We just got back from my cousin’s wedding on the Cape. I’ve got a big extended family and these days, we go to lots of weddings.
This one was terrific, held right on the water at the Wychmere Beach Club. The weather was beautiful, as were the perpetually smiling bride and groom.
As you might imagine, given my line of work, I get asked a lot of “tech” questions at these types of events. These days, it’s all about AI:
Rob, is AI going to take everyone’s job?
Me: No, just some jobs.
Rob, is AI going to go all Skynet on us and kill everyone?
Me: No, at least not for a long time.
Rob, did AI make that appetizer you’re eating?
Me: No, but it sure is good. I can’t get enough of those quinoa fritters.
And, then there was this question, which is the one I am most frequently asked:
Rob, has AI affected your business significantly?
Me: Yes, but not in the way I expected. Here’s why…
When I started the company in 2017, I cleverly named it for exactly what we do. This helped tremendously with Search Engine Optimization (SEO), because when people search for “fractional CISO,” up pops “Fractional CISO, LLC.” We are frequently contacted as a result.
Plus, we have a lot of great content on our website (like this article!), all of which also helps to send people our way.
But now that’s changed – and it’s all due to AI.
First, because Google and other search engines now post AI-generated summaries up top of their search results. That leads to many fewer clicks to the actual sources of those summaries: web sites like ours.
Second, because many people, when looking for information, now rely on ChatGPT or other AI tools for answers. That means fewer search engine queries overall, and again, fewer visits to our web site.
Fortunately, the impact of our reduced web site traffic has not been devastating. Our clients and friends in the industry remain our primary source of referrals and those continue to come in steadily. (Thank you for your referrals!)
Still, it’s a good example of how, for many businesses, the impact of AI will remain nonobvious until it happens. Given that reality, here are three practical suggestions for managing the AI-based uncertainty…
#1. Develop an AI acceptable use policy.
Without a doubt, your employees are already using Large Language Models (LLMs, also referred to as generative AI) to speed up their work and complete tasks faster. The rewards for doing so are just too compelling for your people to ignore.
But, since AI technology learns by absorbing user input data, there are considerable security risks involved. And while vendors have made great strides in providing users with more control over that data, it’s far from perfect and in any case, shouldn’t be left up to the individual.
Rather, you need to develop, communicate, and enforce an AI acceptable use policy for your company that reflects your degree of risk tolerance (every business is different) along with whatever rules and regulations your industry may require.
That means getting very specific about what is and is not permitted:
Which tools can or cannot be used (ChatGPT, Claude, Perplexity)?
What type of data can or cannot be applied (financial, confidential customer data, etc.)?
What type of license is required (free, personal, corporate)?
Then make sure this is discussed, understood, and agreed upon.
#2. Reevaluate how you are doing regarding phishing.
AI has made it much, much easier to develop a viable phishing campaign.
It can generate a list of email addresses, automate a mailing, and translate a message from any language into something that sounds like it was written by a native English speaker.
It can even personalize the message on a recipient by recipient basis, using publicly available information about them: “Hey Rob, check out this new recipe for quinoa fritters that I just found.”
It’s no surprise then, that there are more phishing emails of higher quality than ever before. That means your internal phishing training needs to be better and more frequent than ever before.
#3. Tighten your configuration controls.
Some phishing emails are always going to slip through. But the more you can stop them at the “front door,” the less risk your employees face of clicking something dangerous.
Start with your DNS records, which tell the internet how to handle your company’s email. Make sure you have SPF, DKIM, and DMARC set up correctly. These three settings work together to prove emails really came from your domain (not a scammer pretending to be you) and help prevent your domain from being blocked.
Next, look closely at your Microsoft 365 or Google Workspace configuration. Adjust security defaults so spam filtering is more aggressive, disable risky features like automatic forwarding to external accounts, and enforce rules that block suspicious attachments or links.
Finally, don’t just “set it and forget it.” Cyber threats evolve. Schedule a review of these settings at least twice a year to make sure nothing has drifted open. It’s one of the simplest ways to lower your exposure to phishing and other email-based attacks.
Start Now
Sitting here now, it’s hard (impossible) to tell exactly where, when, and to what degree AI will impact your business. I certainly didn’t see it having the impact it has had on SEO and search overall.
Still, there are things you can do in the short-term to minimize AI’s impact and be as prepared as possible for where things may go.
Gotta run. I just got an invitation to another cousin’s wedding – at least I think I did. I better check first to make sure it’s not a phish!
Want to get great cybersecurity content delivered to your inbox? Click here to sign up for our monthly newsletter, Tales from the Click.
