The U.S. Internet Revenue Service now says that criminals already had most of the information that credit bureau Equifax lost in a breach that revealed personal information about nearly 150 million people. The incident at Equifax and the IRS’ mid-October admission of how much-stolen data was already in criminal hands may force changes in how the world handles personal information.

That will not happen quickly enough to stop today’s criminality. And while Equifax has been in the news and is the focus of this post, everyone’s personal information is at risk. Fortunately, the steps necessary for protection post-Equifax are broadly useful for protection from other data theft incidents.

I’ve prepared this 9-point response plan from personal experience, public sources, and our Afilias research. It represents what I believe everyone—especially those potentially impacted by Equifax—should do.

How should you respond?

1. Find out if you’ve been compromised. Equifax has set up a site where consumers can enter their last names and last six digits of their Social Security numbers. Click on the red “Potential Impact” button to be taken to the instructions and the form for entering your personal information.

Most people will see the system respond: “Based on the information provided, we believe that your personal information was not impacted by this incident.” This statement should not lull consumers into a false sense of security as the events surrounding the breach may still be unfolding.

Note: There was concern that Equifax was asking consumers to opt-out of a potential lawsuit against the firm in order to receive the freebies, something the State of New York says is illegal and unenforceable. It may have even gone away by the time you read this, but if you are concerned, there is a way out. You should then look at our item 9 and consider a paid identity-theft prevention service.

2. Sign up for credit monitoring. Equifax is making a suite of credit monitoring and identity protection services available for free to all Americans, regardless of whether their information may have been stolen.

According to ConsumerReports.org, “since the service is free and it’s relatively easy to sign up, it’s a worthwhile safety precaution.” Sign-up by clicking on TrustedIDPremier on the Equifax site.

3. Equifax is offering five free services. The first free service gives consumers a free copy of their credit report. The second monitors credit usage and notifies of any changes at the three largest credit reporting agencies, Equifax, Experian, and Trans Union. The third free service scans websites for the customer’s Social Security number, while the fourth offers up to $1 million worth of identity theft insurance.

4. Freeze your credit. The fifth free service allows consumers to freeze their credit, preventing anyone from taking out a loan or opening a credit card account in your name. Freezing is a much stronger way to prevent fraud that account monitoring can accomplish.

But, as ConsumerReports.org points out, a credit freeze can be a source of inconvenience. “Which means that when you’re applying for credit—say, a mortgage, a home equity line or even a store credit card—you’ll have to go in and unfreeze your credit line before you do so.” Equifax makes it easy to freeze and unfreeze consumer credit online.

5. Check your accounts. Now and forever. The size of this breach, on the heels of all the previous ones, means anyone who does not regularly monitor their credit, banking, and other accounts is courting disaster.

6. Update and secure email and other accounts. Regular password changes, elimination of single passwords being used on multiple services, enabling two-factor authentication, and increased vigilance against phishing emails seeking to compromise personal information are all wise moves.

The New York Times’ Wirecutter tech reviews site recommends LastPass as its top password management application and service, capable of giving users strong and secure passwords that they do not actually have to remember.

7. Familiarize yourself with the look and feel of identity theft. There are many guides and sources of advice, even counseling, for individuals who are potential victims of identity theft. While it can feel daunting, consumers must understand what they should be looking for and know when they should report suspicious activity. For example, while many monitoring services will alert a customer if there is a new account or activity detected, they will be unaware of the new mail you may be receiving about a new account or subscription. Identity theft can take many forms and users should understand the scope of it. Resources include IDTheftInfo.org and the Federal Trade Commission’s 40-page “Identity Theft: A Recovery Plan.”

8. Pay attention to the latest news and share awareness. Use trusted legitimate sources for recommendations. It is counterproductive if bad advice is shared, so be sure to check sources before sharing. Consider alerting your friends and family if you were affected so they can be alert for criminals posing as you. The criminals will have your real identity and may come across very persuasively to your family and friends. If they have been alerted, they may spot the deception more easily.

9. Paid options. You may prefer to pay for independent protection, and if you do, there are many commercial services that claim to protect consumer privacy, most range in price between $10 and $30-per-month. It was hard to find a good, comparative independent review of the services, but Tom’s Guide updated theirs in mid-October, and we refer you to it for help in deciding whether these services will meet your needs and budget.

I hope and believe this incident will change how business deals with consumers’ personal information, but, as I said, it won’t happen today or tomorrow. In the meantime, I hope the suggestions above are helpful.