Managing data protection and third-party risk with AI
Image from Pixabay
Voice assistants, predictive text, autonomous cars and other advancements in artificial intelligence (AI) are either already woven into people’s ordinary lives or fast approaching their horizons. Artificial intelligence is spreading its influence across society. Companies that are reluctant to implement AI and machine learning risk falling behind competitors that have adopted these tools and are using them to meet modern user expectations.
Yet, whether an organization is already leveraging AI and machine learning (ML) platforms or considering adopting them, it’s crucial they are attuned to security issues attached to this technology. Companies and their vendors must see eye-to-eye on AI and ML’s use and protect themselves against cyber breaches that can derail operations.
Tech boom, not cyber doom
Gartner predicts AI — a $60 billion industry in its own right — will grow 20% this year, tying that shift to organizations’ improving digital maturity to meet business needs. Unfortunately, at the same time, PricewaterhouseCoopers reports fewer than half of companies have a grasp of their third-party cyber and privacy risks.
That’s a security combination that should raise the alarm. Organizations must work with external partners to keep data breaches in check and confidently operate in a secure environment.
Businesses and their partners should seek a shared level of trust that suits each of them. Trust starts with sharing authentic, documented security standards and grows with a consistently robust security performance over time.
Comply, certify and verify
Organizations operating securely in the latest AI and ML environments start by working with providers that perform at strict compliance levels. That means more than just meeting the basic level of Europe’s General Data Protection Regulation (GDPR), the California Privacy Rights Act (CPRA) and similar regulations. It means obtaining outside audits and certifications, such as ISO 27001, that reflect the commitment to maintaining data privacy, confidentiality and security as part of general business practices.
Responsible technology providers are able to specify the regulations and frameworks their software complies with, as well as list the steps they take to achieve and maintain third-party verification.
Likewise, organizations should communicate openly with partners about additional data security levels that could arise. Companies typically seek data security associated with the payment card industry, the Health Insurance Portability and Accountability Act (HIPAA) and system and organization controls audits.
How data is managed
Exemplary customer service relies heavily on data. Its management is crucial to security.
Customer support can be conversations over email, live chat, AI-enabled voice translations, and other online channels. When time is limited — as is often the case with users — quick solutions might involve users sharing personally identifiable information (PII) such as full name, credit card numbers, or personal contact information.
Brands need to know how vendors handle this sensitive information. Is it encrypted or not? If it’s stored in a database — where? Or does it get deleted — and when? Certainly, if user data is retained, the company and vendors should be clear on all measures being used to protect it against breaches or attacks.
Prep and test for attacks
Like all successful companies, third-party vendors don’t rely on hope or luck to pull them through a rough patch. A sound business relationship between a company and its AI and ML partners will include cyberattack assessments, scenarios and responses, and recovery planning to develop the best gauge of risks.
There should be penetration testing in place to actively seek vulnerable areas of the software or attempt to infiltrate business operations through the platforms. This helps maintain a robust security posture and defend against evolving threats. It’s a direct counter to efforts that cybercriminals worldwide are constantly making against companies big and small.
Additionally, as partners in data defense, companies should review vendors’ business continuity and recovery plans and have clear roles and responsibilities assigned in case of emergency. This helps prepare the partnering businesses for its part in disaster preparedness and recovery should there be a service disruption — whether from an intentional cybercriminal attack or some other circumstance.
Strategic partnerships
Companies may consider it a delicate balance to bring the power of AI and ML into their user-facing operations. They’re experiencing rising user expectations that can only be achieved through AI and ML tech while also hearing the growing consumer concern over possible misuse of personally identifiable information (PII). Reports keep rolling in detailing cybercrime and data breaches, and 86% of U.S. consumers are concerned about data privacy.
As more brands deploy automation into their customer support operations, companies and vendors must work as strategic partners. By proactively ensuring data privacy and security, businesses can ease user concerns over how their personal information is collected and used.
