Cybersecurity Tips for GSA Contractors
Once you are awarded a GSA Schedule contract, you are granted access to many platforms and resources to assist in growing your company’s presence in the public sector. As a GSA Schedule contractor, websites like SAM.gov, GSA Advantage!, GSA eLibrary, and more become important assets for success in the federal market. The issue is contractors and government buyers aren’t the only ones that see these resources as valuable. While these sites are crucial for contractors, it also makes their company highly visible with non-confidential information such as email address, numbers, address, and therefore susceptible to a cybersecurity breach.
Cybersecurity is a pressing issue for government contractors, even for small to mid-sized businesses. While you may be aware of the regulations the government puts in place for contractors to protect their networks, there are also more simple day-to-day practices you can follow to make sure your company eliminates cyber threats.
Cyber Attacks Can Happen Where You Least Expect
Although outside compromises and attacks are where most people’s minds will go when considering cybersecurity and the strength of their network, it’s most common for the breach to come from inside the network – via your company’s email server. Breaches that have been caused internally are rarely intentional and are often the result of a well-done fraudulent email address, a bogus solicitation document, malicious attachments, or a compromised or sneaky link. If you employees are not aware of this and do not have basic practices in place, they could unintentionally allow a threat into your network.
How Can I Tell if there is a Cyber Threat?
As a GSA Schedule contractor, you will receive a large influx of emails from different websites, agencies, and databases daily. This can make it difficult to discern which are actually who they say they are, and which could be a phishing concern.
As consultants, we often receive questions from clients like, “Is this email legit?”. With a little research and a cautious approach, we can determine whether something requires attention or should be immediately deleted. Always remain vigilant and exercise caution when it comes to emails and websites with which you are not familiar. Using these helpful tips below, you will be able to thwart any attempted phishing or viral attacks on your company’s network.
1. Don't Click Suspicious Looking Links
Hover over the link with your mouse to discover the identity of a hyperlink. These sketchy links may be paired with urgency or pressure to fix something crucial. At a glance, it may look like a reliable source from a well-known, trustworthy source, so it's important to check your links as a general rule, especially if you may be asked for significant or confidential information. If you have any doubts, don't click on it.
2. Don't Send Confidential Information Via Email
Most often, an email scam will ask for banking or credit card information, as well as other sensitive company information. Legitimate government buyers and platforms will never ask you to send confidential information for payment via email. There are safe and confidential portals and means of communication if that information is necessary to share, but email is not one of them. Avoid writing and/or sending that information by means that could be hacked or if even the recipient could be hacked or possibly fraudulent.
3. Read the Address Carefully
Malicious email spoofs are mostly sent via fake email addresses that slightly resemble real government email addresses. All official correspondence with the government through GSA will be sent using a .gov email address. Make sure everything is spelled correctly and seems official. If you see a .com, .net, or .org, do some more research on the sender.
4. Don't Open Attachments You Aren't Expecting
Email scams will sometimes send bogus attachments with harmful code attached to them called malware that infect your computer when downloaded. It’s always a good idea to vet attachments that you don’t recognize immediately. They can disguise themselves as familiar excel, pdf, word docs, and more in order to get your guard down. If you aren't expecting the document, don't open it.
5. Search the Sender
Sometimes, a quick Google search can reveal whether an email source is legit. For those that are a little more difficult to find, many "watchdog" scam email database websites are available online to help. This is not a new phenomenon and there are plenty of experienced people on your side who are available to help.
Do You Need Help Managing Your GSA Schedule?
As a GSA Schedule contractor, you’re required to provide your email for a multitude of government platforms, databases, and documents – there’s no way around it. With these tips above, you and your company will hopefully have a leg up on harmful cyber threats. However, keeping up with GSA Schedule requirements and regulations can be overwhelming. If you need help managing your GSA Schedule, or have questions about what you need to do to keep up with it, one of our consultants would be happy to help you.
About Lillian Bohan
Lillian Bohan is a Consultant for Winvale’s Government Contract Services Department. Originally from Chesapeake, Virginia, she has earned her Bachelor of Science in Business Administration as well as her Bachelor of the Arts in Classical Civilization from the University of Mary Washington.