AI best practices: How to securely use tools like ChatGPT
Artificial intelligence (AI) tools, like ChatGPT, can be used to create anything from song lyrics to new recipes — and now, people are using this technology to help with their jobs.
AI is useful but can also be a huge cybersecurity and privacy risk. So it’s important to understand what artificial intelligence is and the best practices you should employ to use it safely:
- Be selective in choosing your AI chatbot
- Never input personal identification information (PII)
- Be cautious when using AI photo editors
- Always verify the data you get from an AI tool before using it
- Stay vigilant against phishing attacks
What is AI and why is it a useful tool?
AI is a type of computer technology that makes machines "smart.” It helps machines perform tasks with human-like intelligence.
Take ChatGPT, for example. Just type in what you want it to write — a song about your dog, for instance — and it generates one in seconds.
AI is a valuable business tool. It can analyze data, generate reports and even write code. But before you use any app, you need to understand the inherent security risks associated with AI.
Two year's worth of NIST-aligned training
Deliver a comprehensive security awareness program using this series' 1- or 2-year program plans.
Be selective in choosing your AI chatbot
Be careful which AI application you use. AI is intensely popular with everyone right now, and hackers have taken notice. Threat actors have even created fake AI apps designed to trick you into downloading them. And if you do, they will seize the opportunity to install malware created to steal all of your data.
→ Only use AI tools that are approved and verified by your company.
Never input personal identification information (PII) into AI chatbots
Don’t use any protected data or personal information when utilizing or experimenting with AI. For instance, say you have a confidential sales report and want to generate a summary using AI. You upload the report, but now the data that you entered is stored on ChatGPT’s servers — and it will use that data to answer queries from other people, possibly exposing your company’s confidential information.
Hackers exploited ChatGPT code vulnerabilities to steal user information.
Additionally, hackers may find a way to steal that data directly from the app itself. In fact, just recently, ChatGPT confirmed that they suffered a data breach. Hackers exploited a vulnerability in ChatGPT’s code that allowed them to see the history of other active users.
Regardless, uploading sensitive data or information could violate privacy laws, which would result in your company possibly facing large fines and lead to your termination.
→ Therefore, you should never upload protected data or PII when using an AI app.
Be cautious when using AI photo editors
You upload a photo of yourself so you can turn it into a cartoon. Fun, right? But when you upload that photo, you may be inadvertently handing over valuable information about yourself to the AI software. Your image, location data and other metadata could be at risk. There are even concerns about companies using photos uploaded to AI photo editors to train facial recognition software within the cybersecurity community.
→ Always be cautious about what you upload into an AI app, even when they’re just images.
Do not rely on AI chatbots to always provide factually accurate information
An AI tool is only as good as the data it uses. If its data is old or incomplete, the content it generates could be biased, inaccurate or just plain wrong.
The same thing goes for computer code. Programmers have started to use AI tools to write code for them. It does save them time, but they run the risk of generating code that could very well have errors that cause it to be unstable or insecure.
→ Whatever data you get from an AI tool, always verify it carefully before using it.
AI is helping hackers generate a better mousetrap
AI can make your or your coworkers’ jobs easier, but keep in mind that AI is also making hackers’ jobs easier, too.
In the past, hackers would send the same poorly worded phishing email to thousands of people. Trained spam filters could then identify and catch those emails before putting you or your organization at risk.
But now, hackers are using AI to generate millions of customized, well-written emails, which are much harder for both spam filters and humans to discern. This means that more sophisticated phishing emails will be arriving in your and your coworkers’ inboxes, putting yourself and your organization at an increased risk.
How to stay cyber secure against advanced AI phishing attacks
The best thing to do to protect yourself, your coworkers and your organization is to stay alert. Don’t click any links or download any attachments from email addresses you don’t recognize. If you aren’t sure, verify the request with the sender at a confirmed email address or phone number before doing anything.
Get six free posters
Reinforce cybersecurity best practices with six eye-catching posters found in our free poster kit from our award-winning series, Work Bytes.
Knowing how to best use AI will keep you & your organization cyber-safe
AI has incredible potential - and its popularity will continue to grow.
But just because it’s popular doesn’t mean it’s always safe. Use this quick checklist whenever doubts arise:
- Always check with your organization before downloading any app or using any AI tool.
- Inquire from your manager about AI security policies your organization may have in place.
- Always take into consideration the potential risk before entering any information or data into an AI application.
As AI evolves, how we use it will change. Stay up to date with your organization’s latest guidelines to ensure that you’re staying safe with this technology. Keep yourself and your organization cyber secure when using ChatGPT with these free training resources from Infosec.
In this Series
- AI best practices: How to securely use tools like ChatGPT
- Tax scam season: How to protect your data from common scams in 2024
- Security awareness for kids: Tips for safe internet use
- Celebrate Data Privacy Week: Free privacy and security awareness resources
- Consumer data, who owns it and who protects it?
- Human error is responsible for 74% of data breaches
- What is a social engineering attack?
- Biggest cybersecurity mistakes by large organizations
- 4 common social media scams (and how to avoid them)
- From theory to practice: Designing a successful security awareness training program
- Understanding cyberattacks: Types, risks and prevention strategies
- Securing digital frontiers: The importance of information and IT security awareness training
- Optimizing your corporate security awareness training: Strategies and techniques
- What is security awareness: Definition, history and types
- Top 10 security awareness training topics for your employees in 2023 and beyond
- Connecting a malicious thumb drive: An undetectable cyberattack
- 5 ways to prevent APT ransomware attacks
- 4 mistakes every higher ed IT leader should avoid when building a cybersecurity awareness program
- ISO 27001 security awareness training: How to achieve compliance
- Run your security awareness program like a marketer with these campaign kits
- Deepfake phishing: Can you trust that call from the CEO?
- Fake shopping stores: A real and dangerous threat
- 10 best security awareness training vendors in 2022
- How to hack two-factor authentication: Which type is most secure?
- Malicious push notifications: Is that a real or fake Windows Defender update?
- Free Cybersecurity and Infrastructure Security Agency (CISA) ransomware resources to help reduce your risk
- How IIE moved mountains to build a culture of cybersecurity
- At Johnson County Government, success starts with engaging employees
- How to transform compliance training into a catalyst for behavior change
- Specialty Steel Works turns cyber skills into life skills
- The other sextortion: Data breach extortion and how to spot it
- Texas HB 3834: Security awareness training requirements for state employees
- SOCs spend nearly a quarter of their time on email security
- Security awareness manager: Is it the career for you?
- Risks of preinstalled smartphone malware in a BYOD environment
- The ROI of security awareness training
- 5 reasons to implement a self-doxxing program at your organization
- What is a security champion? Definition, necessity and employee empowerment [Updated 2021]
- Excel 4.0 malicious macro exploits: What you need to know
- Worst passwords of the decade: A historical analysis
- ID for Facebook, Twitter and other sites? Not so fast, says security expert
- 3 surprising ways your password could be hacked
- Fake online shopping websites: 6 ways to identify a fraudulent shopping website
- All about carding (for noobs only) [updated 2021]
- Password security: Complexity vs. length [updated 2021]
- What senior citizens need to know about security awareness
- 55 federal and state regulations that require employee security awareness and training
- Brand impersonation attacks targeting SMB organizations
- How to avoid getting locked out of your own account with multi-factor authentication
- Breached passwords: The most frequently used and compromised passwords of the year
- Top 5 ways ransomware is delivered and deployed
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
Security awareness
Tax scam season: How to protect your data from common scams in 2024
Security awareness
Security awareness
Celebrate Data Privacy Week: Free privacy and security awareness resources
Security awareness