Second in a series of stories on key security issues being discussed at The Security Standard event on Sept. 10-11 in Chicago.

Believe it or not, a data breach isn’t the worst thing that could happen to your organization. Reacting poorly to the incident could be, however.

Experts agree every organization that stores personal or financial information about customers, partners or employees, or that has intellectual property in electronic form should be considered a target — that’s arguably just about every organization doing business. Instead of assuming data breaches happen only to large financial services companies or retailers, companies large and small in every industry should be prepared to react to help minimize damage and quickly restore customer confidence, they say.

“It makes all the difference in the world” if a company is prepared to respond to a data breach or other type of cyberintrusion, says Tom Bowers, managing director of Security Constructs, a security services firm based in Philadelphia.

Here is a list of what companies should do and what they should avoid doing in the case of a data breach, besides putting a computer-emergency response team in place to react to such incidents (see “How to create a computer-emergency response team”).. The list is compiled from interviews with consultants and security experts who have had to deal with these incidents or who have been called in to help companies immediately following an attack:

DO confirm and contain the problem.

This seems obvious, but in the stress and confusion of the moment, the importance of knowing exactly what happened can get lost. Once evidence of a potential data breach has been uncovered (customers complaining of fraud alerts on their credit cards, server logs showing unauthorized access to sensitive data, and so forth) security professionals should work with the IT team to determine whether a breach happened and how it happened, and to fix the weakness if possible.

“You need immediate containment; that’s where the network and system folks jump in, and you need to let that team do its job,” says Ed Zeitler, executive director of the International Information Systems Security Certification Consortium (ISC2) and former CISO of Charles Schwab.