AI Readiness for Banks: Preparing Your Cybersecurity for the Advances to Come

by

Jeremy PogueCommunity banks and credit unions have a time-honored reputation for being cautious about new technologies. Rightly so. The security risks from developing tech can be enormous for financial institutions. Perhaps that’s why I get such shocked reactions from our banking clients when I advise them to jump into new generative AI tools like Microsoft Copilot now. While there are many instances when it pays to be a “late adopter” of new tech, the AI boom is not one of them. Why? Because sitting out will put your bank’s cybersecurity at more risk, not less. Let’s talk about why that matters and what AI readiness for banks will look like in the future.

 

Where We Are With AI and What It Means for AI Readiness for Banks

First, let’s get down to the fundamental question: Why is it risky to wait on AI? The simple answer is that your employees, clients, and vendors already use it. A recent report by Adobe Analytics revealed that roughly half (53 percent) of their respondents have used generative AI. Nearly 81 percent of that number already used generative AI in their personal lives, 30 percent in their work lives, and 17 percent for school. This tracks pretty well with other surveys by Salesforce and Forbes Advisor.

Even if you don’t have generative AI on your system, nothing can stop your employees from taking a meeting transcript offline and using chat GPT to summarize it. They could use a personal AI tool to modify photos without copyright, for instance, or plug in company stats to create graphs and charts for a presentation. And that’s just the beginning. Your sensitive or protected Information could easily be uploaded to an outside cloud to get the job done faster and better. Sure, you can create strict company policies to ban engines like Chat GPT or Midjourney, but new AI applications are coming out so fast that this will soon become a losing battle. AI tools will be embedded into nearly every device and platform within a year or two. They’ll be impossible to avoid. Here’s how that’s playing out in the headlines.

 

AI: Your New Professional and Personal Concierge

 As of the writing of this article in June 2024, we have just seen some of the biggest, most ground-breaking announcements ever made in tech come out in just these last few months, including:

 

Apple Intelligence—

Apple announced Apple Intelligence at its developer conference this month, which will integrate AI tools across all its later-model laptops, tablets, and phones starting in beta this fall. In addition to integrating Chat-GPT generative AI, Apple Intelligence will allow enhanced language capabilities, summarization of lectures/meetings/group threads, intelligent search of all your documents, conversations, and videos/photos, and the ability to create personalized photos and images from a prompt. Nearly all of this will be done either on the device itself or pinged off into the customer’s private cloud, so data is never shared with Apple.  

 

Microsoft’s M365 with Copilot—

Microsoft will now offer a new AI engine—Copilot—as part of all its familiar cloud productivity tools. This will give users the unprecedented ability to intelligently extract Information from all the company’s files, summarize and translate meeting transcripts in real-time, and generate documents, datasets, emails, and presentations from a single prompt. For more information on how Copilot can speed up your workflows, visit our recent blogs on Copilot for Word, Copilot for PowerPoint, Copilot for Teams, and Copilot for Outlook.

 

Google Gemini/Astra—

Google unrolled its vision for the future of AI with Google Gemini and Google Astra—tools that can reason across text, images, audio, video, and code. It’s all part of Google’s quest to create advanced AI models that understand the world like you do. This leap forward brings much of the generative AI capabilities you see in ChatGPT to Google search and the ability to search the internet via image and video. Additionally, Google uses these AI assistants to organize all the photos, documents, and emails users have stored in their Google apps like Drive and Gmail.

 

AI Readiness for Banks—the Upshot:

If you’re not gathering your bank’s Information in protected “walled gardens,” your employees’ devices and personal networks may do so for you. This is no time to sit on the sidelines.     AI readiness for banks  

AI Readiness for Banks: Key Strategies to Get Started

So, with all this in mind, what’s a bank to do? Whether or not you decide to implement an AI platform like Copilot right now, you must prepare your systems for the demands of the AI-enabled future. The picture above outlines the protections Microsoft recommends. Here’s my take on the matter.

