The National Counterintelligence and Security Center (NCSC) within the Office of the Director of National Intelligence released security guidance last week to help protect emerging technology startup companies from threats posed by nation-state actors.
The Secure Innovation guidance by NCSC – developed in collaboration with the United States’ Five Eyes intelligence alliance: Australia, Canada, New Zealand, and the United Kingdom – aims to provide startups with “cost-effective measures” and “security practices” that “can protect [companies’] competitive advantage.”
“It is not possible to protect everything against every threat, especially for small companies with limited resources,” the guide reads. “Security decisions should be prioritized, and based on a thorough understanding of what is most important to your survival and success. Security will be more robust where it is based on a combination of information, physical, personnel, and cyber security measures.”
The guidance urges tech startups to understand potential vulnerabilities, establish clear ownership of security risks within the business, and appoint a security-focused board lead.
NCSC’s guidance focuses on state actors who may seek to steal companies’ technology to target and harm their citizens, increase their military advantage, or fast-track their own technological capability. Identifying the most valuable assets and identifying security risks is the best place to start in protecting against these threats, the guidance notes.
Building in security measures as companies scale and expand into new markets is also key to cybersecurity, NCSC continued, stating that practices including enabling firewalls, employing encryptions, and used trusted internet connections can assist in threat mitigation. “Weak IT protocols can provide an easy way for your business to be exploited,” said NCSC.
Verifying trustworthiness in partnerships outside of internal standards and practices can safeguard intellectual property, NCSC added.
“Partnerships increase the number of external routes into your organization and any information or data you may share,” the guidance reads. “To help your company grow safely, manage the additional risks that collaboration brings.”
The guidance includes case studies and other resources from the intelligence community to assist tech startups in securing their systems.