Getting hacked is a terrible scenario for anyone, whether they were victimized as an individual person or as a business. Once you’ve recovered from the shock (and don’t worry if you feel a little more violated than you might expect—that’s a normal feeling to have) you might be left wondering what you’re supposed to do. Is there a responsible protocol you need to follow after your personal computer or your network has been hacked?

After You Are Hacked

One of the hardest parts of a post-hack protocol is that no two hacking scenarios look exactly alike. Yes, there might be many similarities. But how the hacker got into your system and what they did to damage your digital property is going to be unique to your situation.

Your recovery plan is going to include trying to fix the damage that the hacking has done (or minimize the damage if it is unable to be fixed) and then improving your level of protection so that hacking can’t become a problem again.

The Obvious Hack

You might not know the extent of the damage when you first discover the hacking. Depending on how you found out you’ve been hacked, you could have some idea of what the hacker has done. For example, think about a business that finds out all the email addresses within their customer database have been sent spammy emails. Or the individual who finds out that their online banking has been compromised because the hacker has funneled online payments. In these situations, you as the hacking victim have some idea of what the hacker has gained access to.

The Hack You Don’t See

But here’s the difficult part: You have to take into account everything else the hacker has access to that you don’t know about right away. For example, if that hacker has been able to access the email addresses within your customer database, does that mean the hacker also has access to other information about your customers—including personal information, such as their payment information?

Some hackers have different motives from others. If a hacker is trying to profit off this violation, then they will go after things like payment information. If the hacker is just somebody who wants to cause trouble, the worst you might be seeing is spammy emails sent from your account.

Who Should You Contact?

Contact everyone who might have been affected by this hack and let them know what happened. In the best of situations, an apology for the inconvenience could be all that’s necessary. Unfortunately, most situations will require more than that. A hacking could end up being an expensive problem that a business needs to solve. For example, let’s say that security was breached on a database where you keep customers’ social security numbers, you should be prepared to pay for a year of credit tracking for those customers who are affected. This will protect them from potential identity theft, and it protects you from a serious lawsuit.

For individuals who have had their accounts compromised, they might not have to go to the same lengths as a business—but they should still take care of themselves the same way a business takes care of its customers. When you find yourself in this situation, contact your bank to let them know they should be on the lookout for any suspicious activity. If you are at risk of identity theft, contact the Federal Trade Commission and set about creating a recovery plan to keep your identity safe.

Improve Your Online Security

The next step is to improve your online security so that a hacking is less likely to happen again. Unfortunately, many people are far too lax in their online security until they become the victim of a hacking. This hacking is a reality check that they need to be better about keeping their online presence safe.

Change All Passwords

Start by changing all passwords, not just on the compromised accounts but on all websites and apps that require a password, particularly if that website or app used the same password as the compromised site. Yes, it’s convenient to have the same password for your email address, your Facebook account, and your PayPal account. But this convenience leaves you vulnerable. Instead, you should have a different email address for each one. Strengthen your password by including a combination of lowercase and uppercase letters, numbers, and special characters. Ideally, your password won’t include any words or number combinations that are obvious, such as your name or your birthdate.

Two-Factor Authentication

You should also select two-factor authentication for any online security. A password is good for keeping you safe, but it’s even better if you have a password and a security question or a password and face recognition. Two types of security are better than one. Remember to be careful about what information you put out on social media. Even though some Facebook surveys seem