The Best Way for Companies to Prepare for Inevitable Data Breaches: Rehearse
Companies, here’s a tough pill to swallow: Attackers will compromise your computer networks, and you will be breached (if you haven’t been already). It’s the unfortunate reality of operating in the digital age.
The only question is this: How will you respond once the inevitable happens? If that’s not something you’ve ever seriously asked yourself, then you’re flirting with disaster. Have a plan.
Get Data Sheet, Fortune’s technology newsletter.
One simple way to prepare for that day is to rehearse hypothetical worst-case scenarios, said Diana Kelley, executive security advisor at IBM, at the Structure Security conference in San Francisco on Tuesday. Doing so can potentially lower the cost of a data breach, she said, citing a recent survey conducted by the Ponemon Institute, a cybersecurity research firm, on behalf of IBM (IBM).
“Do tabletop exercises,” Kelley said, recommending that members of companies’ C suites and departments ranging from legal to IT to communications gather in a room and act out make believe situations in advance of major hacks. “Script through an attack at your company.”
For More Advice on Data Breaches, Watch:
Going through the motions of an imaginary attack can help prevent executives from making common mistakes and mishaps during times of crisis, Kelley said. It’s one of the best ways to test one’s incident response team and plan ahead.
“Have fake press conferences,” Kelley told the session’s moderator, Tom Krazit, executive editor of Structure, while imparting advice to the audience. “Set up a camera and explain to CNN what happened.”
“Things get real when you have a real person go through this,” she said.