Cyberattacks will continue to become harder to defend against, and will require more information security due diligence to protect company assets than ever before—you will only be as good as your weakest link. A lot of specific advice is circulating on security controls and technical solutions, however here are three more general but still important questions to ask yourself about how you're addressing your cyberrisks:

1) Everyone is running into the cloud—but should you be walking?

Your service level agreements (SLAs) may be great, and you may be covered on things like trans-border data flow and HIPAA, but have you fully addressed the operational risk of having everything outside your walls? For example, moving to cloud email services means opening webmail up so that anyone in your organization anywhere in the world can access your email servers—including hackers with stolen passwords. If you protected this previously by only allowing access to email from inside your corporate network, your controls and policies need to be revisited.