AI capabilities are exciting, but at the same time, the risks are real, especially while rules and standards are still taking shape. It’s important we are moving forward with intention and being mindful of data, identity, and safety across roles.
Co-Authored by: Michael Urban & Colleen Flannery
AI capabilities are exciting, but at the same time, the risks are real, especially while rules and standards are still taking shape. It’s important we are moving forward with intention and being mindful of data, identity, and safety across roles.
In this guide we will cover the following key areas:
- Understanding and communicating how AI collects data and the threats it can pose
- Implementing safe practices into workflows and training
- Rollout, governance, and aftercare
Understanding and Communicating How AI Collects Data and the Threats It Can Pose
AI systems thrive on data and are only as good as the data they learn from. That’s why accuracy, completeness, and protection against manipulation need to come first. This new moment in AI doesn’t erase the privacy rules you already work under, either. Regulations like FERPA (Family Educational Rights and Privacy Act), HIPAA (Health Insurance Portability and Accountability Act), and CJIS (Criminal Justice Information Services)still require strong controls for how data is shared and stored.
Trusting the Process
Trust grows when you name, in plain language. What the AI tool does, what it uses, what it never touches, where data lives, who has access, how long you plan to keep it. If none of that information is written down or easily accessible, people will assume the worst, or fill in the blanks themselves.
To do this, identify, outline, and communicate a few things. In a document, we recommend writing down the following:
- Say exactly which fields the AI reads (for example, the text a user pastes or the titles and descriptions from a ticket) and explicitly list what’s excluded (such as grades, HR files, or financial records).
- Note where processing happens (local or a defined cloud region), how long inputs/outputs and logs are retained, and who reviews activity or is the person who owns it in case there are any questions. (If a vendor is involved, confirm ownership, retention, residency, deletion/export, and the audit trail in writing.)
Once you’ve worked those things out, publish a short notice so stakeholders and teams know exactly what’s collected, why, and where to direct questions. You’ll also want to figure out a simple review routine to ensure everything remains accurate.
Here is a quick copy/paste template you can use to get started:
We use [tool name] to [one-line purpose]. It reads [inputs] and never reads [exclusions]. Data is processed/stored in [system/region] for [X] days (logs [Y] days). Access is limited to [roles and/or people] with multi-factor authentication; admins review logs weekly. Vendor will not train public models on our data and include deletion/export on request
Things to Look Out For:
AI brings a few distinct risks: AI-crafted phishing and deepfakes, prompt injection and model poisoning/drift, and ransomware impacts. You’ll rarely see these as a flashing error. Instead, they’ll show up as small day-to-day signals. Here are some examples and things you should look out for:
- Phishing / deepfakes → unusual urgency, payment detail changes, or voice/video requests that skip normal verification; repeated failed sign-ins that follow.
- Prompt injection → the tool ignores established rules after someone pastes or uploads content; unapproved connections or actions appear (new plugin enabled, unexpected API call).
- Model poisoning or drift → mismatched outputs right after new data or a configuration change; sudden drops in quality on routine tasks.
- Ransomware impact → unexpected access or volume from the AI service to shared storage; spikes in file activity at odd hours; systems holding data longer than stated (data leaving scope).
If you spot any of these signals, pause the risky action, capture the details (time, user, data touched), and move to your standard response. A good plan of action will look like this:
- Disable the affected plugin, integration, or feature.
- Rotate the API keys, tokens, and passwords involved.
- Revert to a known-good configuration or model version and retest in staging.
- Confirm the issue is contained
- Review logs to identify the triggering input or change.
- Tighten allow-lists, input validation, and content filters.
- Restore only what is needed and re-enable integrations one at a time.
- Record what happened, the fix, and any control changes. Add one line to your changelog and include who to contact with questions.
Quick Guide:
- AI-crafted phishing and deepfakes: convincing messages or voice/video meant to trick staff
- Prompt injection and model poisoning/drift: malicious or unintended changes to how the tool behaves
- Ransomware impacts: lateral movement from an AI service into shared storage or endpoints
Implementing Safe Practices Into Workflows and Training
Strong identity and well-managed devices do more than almost anything else to lower cybersecurity risk. This may not feel like a heavy lift, as most teams already do parts of it, but a few added habits will help keep you on track and secure.
Identity and Endpoint Protection
If you haven’t already done so, you should start by controlling who can sign in, securing the laptops and browsers they use, and watching for unusual activity. Here are some steps to get you started:
Start with the Sign-In.
Require multi-factor authentication (MFA) for everyone and a stronger factor for admins (passkeys or security keys). Put AI tools behind your SSO so access follows your existing rules. On devices, enforce full-disk encryption and automatic updates for OS and browsers.
