There can be nothing more stressful than when a email account gets hacked for an end user. You never know the extent of the damage that can happen. There are lots of articles out there but they all seem to be missing a few very important points. Still worth reading for general information. For work emails your IT should have a defined process for the remediation, monitoring and future protection similar to what is mentioned below, but for their environment.
Many Times the hack is just the beginning of the assault. Yes you want to change your password right away, but the hack likely goes beyond that. But doing the password change does not necessarily help stop the assault. I have links to Gmail as examples of the areas you need to look at.
At minimum right away you should change the password and enable two-factor authentication.
Next you need to make sure you account settings have not been modified in the background to forward copies of email or have a recovery email/phone set to one that is not yours. This can allow control behind the scenes and the access to website accounts that use that email address and allows your email to be monitored. The hacker could get to banking and shopping sites.
I myself would do the above as a stop gap only. I would create a new email account and go through the process of changing any website logins to the new email address to be safe. Start with financial sites, shopping sites with saved credit card information and work your way to the less critical site.
Be safe out there and think before you click!