Incident Preparedness and Response 23. Maintain offline backups and test restoration regularly. 24. Have an incident-response checklist: isolate affected machine, preserve evidence, restore from clean backup, change credentials. 25. Train designers on phishing, malicious attachments, and safe web behavior; run periodic brief refreshers.