The new Artificial Intelligence (AI) tool ChatGPT is all over the news these days! ChatGPT was created by OpenAI, and it's an AI language model that can understand human language and generate human-like responses. It's the fasted growing tech platform ever, hitting ONE MILLION users in just FIVE DAYS! You can ask a question and get a response. Need help writing an email or a letter to a client? You can automate a lot of repetitive tasks like writing an introductory email, an online ad, or even an outline of a book. It's a tool that can save you a lot of time when used right. If you have writer's block, or just can't think of how to start a response, just ask ChatGPT. The responses will require some fact checking and fine tuning, but you'll never have to stare at a blank sheet of paper again (a computer screen these days).
ChatGPT Data Privacy Risk
There is a downside though to be aware of: Chat GPT doesn't keep secrets! In the past week, it was reported in the news that Samsung workers accidently leaked trade secrets via ChatGPT. The employees were using the platform to check some code, and submitted highly confidential source code into the platform, requesting "code optimization". (The platform is so powerful it can actually do this!) That information is now "out in the wild" for the platform to consume and for others to potentially retrieve.
Other scenarios include sharing confidential legal documents, medical information, or financial information. In ChatGPT's usage guide, it warns users not to share sensitive information in conversations, but many people don't read the fine print, or don't grasp the implications.
Technology advances at a fast pace, and now is the time to update your company's "Acceptable Use Policy" to specifically address ChatGPT. Good employees will want to use the latest tools to help them be more efficient and productive, and it's important to let them know how to do so safely.
Here's an example Acceptable Use Policy you can use as a starting point (and I used ChatGPT to help create it!)
ChatGPT Acceptable Use Policy
This Acceptable Use Policy outlines the rules and guidelines for the use of ChatGPT by employees of [company name]. The purpose of this policy is to ensure the security of our company's information and data, as well as to maintain a professional and respectful environment for all users.
Authorized Use: Employees are authorized to use ChatGPT for work-related purposes only. This includes tasks such as research, data analysis, and communication with clients and colleagues.
Confidentiality: Employees must not disclose any confidential information while using ChatGPT. This includes but is not limited to trade secrets, intellectual property, financial information, or any other sensitive data. Employees should also ensure that they are not discussing any confidential matters in areas where others may overhear their conversations.
Security: Employees are responsible for maintaining the security of their login credentials and must not share their login information with anyone else. Employees should also report any suspicious activity or security breaches to the appropriate personnel immediately.
Personal Use: Employees may use ChatGPT for personal reasons during non-working hours, but must not use it for any activities that may violate company policies, such as harassment or discrimination.
Prohibited Activities: Employees must not use ChatGPT for any activities that may be illegal or unethical, including but not limited to spreading false information, engaging in cyberbullying or harassment, or attempting to gain unauthorized access to any systems or networks.
Acceptable Conduct: Employees should conduct themselves in a professional and respectful manner while using ChatGPT. This includes refraining from using any profanity or engaging in any discriminatory behavior.
Compliance: Employees must comply with all applicable laws, regulations, and company policies while using ChatGPT. Failure to comply may result in disciplinary action, up to and including termination of employment.
By using ChatGPT, employees agree to abide by this Acceptable Use Policy. Employees who violate this policy may face disciplinary action, up to and including termination of employment.
Make it your own: You'll probably want to make a few updates and changes to fit your business specifically, but this policy is a great starting point to get the conversation going. The employees at Samsung didn't intend to leak highly valuable data, but they did. Don't let it happen to your business!
Are you interested in learning more about you to protect you, your family, and your local business online? Get the new book: Cybersecurity for Main Street: Cyber Fit in 21 Days.
"As a small business owner, I found this book to be an invaluable resource for understanding the complex world of cybersecurity and how it applies to my business."