As high-profile hacks continue to make the news, businesses must figure out a way to keep their data secure. At a private cybersecurity event this week in New York City, industry leaders agreed that the question was not if a company would be hacked, but when.

Eric Schmidt, executive Chairman of Alphabet and former CEO of Google, delivered the keynote speech at the CIO Thought Leadership Forum on Cybersecurity on Monday. In his talk, he brought up a vital question he always poses to businesses. “I always ask, ‘How do you know your data’s secure?’ There’s never a good answer, which is why I like asking it,” he said. “It gets the fear response going.”

Schmidt said encryption is critical to keeping businesses safe. Google encrypts information while it’s in transit and while it’s at rest with 2048-bit keys -- for the non-techies, the basic general principle is the bigger the bit, the better the encryption. The company moved to 2048-bit keys in 2013 amid public outrage over the National Surveillance Agency’s surveillance practices. “I can tell you today if you have something that needs to be secure, your best place to keep it is in Gmail,” he said. “It’s attacked all day and [hackers] don’t get in. It’s certainly far more secure than anything you’re going to find in the U.S. government.”

Related: 7 Cybersecurity Layers Every Entrepreneur Needs to Understand

Beyond plugging his company’s products, Schmidt also talked about what a difference it makes to adhere to the industry’s best practices. He points out, for example, that working on old servers and running Windows 95 will leave you vulnerable in comparison to newer, updated alternatives. Two-step authentication is also important. Schmidt told the group, “If you’re not using it, you’re at serious risk.”

Schmidt knows that cybersecurity threats will become increasingly difficult as machine learning gets better and the time each attack takes to launch gets shorter. That’s why Monday’s forum, and others to come, will be vital. “This is crucial,” he said.

On Tuesday, the Senate passed the Cybersecurity Information Sharing Act (CISA), a controversial bill that would encourage companies to voluntarily share information related to hackers with one another and the government. While supporters say it’s a positive step toward addressing and preventing cyber attacks, critics argue it fails to prevent cyber attacks from happening and that any customer information collected could be used for surveillance.

The bill will be merged with two information-sharing bills that were passed earlier this year by the House of Representatives, then sent to President Obama to be signed into law.

Related: Google Is Creeping Back Into China With an Investment in AI