Cybercrime isn’t limited to just consumers and corporations. Cybercrime affects the government and NGOs as well. In a video interview with TechRepublic’s Dan Patterson, Paul Rosen, former Chief of Staff at the Department of Homeland Security and partner at Crowell & Moring, shares what businesses can learn from the government’s experience and response to cyberthreats.

“At the end of the day, when it comes to cybersecurity, working together is really how we’re going to tackle the challenge,” Rosen said.

SEE: Hiring kit: Data architect (Tech Pro Research)

He discussed how the U.S. government worked with private sectors and foreign governments when dealing with threats. As a way to cut cybersecurity costs, the organizations shared trend information back and forth so that a piece of malware would be successful as few times as possible and quickly get stopped.

Rosen believes there are three elements to dealing with cybersecurity threats: plan, prepare and practice.

Companies need to have a plan already in place so that they don’t have to react on the fly amid a crisis. They can do that by knowing their team’s skill level, how to get the facts about a threat, and who the cybersecurity experts are outside of their organization.

He stressed the importance of practicing incident response plans. When Rosen was at the Department of Homeland Security, they practiced incidents and responses with “everything from hurricanes to cybersecurity attacks.”

Rosen walked through the steps of what happens once the government detects a cyberattack or data breach. The first reaction is to find out what exactly happened and gather as many facts as they can. Then they form a response, mitigate any threat and make sure it doesn’t become active. If it is active, they take the steps to weaken the threat as much as possible.

He noted that working with the private sector along the way was key to combatting a cyberattack.

SEE: Infographic: Almost half of companies say cybersecurity readiness has improved in the past year (Tech Pro Research)

Cybersecurity challenges are not going away anytime soon. In order for companies to stay ahead they need to expect the unexpected. “[Cybersecurity threats] don’t just affect one business, or one state or one country.”

“Everything from patching networks, to encrypting sensitive information to having a plan and practicing a plan–those are just some examples of some steps companies should really be thinking about because this world of global cybersecurity threats is certainly here to stay.”

More security news: