Information or data is the crown jewel for many organizations. While breaches at big corporations such as Target, Sony, and Home Depot make the headlines, small and mid-size businesses are still prime targets for hackers. These businesses are especially vulnerable as they don’t have many of the security measures found in large companies. They have to worry about perpetrators breaching their network through network devices or back doors, as well as employees knowingly or unknowingly handing out information to the attackers. The risks associated with security incidents can be damaging and can include financial, reputational, and operational setbacks. Small and mid-size organizations are increasingly embracing the need for a sound cybersecurity strategy that sets a foundation to combat cyber risks and recover from security incidents in an efficient manner.
GSA is standardizing part number data on GSA schedules in order to provide higher quality, more meaningful, and complete descriptive data to customers while enhancing competition and saving taxpayer dollars. GSA is now requiring a Manufacturer Part Number (MPN) for each awarded product, as well as a Universal Product Code Type A (UPC-A) for each awarded product for which this information is commercially available. Access to this information will improve overall data integrity, encourage additional business from customers and reduce shopping time by giving customers the ability to quickly and accurately compare identical products. This initiative will allow for greater transparency and improved business intelligence that will enable customers to make smarter, data-driven buying decisions. GSA believes this will yield increased customer confidence while reducing price variability. GSA began efforts to obtain this data from existing contractors in the 45 days since the release of this Federal Register notice, published on May 13, 2015.
In November 2013, the Department of Defense (DoD) issued a final rule that Unclassified Controlled Technical Information (UCTI) is vital to national security and must be protected. In turn, the DoD issued a new DFARS clause 252.204-7012 for the safeguarding of UCTI, which will be required for all new DoD contracts and subcontracts, and will affect companies of all sizes. The clause has two main compliance components in regard to UCTI:
A recent study has found that internal threats to data security can be just as dangerous as external data breaches. The study found that 36% of breaches stemmed from inadvertent misuse of data by employees. While some of this can be attributed to ignorance, many companies are simply not doing enough to keep company data secure from internal threats.
Some important things to consider when thinking about your internal structure as it relates to data security: