When it comes to preparing for a cybersecurity attack or breach, there are at least five steps that in-house counsel should take internally — from hiring experts to forming ties with law enforcement — that can help set you on the right path when a crisis strikes, experts said Tuesday at an Association of Corporation Counsel panel.

According to the ACC, 31 percent of in-house counsel having experienced a cybersecurity break-in.

One of the five steps is to start training employees and have a plan. The number one reason for a vulnerability that allows for a data breach is employee error, yet less than half of the respondents to an ACC survey conducted late last year require employees to go through training on data security issues.

That is a huge mistake, the experts said. “Employees are very much the Achilles' heel for cybersecurity,” said Ed McAndrew, a partner at Ballard Spahr LLP.

It’s also critical to have a data breach response plan in place.

“It’s a panic attack when something happens. It’s not clear who is running the show,” said Philip N. Yannella, a partner at Ballard Spahr LLP.