Category

Data

Jul 08
0

Responsible by Design: Building Guardrails for Safe Generative AI Use in the Workplace

By | cyber security, Data, Nonprofit | No Comments
Safe Generative AI Use

According to a McKinsey report, 8 in 10 companies report using GenAI. The question isn’t whether your organization uses GenAI, but how it will use it safely. And, if you are not in front of that question, leading and guiding your team in responsible generative AI use, they may inadvertently use it in ways that compromise data security.

Who Uses GenAI and Why?

Ask your team who is using GenAI and then dig into the reasons why they are using specific platforms. The answers will help guide you as you craft a GenAI use policy and consider paid versions of individual platforms.

Free platforms offer decent web searching, with some, like CoPilot, providing source links. If your team is using these tools to quickly find information, that’s fine. But be sure they understand the ramifications of uploading data or text into any of the “free” and public GenAI tools such as ChatGPT and CoPilot. Most, if not all, free tools ingest data for training purposes. This may or may not expose the data to others. It’s always best to err on the side of caution and limit the use of public, free AI tools to find or use publicly available data. For optimal data protection and security in AI platforms, the best recourse is to select paid, enterprise versions and ensure that security settings protect your organization. is.

The Basics of Business AI Use

Does your organization have a policy for using AI? If not, it’s time to draft one. Such a policy spells out for employees how generative AI may be used, under what circumstances, and which tools employees may use.

If you do not explicitly tell people which platforms they can and cannot use, they will use whatever tools they wish, including platforms that are not controlled as part of your company’s technology systems. These non-company-sanctioned platforms are referred to as “shadow IT.”  They can be problematic in that accidentally misusing them can expose your data to unwanted third parties.

Give Employees Access to Approved Platforms

Evaluate your company’s needs and examine workflows. Where might AI tools be helpful? The results of this evaluation can be used to select one or two AI tools to pilot.

Enterprise-level paid subscriptions to common AI platforms, such as paid Microsoft Copilot and Chat GPT, offer multiple benefits. They can be integrated with existing platforms, such as Copilot integration with SharePoint, to maximize efficiency and usage. They can also come with added privacy guardrails that ensure no sensitive data leaks from your company’s systems.

Be sure to read the fine print on any platforms you use. Some enterprise-level subscriptions still do not let users opt out of using data for training purposes, which means your data can be stored on the platform to train the LLM model (Large Language Model). If there is any chance of exposing sensitive data when using your GenAI tools, and it’s set to use them for training, you should skip that tool and find another.

Discuss with your IT team how to secure your data even further. Enterprise-level systems have multiple safeguards, too many to discuss in this article. And each tool differs in what is available and how it is used. The goal is to ensure privacy and security for all your data without compromising productivity.

Limit Access to Sensitive Files and Systems

Another step to maintain data confidentiality is to limit access to it. If users can’t download or view sensitive data, they can’t use it. And, if your AI tools are blocked from specific files, or the files are housed in a separate system that AI cannot access, you are protecting it from unauthorized use. Payroll and HR, for example, may be kept on entirely separate systems to ensure that no sensitive personal information is accidentally leaked through the AI.

Data Loss Prevention

Consider adding data loss prevention tools to your tech stack, too. Data loss prevention is a cybersecurity strategy that helps your company identify, monitor, and protect sensitive data. It helps prevent confidential information from being shared either accidentally or intentionally. It also prevents unauthorized users from accessing data. The tools can block, encrypt, or alert users when they sense risky behavior.

Depending on the data loss prevention platform chosen, they can protect laptops, cloud services, email, and more. These tools are great at helping companies maintain data compliance policies. They can reduce the risk of data breaches and improve overall security.

Employee Training

Lastly, employee training is vital to ensuring responsible AI usage. Just as you provide (or should provide) frequent cybersecurity training to make sure cybersecurity best practices remain top of mind, AI training helps employees understand all the ramifications of using these tools. It also ensures that you set the rules before employees become entrenched in their own way of accessing and using AI.

Responsible AI Usage

As companies continue to adopt AI, it’s vital to maintain safeguards to protect sensitive data. Choosing the right platforms, purchasing enterprise-level licenses, working with your IT department to safeguard data, and even housing sensitive systems and files separately are all possible ways to protect data. Never forget employee training, which is also a key element to keeping data safe.

Welter Consulting

Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact us for more information.

Jun 17
0

Imagining the Unimaginable: Recovery from a Personal Data Breach

By | cyber security, Data, Nonprofit | No Comments
"data breach" with locks over data pieces

Can you imagine losing $43 billion? It’s hard to imagine losing $43, let alone $43 billion, but that’s what AARP claims American adults lose to identity theft and fraud each year. That’s a staggering number. And it doesn’t matter whether this information is lost by an organization that failed to protect customer data or an individual who fell for a phishing scam—the results are the same. Lost time, lost reputation, and yes, often blame and shame.

Cybercriminals continue to grow increasingly sophisticated in using both technology and psychology to trick victims into disclosing sensitive personal or financial information that can lead to theft and fraud. If you’ve fallen victim, please don’t blame yourself. Instead, act now to recover from the situation.

