilities are endless.

Key takeaways:

  • Educate your staff on their personal obligations around information security.
  • Update or develop your information security strategies to account for AI chatbots if you haven’t already.
  • Ensure your policies and procedures are updated to account for AI chatbots and ensure staff read them or can at least find them.  
  • Implement information security around critical information within your organisation to ensure that staff can no longer access data from within a server when they’re in the office, that data is accessible, and is usable from everywhere.

Our consulting team love having conversations around emerging technologies and supporting customers with organisational impact. We are also a Microsoft Data & AI certified partner and can support not only the organisational change impact, but the implementation of new and emerging technologies.  If you’d like to have a conversation with us, don’t hesitate to reach out

Related Insights