Well, basically you need to know that an IT security incident cannot be taken lightly!
Measures must be taken immediately to uncover the cause of such an incident and prevent it the next time. However, what you have to pay attention to is the time factor, because if a hacker wants to get into your system, you have no time left and have to act before it is too late and you as a company suffer immense damage.
In the case of Germany, the State Office for Data Protection must be informed immediately about the incident, you can find the link here:
https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html
The most important thing is to know if something happened and if so, what happened.
However, before you take the next step, first check if there are any anomalies in your IT infrastructure, because if there are already massive anomalies like a ransomware encryption, then by all means pick up the phone, call the nearest IT forensics company that specializes in your size of business and request help and follow their instructions on how to proceed.
If the incident is minor, such as a report that a suspicious object has been found and quarantined by the antivirus software, then you can proceed with the next steps.
The easiest solution is to run all virus programs, update them and check for viruses
However, before you take the next step, first check if there are any anomalies in your IT infrastructure, because if there are already massive anomalies like a ransomware encryption, then by all means pick up the phone, call the nearest IT forensics company that specializes in your size of business and ask for help and follow their instructions on how to proceed.
If the incident is minor, such as a report that a suspicious object has been found and quarantined by the antivirus software, then you can proceed with the next steps.
The next step is to make sure all operating systems are up to date. If an entire infrastructure has been compromised, all passwords must be replaced with the help of a password manager.