Keep Admin Work Separate
Keep admin work separate from daily accounts and grant only the access that’s needed. Add Endpoint Detection and Response to the group that’s using the tool and expand from there. Set short session timeouts and remove risky browser extensions.
Set a Routine
Review sign-ins and admin actions on a schedule, route alerts to named owners, and run a short refresher on spotting AI-crafted phishing and how to report it.
If you already have these in place, that's great! Treat this as a tune-up. If not, start with MFA + updates + encryption and you’ll remove a large slice of everyday risk right away.
Isolate and Monitor AI Tools
Think of this as good “traffic control.” Keep new AI tools in their own lane, decide what they’re allowed to connect to, and watch the lanes for odd behavior. If something misbehaves, you want it contained and you're going to want a clear record of what happened.
Choose Where the Tool Runs (Cloud vs On-Prem)
Write down whether it’s hosted or on-prem. If hosted, note the region/data residency, who administers it, and backups. If on-prem, note who patches, who monitors, and how capacity will scale.
Segment the Environment
Run the AI service in its own tier. Close default paths to grading/SIS, HR, finance, and other core systems. Allow only the specific data/API access the tool needs.
Turn on Visibility From the Start
Enable API and audit logging for sign-ins, permission changes, data reads/writes, outputs, and admin actions. Decide who reviews logs and how often. Set alerts for unusual exports, new access locations, or previously disabled integrations being enabled.
Control Integrations and Scope
Keep an allow-list of approved plugins/connectors; disable the rest. Store keys in a vault and rotate them on a schedule. Add input hygiene: filter risky file types, strip active content, and flag oversized prompts/attachments.
Verify Vendor Risk in Writing
Confirm: data ownership, retention, residency, sub-processor access, deletion/export process, audit trail, and secure-by-design claims that match your standards. Require named security contacts and support SLAs. If a vendor can’t provide these, the tool isn’t ready.
Plan for AI-Specific Issues
Some problems are unique to AI. Define how you’ll detect them: outputs that contradict the prompt or data, unexpected external calls, sudden quality drops after an update, and what you’ll do first: disable the affected feature, rotate keys, and revert to a known-good configuration before restoring service. Document the incident and tighten controls so it doesn’t recur.
Test Once a Month
Simulate a simple scenario (e.g., a large export from an unexpected location). Confirm you receive an alert, know who responds, can see logs, and can disable access and rotate keys within minutes.
Offer Micro-Training That Sticks
The people and teams in your organization are what make this work. To set them up well, give them short, plain-language training on AI and the tools you’re using. Keep it simple, keep it practical, and tie it to the work they already do, so it’s easy to understand and easy to use.
- Focus on what the tool does/uses/excludes and the do’s/don’ts for your org.
- Make sure people know how to spot common threats (AI-crafted phishing, deepfakes, prompt injection signs) and what to do first.
- Show how to report something suspicious and who owns the follow-up.
- Use plain language and examples from your actual workflows.
Rollout, Governance, and Aftercare
Without simple governance, AI work drifts. Approvals get unclear, risks aren’t tracked, and it’s hard to explain choices to stakeholders. A light structure fixes that. It names who decides, records what was approved, why it was approved, and sets a review rhythm. The result is faster approvals, fewer surprises, cleaner audits, and clearer communication with your community.
Map controls to NIST AI Risk Management Framework and CISA Secure by Design so audits and updates move faster.
To make this process simple and traceable, create a few easy-to-follow documents:
- Approval brief (1 page): Include a purpose, data used/excluded, access model, logging, retention, human review.
- Risk review (short form): Identify privacy, security, and operational risks with mitigations, plus vendor risk (ownership, retention, residency, audit trail, deletion/export).
- Decision log: Document the date, approvers, next review date, and a clear rollback plan
After you outline your documents, work them into your routine. Finish the approval brief and risk review before work starts. During a pilot, review logs, incidents, and success measures weekly. Before rollout, confirm targets were met and close any open risks. In production, review models, prompts, access, and retention quarterly, and refresh training.
Close the loop by naming a single owner, keeping a short public changelog for material updates, and posting a contact channel for questions. This keeps governance visible without turning it into paperwork.
30-Day Starter Plan
Now that was a lot of information so if you need a simple “this is what to do” or refresher, this may help:
- Week 1: Publish the one-page Data Use Summary and enable MFA + updates + encryption for users of the tool.
- Week 2: Decide cloud vs on-prem, document segmentation, and turn on API/audit logs.
- Week 3: Run a 20-minute training and test a simple alert scenario; fix gaps.
- Week 4: Complete the approval brief + risk review, name an owner, and set the review cadence.
Want Training On AI or Help Implementing A Secure AI Plan?
Partnering with Trafera gives you access to a team with experience across AI, education, government, cybersecurity, and more.
If you’re ready for the next step, contact us today and we’ll tailor a path specific to your organization.