When it comes to IT Security, there is one tough job that
probably nobody wants to have: Being the
tech support person. I used to do it a
long time ago back in my grad school days, and I got a huge feeling of joy when
I knew I made a difference in the day of a customer. But keep in mind that is only 20% of them. The remaining 80% want everything fixed right
now, and when you repair something, they show no appreciation for it, whatsoever.
As technology has evolved further, and as people are pretty
much working remotely now, the support tech is faced yet with another daunting
task: How to keep employees honest and
abiding by using only authorized tools for doing their daily job tasks. This is even harder to enforce when people work
from home. This has been a problem for a
long time, and it has become technically known as “Shadow IT”.
But further exacerbating this problem even more now is the explosion
of Generative AI, and how people are using it much more often now in the workplace,
in order to meet tight deadlines. In
fact, The Conference just conducted a research project on this, and here is
what they found:
*56% of employees now use Generative AI, whether it is
allowed or not.
*Only 26% of businesses surveyed have an active AI security policy
in place.
*Over 30% of employees use Generative AI to speed up their
deliverables even though they were not supposed to.
*91% of the IT support techs polled feel that they feel
pressured to compromise security in order to boost the bottom line by using AI
tools.
*Astonishingly, 81% of the tech support reps feel that is almost
impossible to enforce security policies, especially when it comes to using AI.
More details about this study can be seen at the following
link:
https://www.conference-board.org/press/us-workers-and-generative-ai
So now, it’s not so much of the issue of using non approved
devices or apps, now it’s becoming the risk of using Generative AI in the workplace
when employees are told specifically not to.
So now, this trend has now been appropriately called “Shadow AI”. So, what can be done about this? Here are three tips any CISO can adopt and
follow:
1)
Let ‘em use AI:
Let’s face it, AI is here to stay,
and it is not going anywhere for a long time to come. So, why not let your employees just use
it? Well, to a certain degree. You and your IT Security team should find a
bunch of AI apps that employees can potentially make use of. But before deploying them, first vet them and
test them out in a sandbox environment. Then,
tell your workers all about it, and encourage them to use it. By doing this, you will be showing them that you take their career growth seriously,
and by using something at least Generative AI related, this should alleviate the
temptation of using non approved AI tools.
But also caution your employees in this regard, and remind them of the consequences if they don’t follow the rules. Try to emphasize that as much as you are spending
on them, and that they need to reciprocate equally as well.
2)
Educate them:
We all keep hearing every day how important
it is to have security awareness training for employees. The same now also holds true about the use of
Generative AI in the workplace. There are
serious risks that can be borne out by not following the security policies that
have been set forth. Remind them that if
they do use unauthorized AI apps, this can be a grave consequence not only for
the company but even for their jobs as well.
3)
Monitor all activity:
As the CISO, make sure that your IT
Security team is monitoring all activity.
There are many tools that can be used to automate this process, and yes,
they are AI driven. LOL.
My Thoughts On This:
Hopefully by taking the above-mentioned tips into action,
your employees should be a happier crowd.
But then of course, there will be those that whine and complain that
they have to use Generative AI 100% all together in order for them to get their
jobs done. If this happens, throw this
question back to them: How did you make
it in high school and college when there was no AI or Google???
That is of course, if they are of that age.
No comments:
Post a Comment