Understanding the Risks of Free Tools 

Many of the applications you use today, including many popular AI tools, offer to simplify your work by directly integrating with your Microsoft 365 or Google Workspace accounts. They offer to let you log in using your existing accounts to help you keep up with one less password. Tools such as Otter.ai, Canva, Read.ai, Adobe, and many others offer incredible capabilities to help enhance your work, so when they offer to make it easier, it seems like a "no-brainer" to accept these integrations. Unfortunately, many of these free tools are designed to gain extensive access to your calendars, contacts, email inboxes, meeting invitations, and even your OneDrive or Google Drive files in exchange for their services. Their activity can be likened to a virus, as they offer something for 'free' but require access to your private data and then leverage that information to entice others in your organization to do the same. 

Remember: "If it's free, you're the product." 

The Good News: Less Invasive Options 

Each of these tools offers a less integrated option for logging in and accessing shared data. This less integrated option is beneficial if all you're trying to accomplish is view a meeting summary or PDF document someone else has shared with you. There's no reason you should have to give away unfettered access to your Microsoft or Google account to view a document shared by someone else.  

Here's how you can navigate these options: 

• Change Sharing Permissions: The person sharing the document can adjust permissions to allow anonymous or anyone access.
• Create a Local Account: Instead of using your Microsoft or Google account for Single Sign-On (SSO), create a local account with the vendor. Use a strong, unique password stored in a password manager. This way, you can access the information without giving unnecessary access to your private data. 

A Church's Experience with Otter.ai              

One church tested Otter.ai and found it spread like a virus throughout their organization. One user began using the tool to take notes during their meetings. The tool would then automatically share those notes with everyone from the meeting. However, to view the notes, the tool gave the impression that you must log in with your Microsoft 365 account. As a result, anyone viewing the meeting notes ended up granting access to their calendars and contacts, leading to widespread data exposure. Within a week, they declared Otter.ai a virus and blocked all access, including preventing it from joining Teams meetings. While Otter.ai is not inherently bad, its operations in this case felt predatory and risked leaking organizational data. 

Key Takeaways for Church Staff and Leaders 

• Be Cautious with Free Tools: Understand the trade-offs of using free tools.
• Opt for Less Invasive Access: Utilize local accounts and adjust sharing permissions accordingly.
• Stay Informed: Know the implications of granting access to your data.
• Leverage Support: Utilize your IT team to navigate data security and application use. 

To avoid potential data security issues, we recommend a proactive approach to managing AI and all third-party application use. We are committed to understanding user needs and ensuring they can access information securely, without compromising private or confidential data. By following these guidelines, church staff and leaders can enhance data security while effectively using AI tools. For more information on AI and Ministry, head to our AI Resource Hub.