Phone: (202) 296-5505 Email:

New Call-to-action

 Back to all posts

As a GSA Schedule Contractor, You Need to Understand These Cyber Risks Blog Feature
John Abel

By: John Abel on January 30th, 2019

Print/Save as PDF

As a GSA Schedule Contractor, You Need to Understand These Cyber Risks

GSA Schedule | 3 Min Read

Once you are awarded a GSA Schedule contract, you are granted access to many platforms and resources to assist in growing your company’s presence in the public sector. 

As a GSA Schedule contractor, websites like, GSA Advantage!, GSA eLibrary, and more become important assets for success in the federal market. The issue is, contractors and government buyers aren’t the only ones that see these resources as valuable.

As a business owner, one of the most pressing issues one can face is cybersecurity.  Hackers and those with foul intentions absolutely do not discriminate when it comes to targeting businesses. Sure, breaches at large corporations are the most visible and make the most headlines, but small to medium sized businesses are just as susceptible to a cybersecurity breach.

Due to the high visibility of GSA Schedule contractors online, with just a little bit of work, hackers are able to access non-confidential information such as email addresses, telephone numbers, and more. GSA FSS has no general cybersecurity requirements, although Schedule IT70 is such a large piece of the puzzle for the Schedule program. 

Although outside compromises and attacks are where most corporate officials’ minds will go when considering cybersecurity and the strength of their network, it is most common for the breach to come from inside the network – via your company’s email server. Breaches that have been caused internally are rarely intentional and are often the result of a well-done email spoof, bogus solicitation document, sketchy attachment, or a compromised link.

As a GSA Schedule contractor, you will receive a large influx of emails from different websites, agencies, and databases daily. This can make it difficult to discern which are actually from who they say they are, and which could be a phishing concern.

As a Consultant, one of the most common questions that I receive from clients is “Is this email legit?”. With a little research and a cautious approach, we can determine whether something requires attention or should be immediately deleted. Always remain vigilant and exercise caution when it comes to emails and websites with which you are not familiar. Using these helpful tips below, you will be able to thwart any attempted phishing or viral attacks on your company’s network.

1. Don't Click Sketchy Links

Hover over the link with your mouse to discover the identity of a hyperlink.

2. Don't Send Confidential Information Via Email

Often, an email scam will ask for banking or credit card information, as well as other sensitive company information.  Legitimate government buyers and platforms will never ask you to send confidential information for payment via email.

3. Read The Address Carefully

Malicious email spoofs are mostly sent via fake email addresses that slightly resemble real government email addresses.  All official correspondence with the government through GSA will be sent using a .gov email address.  If you see a .com, .net, .org, do some more research on the sender.

4. Don't Open Attachments You Aren't Expecting

Email scams will sometimes send bogus attachments with harmful code attached to them when the download to your PC.  It’s always a good idea to vet attachments that you don’t recognize immediately.

5. Search The Sender!

Sometimes, a quick Google search can reveal whether an email source is legit.  For those that are a little more difficult to find, many watchdog scam email database websites are available online to help.

And finally, contact us!  As a GSA Schedule contractor, you’re required to provide your email for a multitude of government platforms, databases, and documents – there’s no way around it.  Unfortunately, hackers will view this as an opportunity to exploit these public record resources.  However, with a bit of due diligence, you can avoid a potential network breach. 

Being in the federal purchasing space for over 15 years, Winvale has seen just about every email scam out there, from the blatantly fake to the very, very convincing.  Our team shares a wealth of knowledge based on these previous experiences with our clients which allows us to help small and medium sized business owners maintain their network’s integrity and prevent breaches. 

There’s always more to learn when it comes to GSA! In order to learn more on the pros and cons of GSA schedules, feel free to give us a call!

Cybersecurity Risks for GSA Schedule Contractors


About John Abel

John Abel is a Lead Consultant at The Winvale Group focusing on government contracting and federal acquisition opportunities for businesses. He is a native of Stafford, Virginia and graduated from James Madison University with his Bachelor's of Arts in History.