How the SolarWinds Hack Could Affect Your Business’ Cybersecurity

One of your many obligations as a business owner is cybersecurity– not only for your own personal and business data (including contact and financial access information, personal identity forms, and more) but also for that of your customers, clients and other businesses that you work with. Cybersecurity is of the utmost importance not only in protecting this sensitive information but in ensuring your business can continue its operations and avoid legal strife. What the SolarWinds hack has shown is that cyberattacks are continuing to evolve into more severe and intricate threats.  As a business owner, it’s crucial to keep this in mind as you make important decisions about cybersecurity measures.

Last December, a massive cyberattack reported within the United States drew attention to the urgent need for enhanced cyber defenses both from a governmental and from a private industry standpoint.   SolarWinds, a major technology firm, was the victim of a data breach that resounded not only in massive data breach risks throughout branches of the United States government and major companies like Microsoft. The initial cyberattack went unnoticed for months, and when an update was sent to up to 18,000 SolarWinds customers, the affected software also sent the attackers’ codes out to its clients, leaving them vulnerable as well. According to the Wall Street Journal, these customers include high-profile government agencies and businesses, including parts of the Pentagon, the Department of Homeland Security, the State Department, the Department of Energy, the National Nuclear Security Administration, and the Treasury, as well as Microsoft, Cisco, Intel, and others like the California Department of State Hospitals, and Kent State University. (https://www.wsj.com/articles/solarwinds-hack-victims-from-tech-companies-to-a-hospital-and-university-11608548402?mod=djemalertNEWS) After such a massive series of software breaches, the involved entities are still working diligently to discover the full scope of the damage done, and it may take years to fully secure the networks once again. 

This breach, one of the largest in recent times, has sparked a new focus on bringing cybersecurity up-to-date to meet growing threats.  It has acted as a catalyst within the cybersecurity industry, stirring changes to invest and adapt, and for businesses to work under the assumption that breaches may have already occurred as opposed to focusing solely on prevention. As for how this might affect your own business, keep in mind that because cyberattacks can often be undetected at the start, you may want to consider new or revised methods to catch and resolve them, including learning how to notice signs of an attack and having a plan of action in the event you find yourself a victim.   

As a business attorney who also helps client with cybersecurity matters, I can help to guide you in creating thorough steps and procedures to protect your business, including employee training, software protection, data handling, maintaining a strong defense, and creating a contingency plan. Let’s start a discussion today.

The information presented here is for general educational purposes only. It does not constitute legal advice and does not create an attorney-client relationship.