In 22 years of managing IT for businesses like yours, I’ve seen plenty of technology shifts: cloud, remote work, ransomware threats, and much more. But what’s happening right now with AI is on a completely new level.
It’s moving faster than anything I’ve seen, and I’m worried about what it could mean for businesses like yours if nobody’s paying attention to it. So, I wanted to write to you about it directly.
WHY I’M WRITING THIS
Right now, there’s a good chance that people on your team are using AI tools like ChatGPT, Claude, Copilot, Gemini, and dozens of others to help with their daily work. Writing emails, summarizing documents, analyzing data, drafting proposals.
And honestly, that’s not a bad thing. These tools can be incredibly useful. The problem is that most of them have no idea what these tools are doing with the information they put in.
There’s a name for this now: “Shadow AI.” Employees using AI tools on their own, outside of any company policy, security framework, or even basic guidelines.
Most of them are just trying to get through their workload faster. They heard about a tool that helps, so they started using it. But they don’t understand what happens to the data once they type it in.
WHY THIS MATTERS TO YOU
When someone on your team pastes a client list, a financial report, employee records, or a draft contract into a free AI tool, that data can be used to train the model. That means it could surface in responses to other users.
Many of these tools, especially free tiers, explicitly state this in their terms of service, but most people never read those terms.
For a small business, one leak like that could mean a compliance issue, a lost client, or a lawsuit.
Some of the newer tools make this even more concerning. Products like Claude Cowork, Microsoft Copilot, and Google’s Gemini are branded as workplace productivity tools. That gives employees the impression that they’re automatically safe to use with company data.
But many of these are still in beta or early-access stages. The security and data-handling policies are still evolving. Using them with sensitive company information before you understand how they store and handle your data is a real gamble.
And that’s only half of it.
The data risk alone is bad enough, but there’s another side to this.
Your employees have personal laptops, home computers, and phones that aren’t under your control. There’s nothing stopping them from installing AI tools like Claude Cowork, Copilot, or Gemini on those devices.
Many of these tools prompt the user to enable Developer Mode in Windows during setup, a system-level setting that loosens security restrictions. The prompt has a big friendly “Yes” button. On a personal device, there’s no policy blocking it and no IT team to flag it. They just click and move on.
These AI tools are evolving from simple chatbots into applications that want access to your files, your email, your calendar, and your operating system. That same employee then logs into their work email or pulls up your CRM from that personal device. Your company data is now sitting on a machine with none of your security protections on it.
We lock down your work systems for exactly this reason. But we can’t lock down your employees’ personal devices. That’s why policies, training, and clear guidelines around AI tools matter so much right now.
WHAT I RECOMMEND YOU DO
I’m not saying you should block AI or tell your team to stop using it. That ship has sailed, and frankly, businesses that figure out how to use AI well are going to have a real advantage.
But without a plan, it’s like giving every employee a company credit card with no spending limit and no oversight.
Here’s what I’d suggest as a starting point:
☑Get an AI Acceptable Use Policy in place. I’ve included a link to a ready-to-use template with this email that you can adopt or customize for your business. It covers what tools are approved, what data can and can’t be entered, and who’s responsible for oversight. It doesn’t need to be complicated, but it does need to exist. In fact – we are providing one for you. Just click here to download it, and update to meet your business needs
☑Train your team. This one gets overlooked the most. People aren’t going to follow guidelines they don’t understand. Even a short training session that covers what AI tools do with their data makes a huge difference. This is something we can help you set up.
☑Talk to our team before rolling out any AI tools. There are ways to set up AI tools properly, so your company data stays private and secure. But it needs to be set up intentionally, not just downloaded and set up over lunch.
I’m making this a priority for all my clients right now, and I wanted to make sure you heard it from me.
WHAT TO DO NEXT
Click here to download this free AI Acceptable Use Policy, update it for your business needs, and distribute it to your team.
If you want to have a quick chat about where your business sits with all of this, I’m happy to make time. Please Contact Us to get the conversation started.