North Valley AI Security
Small Business AI Safety Checklist

AI Tool Use
- List which AI tools employees are allowed to use.
- Name who owns approval for new AI tools or features.
- Decide which tasks are safe for AI drafting, summarizing, or brainstorming.
- Identify workflows where AI should not be used without review.

Sensitive Data
- Define what customer, employee, financial, legal, and internal data must stay out of unapproved AI tools.
- Give staff examples of what not to paste into AI prompts.
- Check whether meeting, email, document, or browser AI features retain or train on submitted content.
- Create a simple rule for anonymizing or removing private details.

Staff Training
- Train staff to verify AI output before sending, filing, billing, or advising.
- Show examples of hallucinations, fake sources, and overconfident drafts.
- Teach employees when to stop and ask a person before using AI.
- Pair AI training with email, phishing, MFA, password, and browser habits.

Security Controls
- Use company-owned accounts for approved business AI tools.
- Review admin ownership, recovery options, MFA, and payment access.
- Document tool settings, sharing defaults, retention options, and vendor terms.
- Keep a short owner-ready record of approved tools, rules, and review dates.

Good first questions
- Who approves AI tools?
- What data is off limits?
- Which staff need training first?
- Which AI outputs require human review?
- What account or email habits need improvement before rollout?

Security services should be scoped, authorized, and documented before work begins.