An Ounce of Prevention

The old saying “an ounce of prevention is worth a pound of cure” is very apt when it comes to identity theft. Many organizations, including the IRS, have published information to help people whose identities were stolen as part of a tax fraud scam. But did you know that there are 20 types of identity theft? Credit and debit card theft, stealing mail to gain access to confidential information, and other types of theft are common ways in which criminals gain access to personal information.

Many credit card companies now have safeguards against such theft by locking cards and contacting the cardholder when card activity suddenly increases past the cardholder’s typical activities. Still, it’s not foolproof. Consumers should monitor their credit cards, bank accounts, and credit scores frequently and guard against phishing emails or phone calls designed to trick the unwary into revealing sensitive information through a sense of urgency or familiarity.

How Do You Know If Your Data Is Compromised?

When personal data is compromised, it can lead to serious consequences, including financial loss, identity theft, and ongoing security risks. Consumers may notice unauthorized transactions, unfamiliar login attempts, or receive password reset emails they didn’t request—all potential signs of a breach. Additionally, a surge in spam calls or phishing emails could indicate that personal information has been leaked to third parties. In some cases, unexplained changes to security settings, such as modifications to two-factor authentication, may suggest that an account has been accessed without permission.

To identify whether personal data has been exposed, individuals can closely monitor their financial accounts, review credit reports for unusual activity, and utilize online tools designed to detect breaches. Many organizations offer data breach notification services that alert users if their information appears in leaked databases. If suspicious activity is detected, immediate action is necessary—this includes updating passwords, enabling additional security measures, and reporting the incident to the relevant financial institutions or authorities.

Recovering from a personal data breach requires a proactive approach. Establishing strong security habits, such as using unique passwords for each account and enabling multi-factor authentication, can help mitigate future risks. Consumers should also remain vigilant against phishing attempts and fraudulent communications, as cybercriminals often exploit compromised data to launch further attacks.

Recovering from a Data Breach

Although there is a lot of information published online to help individuals recover from a data breach, it can feel overwhelming to sort through it all. One helpful tool provided by the Federal Trade Commission is an interactive website, Identity Theft, which can help you create a personalized recovery plan.

If you suspect your personal data has been compromised, acting quickly can help minimize potential damage. Here are the key steps to take:

  1. Confirm the breach: Check for unusual activity in your accounts, such as unauthorized transactions, password reset emails you didn’t request, or unfamiliar logins. If a company notifies you of a breach, verify the details through their official website.
  2. Secure your accounts: Change passwords for affected accounts. Don’t reuse passwords across multiple sites. Mult-factor authentication also adds another layer of protection.
  3. Monitor financial activity: Review your bank and credit card statements for suspicious transactions. You can also place a fraud alert on your accounts or freeze your credit.
  4. Watch for phishing attempts: Scammers often use leaked data to send convincing emails or texts asking for personal information. Don’t click links in emails. Instead, close the email and navigate to a new browser tab before logging in and checking to see if the email is legitimate.
  5. Check for identity theft: If sensitive information, such as your Social Security number, has been exposed, monitor your credit reports and consider enrolling in an identity theft protection service.
  6. Report the breach: Notify your bank, credit card issuer, or relevant authorities if you detect fraudulent activity. If the breach involves your workplace or a service provider, follow their recommended security steps.
  7. Stay informed: Keep an eye on updates from the breached company and cybersecurity experts. They may provide additional guidance or offer free credit monitoring services.

Taking these steps can help protect your personal information and reduce the risk of further harm.

Welter Consulting

Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact us for more information.

Sep 10
0

Using Decision Trees for Business Planning

By | Data, Nonprofit | No Comments
diagram example of a decision tree

Have you ever heard of or used a decision tree? Decision trees are excellent tools to help evaluate every potential outcome of a decision. Like a flowchart, they map if/then scenarios based on decision points. Each decision is evaluated for its possible outcomes, and then the outcomes are mapped. Chance events, resource costs, and their possible benefits are also included in a decision tree.

Because many important decisions are complex, involving myriad decision points, a tree model works better than a simple flowchart—each decision branching off the main choice looks more like a tree than a straight line.

They can be useful during times of great change or for business continuity planning. Let’s look at several ways in which decision trees can be helpful and discuss how to get started with this useful business tool. 

How CFOs Can Use Decision Trees

CFOs can significantly enhance their financial decision-making and strategic planning by leveraging decision tree models. One key application is in budgeting and forecasting. Decision trees allow CFOs to conduct scenario analyses by modeling various financial scenarios based on different assumptions, such as changes in revenue growth or cost fluctuations. This approach helps in understanding how different decisions impact the overall budget and aids in more accurate revenue forecasting by analyzing historical data and identifying key factors influencing sales.

Risk management is another critical area where decision trees prove useful. They enable CFOs to identify and quantify risks associated with different business strategies or investments by mapping out possible risk events and their impacts. Additionally, decision trees facilitate the development of contingency plans by outlining various risk scenarios and their potential consequences, helping organizations better prepare for adverse events.

