In collaboration with the police, the Digital Trust Center (DTC) warns about the risks of using generative artificial intelligence (AI) in the workplace. They also share tips on how both employees and employers can handle AI safely. Human contact is key here.
While AI tools such as text generators and image creation apps offer entrepreneurs significant (efficiency) benefits, there is also a dark side to these technologies. Cybercriminals can also use these tools for fraudulent practices.
Identity fraud, such as CEO fraud. For example, AI can be used to clone a voice or draft realistic texts.
Spreading disinformation. Language model ChatGPT produces authentic-looking texts at scale and speed. Such a language model can help criminals for propaganda and disinformation purposes.
Malware. ChatGPT is capable of producing code in a number of different programming languages. For a potential criminal with little technical knowledge, this is an invaluable resource to produce malicious codes (such as malware).
Manon den Dunnen, Strategic Specialist Digital at the police, stresses the importance of being vigilant when using AI yourself: "If you wouldn't put it on LinkedIn, you shouldn't put it on ChatGPT either. Because that system trains itself with the information DTC you enter and before you know it, your information will show up in texts generated for others. That's why companies like Samsung have banned their employees from using it."
Tips for dealing with artificial intelligence and cybercriminals using it:
Confidential conversations are best conducted in person.
Never enter confidential data in ChatGPT or similar language models. So no names of people either. Be aware that the systems are aimed at generating texts 'similar to'. It is not a search engine, as there is no database behind it, so do not use it if factuality is important.
If in doubt about the identity of the person on the phone, you can suggest calling back. Another option is to ask a perception question. For example: How was your conversation yesterday?
Agreements can be made, for example, to deal with invoices only when there is an opportunity to check what the source is.
Explore what DTC solutions you can implement in coordination with partners in the chain to establish the authenticity of the sender of invoices or other important communication. Revert to advice relevant to, for example, phishing or CEO fraud. These forms of cyber incidents remain fundamentally the same even if AI is used as a tool.
Know what questions to ask when buying procurement software. For example: In what way does this software use artificial intelligence, how is it trained, what happens to this data and what security issues are involved?
