A key attribute of VPNs is encryption, according to Poirot. This typically involves encrypting data at the sending end and decrypting it at the receiving end. An additional level of security entails encrypting not only the data but also the originating and receiving network addresses. “It remains critical that business data be encrypted and that IT personnel manage access control,” says Poirot. “Multifactor authentication and the use of a good endpoint security solution are also important.”

Cloud storage solutions must be managed in the same manner as on-premise resources, according to interim GM/CEO and CTO of Arctic Information Technology Dave Bailey. Many businesses assume that cloud resources contain all the necessary security measures, but that’s not the case. Take geo-redundancy, for example. With geo-redundant storage, a company’s data is duplicated and stored on servers in different locations around the world, which can be a lifesaver if a disaster or other emergency happens. “If you don’t elect to have your data be geographically redundant and a server goes down, you won’t have access to your data,” Bailey says.

Whether companies use on-premise or cloud storage, it’s not possible to achieve 100 percent security. Still, businesses—not just their provider—are ultimately responsible for safeguarding their data in the cloud. They should ensure their cloud storage is encrypted and uses different credentials than their on-premise resource. Bailey says: “You’ve moved the physical responsibility of that technology resource from your own infrastructure to someone else’s, but the administration and security of that resource is still your responsibility… If you look at the service-level agreement for Amazon Web Services and Microsoft, they tell you there is no guarantee of security.”

In the cloud, the firewall importance increases. That’s why it’s essential for companies to ensure firewalls are properly functioning and updated to minimize cyberattacks. It’s also critical for businesses to have the appropriate expertise to manage firewalls and other security layers. Strong says: “Gone are the days where businesses can be given simple tips and tricks for managing firewalls or cybersecurity solutions themselves. The consequences for mistakes are too great… Just as small companies use professionals for legal or tax advice, if they have sensitive information, they should seek professional help with cybersecurity.”

Some entities are looking beyond the firewall to focus their cybersecurity efforts on users and their devices. Google, for example, is working on developing BeyondCorp, a cloud-based solution that authenticates every user, computer, and mobile device attempting to access its network—no matter where the user is located. So, the system essentially builds its own security “perimeter” in response to each log-in. It uses a “zero trust” approach to assess each risk that emerges whenever someone tries to tap into the company’s network.

Zero trust is a complex information security methodology that’s being used primarily by larger companies like Google. “At the most basic level, it’s the idea of always knowing who has access to an asset [physical, application, or data], regardless of where that asset resides and always checking and rechecking the identity of the requestor, regardless of where they are and being able to deny access if you suspect that the requestor shouldn’t have access—or providing greater levels of checks to be very sure they are who they say they are,” Strong says. “Zero trust focuses greatly on identity and being very sure that you are who you say you are and that you have access to certain information under the right sets of conditions.”

Blockchain technology is not infallible—and that is the biggest risk, Bailey says. There is significant value in the principle of blockchain because it stores incorruptible blocks of information across a shared digital network. Because of this, blockchain is being viewed as a tool with the potential to transform a wide variety of industries. For example, a project known as Maritime Blockchain Labs is exploring whether this technology can help minimize dangerous and costly container ship fires. Blockchain may also be able to revolutionize the future of trucking and logistics by creating a new system of completing transactions, tracking shipments, and managing fleets.

But the reality is that blockchain still requires a human to be involved. Therefore, it is susceptible to risk and hackable. “I think the vulnerability in blockchain exists today because of ignorance,” Bailey says. “It’s evolving too quickly, and it’s impossible to develop a strategy—plus there’s a lack of regulation.”

Unlike Google Chrome or Firefox—which take the most direct route between a computer and the internet—the Tor browser employs a random path of encrypted servers to conceal a user’s location and usage. For this reason, Tor is often considered to be a gateway for illegal activities. More innocuously, though, employees could use Tor at work to bypass security and web browsing restrictions and download movies or music. But businesses can easily use blacklisting/whitelisting capabilities inside their corporate network to prevent such browsing activities, Bailey says.

BEC is becoming more ubiquitous worldwide. Between October 2013 and May 2018, there were more than 78,600 domestic and international BEC-related incidents and more than $12.5 billion in domestic and international exposed dollar loss reported to the FBI’s Internet Crime Complaint Center. And from December 2016 to May 2018 alone there was a 136 percent increase in identified global exposed losses relating to BEC.

Once business email has been compromised, multifactor authentication can limit attackers’ ability to use stolen credentials, Poirot says. And enforcing periodic password changes can prevent password reuse attacks. These phishing attacks, which can come from trusted vendor and coworker email addresses that have been compromised, remain the biggest single threat to businesses. In general, businesses can use email security gateways, web proxies, firewalls, and intrusion prevention products to prevent, detect, and stop many email-related attacks before catastrophic damage occurs.