In order to legally operate, businesses must comply with certain requirements regarding their labor practices, safety procedures, and transactions. It's a no-brainer for management to make sure the company meets its legal obligations, because noncompliance of even the minimum requirements could result in missed opportunities and heavy penalties for certain industries.
For many years, small and medium businesses (SMBs) were unlikely targets for sophisticated cyberattacks. But contrary to popular belief, this has changed dramatically in the past few years as SMBs become more reliant on IT systems while still suffering from weak security and encryption, and lack of security knowledge and best practices.
First things first: If you are a contractor or subcontractor under the employ of the US Department of Defense, you will be required to comply with something called DFARS.
DFARS is the Defense Federal Acquisition Regulation Supplement, and it contains a new clause that takes effect in 2017. It stipulates that every organization handling, storing, processing, or transmitting Department of Defense (DoD) data must meet certain conditions pertaining to the safekeeping and dissemination of that data.