First I would begin by ensuring that I have a clear plan in case a hack or a breach actually does occur. I would evaluate every access point someone could possibly gain access to the system, even if there is a small possibility I would ensure there is a solution for every possible area. Not sure if there is a term but I would have a system implemented that essentially flags or alerts the company to any suspicious activity. I would make the room for spontaneous decisions very limited with a strict set of guidelines. I would have the company on a secured line with only exclusive internet access and absolutely no free wifi.