Interview all stakeholders (network, security, system and business) to understand the root causes better.

Fix the problem, obviously, but move beyond tactical decisions to form a strategic security plan for the future.

Communicate the situation clearly to end users. Then, develop a plan for ongoing training.

Embrace stronger credential storage and encryption practices, including migration to SHA-512 with salting.

Migrate to multi-factor authentication for B2B applications and internal users.