CapLinked launches a brand new security attribute ‘FileProtect’ to its digital dataroom which could revoke access to files shared with external parties, even when they have been downloaded.
The target of the new FileProtect security attribute is to extend record controls (Document Rights Management or DRM) beyond the boundaries of the virtual dataroom.
Within the secure environment of this virtual data room, consumer accessibility is already restricted and user rights can be assigned on particular folders or documents. These rights can include preventing the usert to start, copy, print or download a document. And when users do have these rights, they can be revoked at any time for example when their involvement in a transaction ends.
However when users may download a document, in principle there are no limits to what they can do with this (technically). And despite legal security, probably in the kind of a confidentiality agreement, technical assurances are sometimes desired to control access even after the record has been downloaded. FileProtect allows just this, it is a way to reverse block and access opening, copying, and printing of Microsoft Office and Adobe PDF files even after they’ve been downloaded. This is if the transaction ends or when a deadline passes.
The best of all for us in Dataroom Review is that FileProtect functions with plugins that must be installed on the end-user computer. We’ve never been a lover of plugins as these are notoriously hard to install in managed IT environments (such as those of law firms, accountants, banks and lots of consultancies). By adding post-download DRM to documents without needing local plugins, CapLinked reaffirms its intent to innovate and offer plugin-free security, and earns our appreciation for doing so.
CapLinked’s FileProtect delivers strong protection with ease-of-use. Security doesn’t have to come at the expense of the consumer experience.
Versions is a new feature to the Firmex VDR that allows users easy access to the most recent version of a document, while retaining older versions too.
We’re seeing innovation in the VDR industry by incorporating workflow and collaboration features to the base secure document sharing system. Some of those additional dataroom providers are adding similar features for handling multiple versions of the identical document, and Firmex certainly attempts to stay ahead of the curve concerning features and usability.
« We’re very excited about this new attribute, » said Firmex CEO Joel Lessem. « It’ll bring a new level of organization and ease into the deal making process, and assist our clients succeed. »
V-Rooms private label
By providing a ‘private label’ or ‘white label’ version of their virtual dataroom, V-Rooms opens up its platform for investment banks, investors and other professionals to offer you a secure file sharing platform in their own, branded fashion, name and logo. V-Rooms claims this will also make the platform more appealing as an investor stage, for example for for private placements, or for clinical trials in the pharmaceutical and medical industries.
V-Rooms is a US-based digital data room provider with competitive pricing. V-Rooms Virtual Deal Marketplace (VDM) integrated with WuFoo forms, and the firm plans to add additional integrations to automate processes and workflow.
Back in December 2014, a major incident involving theft of M&A information found a heightened concern for information security in M&A. Dataroom providers and especially users must improve their awareness about information protection.
About the 1st of December 2014, security company FireEye reported that a highly complex group of hackers called ‘Fin4′ was stealing confidential M&A data from almost 100 publicly traded companies or their advisory companies.
Watch the full video report from Bloomberg under (complete credits to Bloomberg’s article « Hackers With Wall Street Savvy Stealing M&A Data »).
The news comes as a jolt to the business. While advice leaks and insider trading have existed for a long lime, the elements of this attack are yet hidden. Read the specifics below.
Confidential information was stolen, specifically non-public info regarding merger and acquisition (M&A) deals and major market-moving announcements of publicly traded companies.
No details were released about the firms which were targeted. Before however, attacks frequently targeted the healthcare and pharmaceutical industries where stock prices may make substantial swings on information of mergers, clinical-trial results and regulatory decisions.
Why would hackers wish to get confidential M&A info?
Presumably the information was stolen with the intention of insider trading, gaining an unfair advantage in the stock market by using non-public info.
This insider trading might have been accomplished by the hacker group right trading at the stocks that were affected, or maybe by selling the data to other people. It’s unknown if specialist investors or hedge funds might be involved.
Yet other reasons are also possible, as this type of information could be beneficial in a variety of situations. An opportunity is that the opposing sides of merger discussions would want to gain insight in the other side’s strategy. Or similar, a lien within an M&A auction needing knowledge about competing bids. There is no way to tell at this stage.
Who’s behind these attacks?
The unknown group of attackers dubbed ‘Fin4′ by investigators at FireEye aren’t your average assailants. In earlier times hacker attacks often originated in Asia or Eastern Europe, but not this time.
The hackers are native-English speaking, likely US-based or Western European. The team has a very clear history in the financial industry, probably from having worked (or still working??) on Wall Street. They reveal extensive virtual dataroom industry knowledge and understand the nuances of financial sector regulatory and compliance criteria. Simply speaking, this is an assault by financial sector insiders.
Fin4 is thought to have started over a year ago, at least since mid-2013. So they’d have had plenty of time to gain from their illegal activities.
How can they slip the information?
Also different from preceding hacking events, the attack was not so much technical but social in nature. Fin4 failed to use malware to infect IT systems, but used sophisticated social engineering tactics.
The group could send dangerous variations of valid corporate documents and employed expert knowledge on product development, purchasing, M&A and legal problems to attain user’s email passwords. They focussed their focus specifically on the accounts information of individuals with insider knowledge about M&A deals, including leading executives, attorneys, advisers, bankers, advisors, etc..
What can you do to protect yourself?
Providers of virtual datarooms have produced data security the center of their business model. However, this attack shows that’s pays to concentrate on the weakest link in the security chain: the end-user. We advocate end-users be particularly cautious when handling confidential data and documents, as we’re a key part in preventing both social and technical bookmarking. We therefore urge to:
Meanwhile, the FBI and SEC are reviewing the FireEye report and will attempt to track down the hackers.