Free practical cybersecurity guidance for organisations without a security team.
hello@actionsoncyber.com
Actions On Cyber logo
Contact
← Back to Actions On

Actions On: Supplier Breach

Use this drill when a supplier tells you they have had a cyber incident, breach or service outage.

Purpose: This drill is designed for small organisations without a dedicated cyber team.

Immediate actions

  1. Request a written incident summary.
  2. Identify what data, systems or accounts are connected to the supplier.
  3. Ask whether your data or credentials may be affected.
  4. Review supplier access to your systems.
  5. Record the timeline and decisions.
  6. Ask for next update times and recovery expectations.

Do not

  • Do not delete evidence before it is captured.
  • Do not ignore it because nothing appears to have happened.
  • Do not reuse passwords.
  • Do not delay reporting because it feels embarrassing.

Escalate if

  • Money, customer data, staff data or business-critical services may be affected.
  • You suspect criminal fraud or unauthorised access.
  • You are unsure what has been exposed.

After-action review

  • Was reporting simple?
  • Was MFA enabled?
  • Were roles clear?
  • What control would reduce the chance of this happening again?
Note: Practical guidance only. Seek specialist support where personal data, money loss or criminal activity may be involved.