Expert Q&A from Brunswick Group

The first lesson is that you can’t trust the network. All email and web browsing can be intercepted by anyone in the vicinity of an airport lounge or café where you use Wi-Fi. Your hotel can access any communication channeled through its network, and anything you’ve sent or downloaded on a local data plan is equally accessible. Your emails back to HQ might not be of as much interest as a world leader’s, but still, you have some pretty valuable secrets, right?

Use a virtual private network (VPN). This can be either a business VPN tied to your corporate network or a personal one that connects to a server in the country of your choice. Added bonus: you can bypass any local bans of sites such as Facebook, YouTube and Netflix.

Similarly, every phone call and text that you send will go through networks that can be monitored. Encryption may provide the answer. FaceTime and WhatsApp are encrypted by default. Alternatives include Silent Circle and Open Whisper Systems.

For those who are gifted at leaving phones on airplanes or laptops in hotels, talk to your IT department about enabling whole-disk encryption on your hardware. It will render your information gibberish should someone copy it. For the increasingly paranoid, ask them to set a “BIOS” password – this will bolster the security of your operating system.

Think a nation state might be after you? Use a laptop with a bad maintenance rating. The harder it is to fix, the harder it is to put an evil chip into it.

In addition to having anti-virus software, update your software before your trip and don’t install any updates while you’re on the road. They can make you vulnerable.

Another threat is malicious software. Once on your device it can do whatever it likes, stealing or destroying your information, or surreptitiously turning on the camera and microphone. As a last resort, don’t do anything in front of your devices you wouldn’t want a cyber attacker to witness. It’s probably best to leave the handcuffs at home, or at the very least, on the briefcase.

Used mostly for financial transactions, blockchain could be applied to any task that keeps records. Votes could be tallied or company shares stored and traded on a blockchain network. Personal identities and land titles could also be treated as blocks of data to be recorded, protected and verified.

“The notion of shared public ledgers may not sound revolutionary or sexy. Neither did double-entry book-keeping,” said The Economist in 2015.

Blockchain’s transparency is considered one of its greatest strengths – a feature not often associated with security. Take political elections, for example. With blockchain, every voter would be able to track their vote and check that it had been awarded to the correct candidate. Each vote would have to be verified by a majority of the network, greatly reducing the risk of it being excluded or counted twice. And even though the ballots cast would be visible to everyone on the network, encryption would ensure they remained anonymous.

There is, of course, no guarantee that blockchain is perfectly secure. But at a time when trust in public and private institutions is waning, blockchain challenges the idea that you need to trust those with whom you do business. Blockchain is so secure and transparent, some believe, you can simply trust the system instead.

According to the 2017 Insider Threat Report, 74 percent of organizations feel vulnerable to insider threats, yet less than half of them have the appropriate controls in place to prevent an insider attack.

By controlling and managing access to data and systems, and by closely monitoring it, companies are hoping to gain early alerts to potential breaches. Careful monitoring may also assist in forensically mapping unauthorized access in the event of a major cyber attack.

Some employers have also begun to rely on technical oversight of their employees’ behavior on company systems as well as social media platforms. These measures may include monitoring what an employee shares onlineabout his or her employer or job. It may also involve automated reviews of what is emailed to addresses outside of the organization, and what is printed, by whom and in what quantity. Some may view this type of oversight as a violation of employee privacy; others may argue that expectations of privacy can blur at the edges of many confidentiality requirements placed on employees.

Regardless, employees need to understand what is expected of them. To earn loyalty and maintain open lines of communication, a company must be clear about employee responsibilities as well as what’s at stake.

For the company’s top management it is important to understand the implications of digital risk and to develop appropriate organisational and communication precautions. Once a data leak has been detected, the extent, duration and depth of the attack are far from clear. This ongoing uncertainty poses a great challenge for communications. In addition, unexpected developments or even media enquiries are to be expected, which will require a rapid evaluation and an appropriate reaction. To be able to (re-)act accordingly, a lean, coordinated and flexible crisis team is necessary, which coordinates with the top management. A consistent silence from the company would however mean long term reputation damage and scare off customers and other relevant stakeholders.

Anyone with data can be a target

Consider this scenario: a hack into the interconnected systems controlling major office buildings causes chaos by triggering fire sprinklers, creating sauna-like temperatures and manipulating critical equipment. “It’s not something that real estate investors really had to think about before, but it’s definitely on our radar screens now,” says Tom Murray, a Principal Partner at New Mill Capital, a real estate investment firm.

No business that stores or transmits information is immune from cyber attack. Some sectors have so far avoided data breach headlines, but threats and risks continue to increase.

Sectors with little history of attacks are often at greater risk. Recent reported hacks in the computer systems of cars, and even a jet’s in-flight entertainment system, shook the transportation sector. In 2016, hackers manipulated a US water treatment plant. A year earlier, a German steel mill reported massive damage after an attack disabled blast furnace controls. Surprising targets include small businesses and nonprofits.

“Ask these questions,”Do we use computers? Do we use the internet? Do we create or handle data? If your answer to these questions is yes, then you are a viable target for the bad guys.