The first step in dealing with a cyber security incident, like any emergency, is to raise the alarm to alert the appropriate professionals, so they can coordinate an appropriate response to the incident. It’s always important to; keep calm, and assess the situation, take screenshots if you’re able to, report the breach to your IT team, take note of any actions you need to follow and don’t forget to inform your own team/department - an important step if you have shared folders.
Leading on from this, the next step in dealing with a cyber security incident is to manage and contain the breach as best as you can so that it doesn’t escalate further, potentially causing further damage. The precautions we’d advise you to take are to; install any pending security updates or patches, disconnect affected device/s from the internet and disable remote access on affected device/s. Once you’ve followed these steps it’s always a good idea to change passwords and credentials and don’t be tempted to switch off any affected device/s, as doing so could destroy evidence that can help to uncover who the attackers are and what they’ve done.
Last but not least the final, but arguably most important step in dealing with a cyber security incident is to learn from the situation, so you’re better equipped to deal with future breaches, should they occur. It’s important during this stage to not be too harsh on yourself as attacks can happen to anyone, reflect on what went well and what didn’t and identify areas for improvement; undertake any relevant training and change bad habits to improve security.