Step 1: Contact your IT leader.
Step 2: Assess if your system has been penetrated.
Step 3: Detect the extent of the hack.
Step 4: Notify clients – be aware of your state’s laws regarding alerting a client when you’ve suffered a breach involving their data.
Step 5: Conduct a post-mortem.