Interview all stakeholders (network, security, system and business) to understand the root causes better.
Fix the problem, obviously, but move beyond tactical decisions to form a strategic security plan for the future.
Communicate the situation clearly to end users. Then, develop a plan for ongoing training.
Embrace stronger credential storage and encryption practices, including migration to SHA-512 with salting.
Migrate to multi-factor authentication for B2B applications and internal users.