An online bid process can help prevent anticompetitive conduct. It can also present data security challenges. We’ve outlined principles that can help you protect the information you collect.
Asking vendors to submit bid proposals electronically prevents competitors from gathering in the same place at the same time, which could create opportunities for collusion. Plus, electronic bidding can be more efficient for both your organization and bidders.
While using an online bidding process can eliminate opportunities for collusion, it does come with different risks. You can and should take preventative measures to lower your organization’s risk of becoming a victim of cyberattacks or data breaches.
The Ohio Attorney General’s Office advocates following five key principles of sound data security: 1. Take stock; 2. Scale down; 3. Lock it; 4. Pitch it; 5. Plan ahead.
Take stock: When using an online bid system, you should know what information your system holds, where it is held, and who has access to it. Only members of your organization should be able to see who has bid and what they’ve bid until the contract has been awarded.
Scale down: Only ask for relevant information in your requests for bids. When you only collect and store the most relevant information, you create less liability. Not only does scaling down the requested information help you, it also helps vendors save time and resources.
Lock it: Secure the online bid system, and control who has access to it. The Ohio Attorney General’s Office recommends using a passphrase, instead of a password. A passphrase is an easy-to-remember combination of words that is longer and more complex than a traditional password. For example, a passphrase like $toreB1dInfoH3r3 is relevant to the database you’re accessing, making it easier to remember. Plus, the symbols, numbers, and capital letters increase the phrase’s strength. In addition to passphrases, take precautions against malicious programs, also called badware, or more commonly, malware. Badware includes a host of software or programs installed on a user’s computer without the user’s consent or knowledge. Malware ranges from the relatively benign to more harmful types like viruses, Trojan horses, spyware, and other programs with malicious effects. Investing in anti-malware software or using a firewall can help prevent these programs from harming your system.
Pitch it: Once the information is no longer required, find a way to store the information securely or plan to delete it in accordance with your organization’s records retention policies.
Plan ahead: As cybercriminals grow more savvy and technology changes, so do the risks. Even if you follow the five key principles of sound data security, you may still be vulnerable to data breaches. That is why planning ahead is important. Put together a plan on how you will handle a breach if one occurs. Planning now can ensure that you’re ready to handle a future problem.
For more cybersecurity tips, visit the
Ohio Attorney General’s website.