Cost management also benefits from decision tree analysis. CFOs can utilize these models to perform cost-benefit analyses of various cost-saving initiatives, enabling informed decisions about which initiatives to pursue. Furthermore, decision trees assist in assessing operational efficiency by analyzing how different operational changes impact costs and overall efficiency.

In strategic planning, decision trees are instrumental in evaluating different strategic options or business models. By understanding the potential outcomes of each strategy, CFOs can make more informed long-term decisions. Additionally, when considering entering new markets or launching new products, decision trees help in evaluating potential outcomes and associated risks, guiding strategic choices.

To effectively use decision trees, CFOs should start by gathering historical financial data and other relevant information. They then construct the decision tree by defining decision points, possible outcomes, and probabilities. Analyzing the decision tree provides insights into various scenarios, helping CFOs interpret the results to determine the most viable options and manage risks effectively. 

How to Start a Decision Tree

Begin with the big question. Then, evaluate every potential outcome. Each possible outcome becomes a “branch” off the main tree until every eventuality is explored.

Decision trees can be mapped using whiteboards or paper during meetings. Often, brainstorming sessions can feel chaotic because no decision points are identified. People share answers without exploring the nuances of their responses. Using the decision tree model, the group can collectively brainstorm ideas, then follow each to its natural conclusion, asking important questions and mapping out possible scenarios, including major considerations for success.

It’s important when using decision trees during brainstorming meetings to keep the following in mind:

  • Keep an open mind. The answers the group develops may surprise you.
  • Draw from your past experience and listen to others whose experience differs from your own.
  • Don’t forget to consider what it may mean to do nothing. Choosing to do nothing is still a decision that should be mapped out. What will happen if all things stay the same?
  • Evaluate the results of past decisions and include this feedback too.

When faced with complex situations, mapping out all possible scenarios and getting them down on paper can be helpful. Decision trees offer a visual method of organizing thoughts around such decisions. Whether using them to offset damage from business outages or to plan for new and exciting changes, they can be a helpful tool to explore all the options. 

Welter Consulting

Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact us for more information.

Jan 13
0

How to Find and Clean Dirty Data

By | Data, Technology | No Comments
broom sweeping data

If dirty data sounds like something you want to get rid of, and fast, it is. What is dirty data? It is corrupted, incomplete, or inaccurate data that is clogging up your accounting system and making it difficult to produce accurate reports. Here, we share tips for finding and cleaning such data from your systems.

A Primer on Dirty Data

One question you may ask is, “How does dirty data get into our system in the first place?”

Several factors contribute to dirty data in a system. The first is obvious: human error. Individuals entering customer information may inadvertently create duplicates by misspelling a company or customer name or using an acronym instead of spelling out a word. Other factors that can cause poor data quality include lack of internal controls, merging systems together, and inadequate processes to manage data.

Steps to Identify and Correct Data Issues

CPAs and accountants who suspect that data quality issues are contributing to poor decision making should take steps to uncover and rectify dirty data. The following process can help identify problematic data.

  1. Understand and map the business process that creates the data: Data is captured as part of a business process or workflow. For example, an accounts payable process starts with the order of goods or services, receipt of an invoice from a vendor, and payment to the vendor. By mapping the process, you can then identify where data enters the system and points to review to ensure accuracy. For example, controls need to be in place to ensure that invoice amounts match the contract amounts, and that the final payment matches the approved invoice.
  2. Analyze data sources: How is data input into the system? Is it manually entered or automatically entered? Manual data entry creates more potential for mistakes, so these should be your first areas of inquiry.
  3. Identify acceptable data elements: Another important step is to identify what are considered the acceptable data elements or data fields. By making these consistent, you’ll ensure consistent data entry.
  4. Review existing data sets and tables: Although this step is time-consuming, it is important to manually open existing data sets and data tables and review them. You may wish to break this step into smaller parts or tackle it one hour per day for large datasets. This gives your mind a break between review sessions to ensure you see things with a fresh eye.
  5. Note what data is problematic or missing: After reviewing the data, take notes on which elements are missing or incomplete. These should be fixed as soon as possible.
  6. Document the database requirements: Create a data dictionary, which defines what information goes into each field. Document the requirements for data entry as well. This ensures consistency in future when others enter information into the system.
  7. Identify exceptions: As with every rule-based system, there will be exceptions to the rules. Identify these exceptions and document them as well to provide guidelines for what is an acceptable deviation from the norm.
  8. Clean the database: Fix any errors and remove duplicates after reviewing the entire database.

Hint: There are companies that can help you clean up big databases, especially those involving names and addresses. These companies can conduct what is called a “merge/purge/suppression” by comparing datasets and identifying for manual review any potential duplicates. Then duplicates can be merged, deleted (purged), or suppressed (hidden) depending on your needs. While this may not be an appropriate step for confidential financial information, for customer databases it can be an enormous time saver.

Garbage In, Garbage Out!

Failing to clean dirty data could result in poor decision-making (garbage in, garbage out) from reporting on bad data Taking the necessary steps now to have clean data in your system will be worth the short-term costs and resources required for this effort. Contact us for more information on this topic, help with your data clean-up project, best practices on data entry and shared data between multiple systems including automation, reporting and compliance.

Welter Consulting

Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact us for more information.