Six Information Security Tips to Mitigate the Risk of a SolarWinds-Like Breach
Privacy, Cyber & AI Decoded Alert | 1 min read
Jan 13, 2021
The impacts and implications of the recent SolarWinds breach are widespread and on-going. SolarWinds' network-monitoring and management software was used by customers worldwide—including the U.S. military, Fortune 500 companies, government agencies, and educational institutions—to manage their own computer systems. The apparent expert consensus is that Russia used SolarWinds' hacked program to infiltrate roughly 18,000 government and private networks.
Microsoft and FireEye, both victims of the hack, have issued reports detailing the malware specs that hackers added to the SolarWinds' monitoring product updates that were uploaded to customer computers. The Cybersecurity & Infrastructure Security Agency, the New York State Department of Financial Services, and other cyber agencies and regulators have issued advisories requiring immediate action by entities using the affected SolarWinds products or usage by third parties with access to regulated entities' networks and data. There are also increasingly pointed news reports concerning SolarWinds' management and security practices.
Even for organizations not directly impacted, this incident provides incentive to revisit basic security hygiene. In particular, it is important to manage the security risks associated with third-party service providers to ensure that the security of information and information assets is not reduced when: (1) exchanging information with the third party, or (2) introducing their products and services into your environment.
Complacency with respect to third parties is unwise. Organizations can take a few critical steps to improve their security:
- Confirm that you and your third-party vendors are not implicated by the SolarWinds breach
- Re-risk assess your data and information system assets and current security posture
- Revisit your due diligence process for third-party service providers and your procurement of technology
- Revisit employee security education and training
- Enhance your protocols for data and information systems access, including authorizations, network segmentation, and backups
- Test your security incident response plan, including, in particular, new reporting and notification requirements to regulators and government agencies
Related Capabilities
Featured Insights
Event
Mar 3 – 5, 2026
25th Annual Legal Malpractice & Risk Management (LMRM) Conference
Press Release
Feb 13, 2026
Hinshaw Team Wins Appeal in Criminal Indictment of Waukegan City Clerk Janet Kilkelly
Press Release
Feb 10, 2026
Hinshaw Trial Team Secures $0 Defense Verdict in $15 Million Auto Accident Trial
Event
Mar 3 – 5, 2026
25th Annual Legal Malpractice & Risk Management (LMRM) Conference
Press Release
Feb 13, 2026
Hinshaw Team Wins Appeal in Criminal Indictment of Waukegan City Clerk Janet Kilkelly
Press Release
Feb 10, 2026
Hinshaw Trial Team Secures $0 Defense Verdict in $15 Million Auto Accident Trial
Press Release
Feb 4, 2026
Hinshaw Celebrates 17 Consecutive Years of Being Named an Equality 100 Award Winner
Press Release
Feb 5, 2026
Hinshaw Legal Team Secures Directed Verdict in Florida Equine Fraud Case
Press Release
Feb 2, 2026
Hinshaw Welcomes 16 Attorneys in Seven Offices and Announces Opening of a Cleveland Office
Consumer Crossroads: Where Financial Services and Litigation Intersect
Jan 20, 2026
Press Release
Jan 20, 2026
Hinshaw Attorneys Named to the LCLD 2026 Fellowship Class and 2026 Pathfinder Program
Press Release
Jan 15, 2026
Hinshaw Client Secures a Complete Jury Verdict in Fraudulent Misrepresentation Horse Sale Case
In The News
Jan 9, 2026
Press Release
Jan 6, 2026
Hinshaw Adds Four-Member Consumer Financial Services Team in DC and Florida
Press Release
Jan 6, 2026
