5 Actionable Steps to Stop GenAI Information Leaks With out Totally Blocking AI Utilization

Oct 01, 2024The Hacker InformationGenerative AI / Information Safety

Since its emergence, Generative AI has revolutionized enterprise productiveness. GenAI instruments allow quicker and more practical software program growth, monetary evaluation, enterprise planning, and buyer engagement. Nevertheless, this enterprise agility comes with vital dangers, notably the potential for delicate information leakage. As organizations try to steadiness productiveness positive aspects with safety issues, many have been pressured to decide on between unrestricted GenAI utilization to banning it altogether.

A brand new e-guide by LayerX titled 5 Actionable Measures to Prevent Data Leakage Through Generative AI Tools is designed to assist organizations navigate the challenges of GenAI utilization within the office. The information gives sensible steps for safety managers to guard delicate company information whereas nonetheless reaping the productiveness advantages of GenAI instruments like ChatGPT. This strategy is meant to permit firms to strike the fitting steadiness between innovation and safety.

Why Fear About ChatGPT?

The e-guide addresses the rising concern that unrestricted GenAI utilization may result in unintentional information publicity. For instance, as highlighted by incidents such because the Samsung data leak. On this case, staff by chance uncovered proprietary code whereas utilizing ChatGPT, main to an entire ban on GenAI instruments inside the firm. Such incidents underscore the necessity for organizations to develop strong insurance policies and controls to mitigate the dangers related to GenAI.

Our understanding of the danger isn’t just anecdotal. According to research by LayerX Security:

• 15% of enterprise customers have pasted information into GenAI instruments.
• 6% of enterprise customers have pasted delicate information, comparable to supply code, PII, or delicate organizational data, into GenAI instruments.
• Among the many high 5% of GenAI customers who’re the heaviest customers, a full 50% belong to R&D.
• Supply code is the first kind of delicate information that will get uncovered, accounting for 31% of uncovered information

Key Steps for Safety Managers

What can safety managers do to permit using GenAI with out exposing the group to information exfiltration dangers? Key highlights from the e-guide embrace the next steps:

1. Mapping AI Utilization within the Group – Begin by understanding what it is advisable shield. Map who’s utilizing GenAI instruments, wherein methods, for what functions, and what sorts of information are being uncovered. This would be the basis of an efficient threat administration technique.
2. Proscribing Private Accounts – Subsequent, leverage the safety supplied by GenAI instruments. Company GenAI accounts present built-in safety measures that may considerably cut back the danger of delicate information leakage. This contains restrictions on the information getting used for coaching functions, restrictions on information retention, account sharing limitations, anonymization, and extra. Word that this requires implementing using non-personal accounts when utilizing GenAI (which requires a proprietary device to take action).
3. Prompting Customers – As a 3rd step, use the ability of your individual staff. Easy reminder messages that pop up when utilizing GenAI instruments will assist create consciousness amongst staff of the potential penalties of their actions and of organizational insurance policies. This will successfully cut back dangerous habits.
4. Blocking Delicate Data Enter – Now it is time to introduce superior expertise. Implement automated controls that limit the enter of huge quantities of delicate information into GenAI instruments. That is particularly efficient for stopping staff from sharing supply code, buyer data, PII, monetary information, and extra.
5. Proscribing GenAI Browser Extensions – Lastly, forestall the danger of browser extensions. Robotically handle and classify AI browser extensions primarily based on threat to forestall their unauthorized entry to delicate organizational information.

So as to benefit from the full productiveness advantages of Generative AI, enterprises want to seek out the steadiness between productiveness and safety. Consequently, GenAI safety should not be a binary alternative between permitting all AI exercise or blocking all of it. Relatively, taking a extra nuanced and fine-tuned strategy will allow organizations to reap the enterprise advantages, with out leaving the group uncovered. For safety managers, that is the way in which to turning into a key enterprise associate and enabler.

Download the guide to study how one can additionally simply implement these steps instantly.