Michael Kaiser, the executive director of the National Cyber Security Alliance, shares his experience and discusses the five steps to being prepared.

1. Identify assets

“You can’t protect what you don’t know you have,” says Kaiser. This could be customer information, employee data or intellectual property. Rather than worry about everything, it’s better to focus your efforts. “You don’t have to protect against everything,” says Kaiser, “You have to protect the things that are critical.”

2. Fortify

Every asset is unique and requires different protections. “Is it sitting on one computer?” asks Kaiser, “Or is data being sent to other computers you haven’t thought of?” Find your access points and strengthen with passwords, multi-factor authentication and security software. “Many email providers already have these features built in,” says Kaiser, “You just have to turn them on.”

3. Detect intruders

“Would you know if something went wrong?” asks Kaiser, “In a lot of big breaches, it’s often been going on for a long time and nobody knows about it.” The key is putting systems in place that let you know when something is wrong like detection programs or subscribing to streams of threat data. Think of this as a cyber fire alarm.

4. Respond effectively

“What if the system you use to take orders went down for 72 hours?” posits Kaiser, “Can you go back to paper? Do you have a duplicate system you can use?” Backing up on the cloud can be a great idea, as long as your provider has adequate security measures. Kaiser also advises: “This could be responding to your customers, too.” Having PR and legal response plans will save you a lot of time and money.

5. Recover efficiently

“Having a good recovery plan is equal to prevention in many ways,” Kaiser observes. Hackers who hold your data for ransom are counting on recovery being too costly and time-consuming. A speedy plan can help beat this threat. “Bring all of the key players into the room," says Kaiser, "And run these scenarios.”

Finally, don’t be overwhelmed by the specialized nature of cybersecurity. “It’s just risk management,” says Kaiser, comparing it to other disaster prep. “Create a culture of cyber safety within your organization, and ask your partners and clients to do the same.”