Small Business A.I. Adoption – Have you considered the risks?
The adoption of A.I. is pushing into every aspect of our lives and many businesses are rushing to adopt this great time saving technology and find way to use it in house, where businesses are not looking to specifically adopt A.I. tools as a whole, employees are independently seeking tools and using them to assist their own tasks.
We see ChatGPT being used to summarise documents and write emails, Microsoft CoPilot summarizing meetings and Google Gemini helping with research online.
Businesses and employees are sharing both commercially sensitive and personally confidential information, but have they reviewed and evaluated the risks?
Do we need to worry?
Budgets can be tight in small business and the advantages of using A.I. Tools are undisputable in many areas, but cost cutting and minimal in house security can lead to risk exposure around A.I. Both consumer grade and free A.I. tools don’t have the same protections as enterprise level tools.
Examples of risk:
- Security Breaches
Your staff use AI Chat to summarise or improve Client CV’s
AI Chat keeps a history of your previous communications, if you’re not enforcing MFA to all staff do you know if they set it up? If their accounts breached so is the personal data of your clients, names, addresses, phone numbers, ages etc. - Compliance Violations
Your staff use AI to search and summarise email data.
Granting access to email can provide great advantages with fast search and evaluation, summarising and writing responses, but what other data do you have? What happens to that data, where does the AI store it, who has access to it and what security do they have? Does this meet data protection requirements? Without knowing what happens to the data how can your business ensure its safe! - Data Leakage
Your staff use AI to write emails
Do they thoroughly check what’s written? A.I. doesn’t inherently know what’s confidential and what’s for public release, AI tool can easily slip the bounds of your original intention and release data that’s confidential. Imagine a salesperson sending your buy pricing rather than your sell pricing. - Inaccurate Outputs
You staff rely on A.I. research to make business decisions
I. can be great at researching and summarising data into clear concise points, but what happens when it goes rogue, stories of solicitors quoting imaginary case law, AI Chat bots promising refunds against company policy and management making decisions based on hallucinated forecast models. Without appropriate training, A.I. can get staff and businesses in hot water fast!
Do we really need to pay?
Many A.I. platforms provide free and paid editions, small business can quickly question if paying is worth it.
Free Tools:
- Often lack centralised security controls leaving data open to breach from bad actors online.
- If you’re not paying for it, then you are the payment. Many free tools online use your data to improve their service for the paid customers meaning you get very little privacy and almost no guarantees on security.
Paid tools:
- Often allow the centralised management of security across the organisation, enforcing MFA, managing user accounts to remove old users, managing what content can and cant be submitted,
- Protect your data better with encryption, data residency options and don’t train their models on your data. Terms and Conditions and Privacy policies are often a lot more refined to paid customers.
How do we protect ourselves?
Understanding the risks is a great first step but managing those risks is an ongoing process for all businesses. So what should you be looking at?
- Develop an A.I. use policy
Let everyone know the businesses approach to A.I., the risks, what tools are approved for use, what types of data is allowed to be entered, how to request new tools, how the business will evaluate new tools, who is responsibly for oversight and compliance. - Educate the team
Ensure your team know about the policy and why it’s in place, the differences between secure and insecure AI and how that relates to business risks, how to identify sensitive data that you don’t want leaking into A.I. models, how to raise concerns in a safe environment. - Use Enterprise plans and security features
When implementing new tools review business grade plans and the security they come with, ensure your following best practice with Multi Factor authentication protecting all online services and check how the privacy of data changes between consumer and business services. - Monitor and evaluate usage
Check in with staff regularly and encourage transparency with them. Let staff know this is to protect the business and not to hinder their work. Ensure they know that when they raise needs, you’ll work with them to create solutions not simply block access. - Review Terms and Privacy Policies of each tool individually
Understanding how each tool collects, stores, manages and shares your data is core to protecting your business. Ensure that you read Terms and Conditions and Privacy Policies before proceeding with any new tool. Check back regularly for updates and keep abreast of changes to local laws and regulations that govern data protection.
Final Thoughts
A.I. is a fast moving industry and businesses want to adopt it and work with the new trends but taking a step back and evaluating the who, what, how and why can save huge headaches and expense down the line.
Develop clear policies and choose secure tools with the correct levels of protection. Look outside of you’re A.I. tools, at Endpoint Protection and Data Loss Prevention tools that can help protect and manage risks across your business.
Work with trusted I.T. Professionals such as the team at Tetrabyte to evaluate your business needs and understand how A.I. can help and how you can manage the risks it poses.
