Conducting tabletop exercises is crucial in the preparation phase because it allows the incident response team to simulate a cyber-attack scenario in a low-risk environment. This helps in identifying potential weaknesses in the incident response plan and improves the readiness of the team. Periodically reviewing and updating tools ensures they are effective and operational, but this does not directly simulate an incident. Encrypting sensitive data, while it is a good security practice, is not specifically a preparatory action for incident response. Developing proprietary security standards may not align with industry best practices and does not ensure efficient recovery from an incident.