They say practice makes perfect \u2013 that you must do something a thousand times before it becomes truly natural. People seem to get this idea when it comes to physical safety in schools and workplaces, where it\u2019s perfectly normal to have regularly scheduled drills for nuclear attacks, fire, earthquakes, lockdowns and even a zombie invasion. Computer security events are arguably much more common occurrences \u2013 most of us have probably seen a malicious email \u201cin the wild\u201d whether we were aware of it or not \u2013 and yet computer safety drills are rare.What would a computer safety drill look like?As computer safety drills are still just a concept, what on earth would one even entail? Consider the following text from a fire-safety manual:\u201cThe primary reason for conducting office-building fire drills is to educate building occupants about the procedures to follow in the event of a fire. These drills provide an opportunity for occupants to locate and use primary and alternative exit routes, and to familiarize themselves with any alarm system components found on their floor such as manual pull boxes and warden phones. Fire drills are the time to not only prepare for fire, but to enable employees to be better able to handle the many other non-fire situations they may encounter.\u201dWith this in mind, what events could you practice to better prepare for a computer security emergency? The first thing that comes to my mind would be a breach drill and the variety of questions that must be answered in this emergency situation:What are the proper procedures that need to be followed in order to respond thoroughly and promptly in the event of a breach?What are the most important components of your breach response?Do you have primary and alternative contacts or processes?Do you have a template or other prepared text to notify affected parties?\u00a0Prepare for all scenariosSimilarly, you should also have drills to prepare for malware, natural disaster, or power grid events taking out computer systems:Are there certain people who need to be notified first, or who need more detailed information?What systems should be put into action in case your computers aren\u2019t operational? (For instance, how will you process customer payments or handle employee scheduling and payroll?)Consider how much time could be saved in those instances if employees didn\u2019t have to scramble to find and remember how to use unfamiliar, and potentially ancient, procedures. Having been part of a malware emergency response group, I can imagine how much less exhausting outbreaks would have been if we\u2019d been able to practice the necessary steps first, and repeat them until they became comfortable.Drills could also be useful in instances where you need vigilant employee actions less urgently, but where the right course of action may be less than intuitive:What do you do if you receive an email or phone call that you suspect is trying to socially engineer you into revealing sensitive information?What do you do if you find a thumb drive or other removable media unattended?What do you do if you realize you\u2019ve lost a device or drive with work-related data on it?Who can you contact to verify or report the contents of a suspicious message?Practice makes perfectSafety drills are an effective way to prepare people to perform prescribed actions in instances where they might be too panicked or anxious to think rationally. Making it through a breach or a computer outage certainly involves less threat to life and limb, but it can be seriously stressful in its own way.Tactics like social engineering are often designed to frighten people into revealing important data; if employees have practiced the appropriate actions regularly, they will take correct action faster and more efficiently \u2013 mitigating the effects of a breach before it gets out of hand.