 

Step #1—Create an AI Fair Use Policy

Develop a written policy and distribute it to employees. This document should include basic safe procedures for handling AI during work hours. At a minimum, it should have directives to:

  • Not use their phones to record customer conversations or take photos of any company data unless they use a protected company app.
  • Not download or write into prompt any customer/protected company information into public generative AI tools like Chat GPT.
  • Not use photos or illustrations AI generates for bank business unless proper copyrights or payments have been issued.

Put together an internal committee that can help you understand the ways AI could impact your systems and have them help draft your AI policy.

Get our free AI policy template for your business Your team is using AI tools like Copilot and ChatGPT to handle work. Make sure usage is ethical and secure with our free AI Acceptable Use Policy Template.  

 

Step #2—Make Conditional Access Procedures Mandatory

AI tools can search your database line by line with nothing more than a prompt. This requires a shift in how we think about Information. Before you launch a powerful tool like Copilot for M365, direct every department to think hard about the documents they have saved on your system. Is some of the Information old? Are there erroneous first drafts or multiple versions? If so, you must delete or move them to a historical archive that is inaccessible for search. Then, you must identify what files would be considered AI searchable and by whom. Fortunately, Microsoft has created robust conditional access protocols to separate your documents into rings of access. Ensure that your staff uses these protocols every time they save a document.

Step #3—Install a Full Suite of Data Protections that Support AI Readiness for Banks

I can see all of you nodding along here, secure in the knowledge that you have purchased all the cybersecurity tools regulators require for banks. But how well do these tools work together? If you bought a patchwork of tools over time, a detailed cybersecurity assessment might reveal mismatched reporting, incomplete monitoring, or just plain incompatibility between the tools. If you don’t have a set of interlocking security tools like our OneDefense program for banks, it might be time to invest.

Step #4—Include AI Risks in Your Cybersecurity Training

As part of your employee security training, employees should be educated on the dangers of using AI tools with unsecured data. They must learn to surf smart and catch when an AI tool provides insufficient or hallucinated Information. They also should be taught how to recognize new and more sophisticated phishing threats posed by AI-enabled hackers. We are in a “wild west” period of AI, which has even bigger implications for cybersecurity. Prepare your team accordingly.

 

Step #5—Secure Your Monitors

Tools like Google Astra have made smartphones incredibly powerful. AI can now read, understand, and search the videos and images you take with your phone or tablet. So, conceivably, anyone in your bank could walk past a monitor where a programmer is working on code or a loan officer is working with a customer’s data. Then, they could take a covert photo. They could feed those images to Astra to reveal the purpose of the code or parse the customer information on screen. Fortunately, screen protections can keep that snooping to a minimum. If you don’t already have that, now’s the time to install them. Tell your employees to be extra vigilant about leaving their desks with their screens up.

 

AI Readiness for Banks: The Job Begins Now

Are the cyber security risks for banks increasing because of AI? Yes. Are these risks manageable? Also, yes. Cybersecure AI is achievable—if you train yourself now to think differently about your data. You must rethink how your data is accessed, stored, organized—and, most importantly, protected. If you’re interested in M365 Copilot for your bank, Integris is organizing betas now. You can also book pre-AI system assessments with our vCISO staff now. We’d love to help you get safely started on the road to AI-enabled productivity and profitability. Contact us now for a free consultation.  

Jeremy Pogue serves as Director of Security Services at Integris.

Keep reading

Everything You Need to Know About Microsoft Copilot

Everything You Need to Know About Microsoft Copilot

Microsoft Copilot is easily one of the most hotly anticipated tech advancements to your desktop in decades. Does that sound like a bold statement? I assure you, it's not. For companies that buy into Microsoft's new, proprietary AI engine, Copilot will be woven...

Four Social Engineering Hacks You Need to Prevent in 2024

Four Social Engineering Hacks You Need to Prevent in 2024

The Anti-Phishing Working Group (APWG) reports over 963,000 unique phishing sites worldwide were detected in the first quarter of 2024, collectively sending out billions of spam emails a day. Is this number scary? You bet. But it's the growing sophistication of these...