CapLinked launches a new security feature ‘FileProtect’ into its virtual dataroom which could revoke access to documents shared with outside parties, even when they’ve been downloaded.
The target of the new FileProtect security feature is to expand record controls (Document Rights Management or DRM) past the boundaries of their digital dataroom.
Within the protected environment of the digital data room, user accessibility is already limited and user rights can be assigned on specific folders or documents. These rights can consist of preventing the usert to open, copy, download or print a document. And when users do have such rights, they can be revoked anytime for instance when their participation in a transaction ends.
But if users may download a document, in principle there are no datarooms.org limits to what they could do with it (technically). And despite legal security, probably in the kind of a confidentiality agreement, technical assurances are sometimes needed to restrain access even after the record has been downloaded. FileProtect allows this, it is a way to reverse block and access opening, copying, and printing of Microsoft Office and Adobe PDF files when they’ve been downloaded. This is if the transaction ends or when a pre-set deadline passes.
The top of all for us in Dataroom Review is that FileProtect works with plugins that must be installed on the end-user computer. We have never been a fan of plugins since these are notoriously difficult to set up in managed IT environments (such as the ones of law firms, accountants, banks and many consultancies). By incorporating post-download DRM to documents without needing neighborhood plugins, CapLinked reaffirms its intention to innovate and supply plugin-free safety, and earns our admiration for doing so.
CapLinked’s FileProtect delivers strong protection with ease-of-use. Security does not need to come at the expense of the consumer experience.
Versions is a new feature to the Firmex VDR which enables users easy access to the latest version of a record, while retaining older versions as well.
We’re seeing innovation in the VDR industry by incorporating workflow and collaboration features into the base secure document sharing platform. A number of the additional dataroom suppliers have been adding similar features for managing multiple versions of the same record, and Firmex certainly attempts to stay ahead of the curve concerning usability and features.
„We are very excited about this new attribute,“ explained Firmex CEO Joel Lessem. „It will bring a new level of ease and organization into the deal making process, and assist our customers succeed.“
V-Rooms private label
By offering a ‘private label’ or ‘white label’ version of their digital dataroom, V-Rooms opens up its stage for investment banks, investors and other professionals to offer a safe file sharing platform in their very own, branded style, name and emblem. V-Rooms asserts that this will also make the system more appealing as an investor platform, for instance for for private pensions, or for clinical trials in the pharmaceutical and medical businesses.
V-Rooms is a US-based virtual data room supplier with competitive pricing. V-Rooms Virtual Deal Marketplace (VDM) integrated with WuFoo forms, and the firm plans to add additional integrations to automate workflow and processes.
In December 2014, a major incident involving theft of M&A information saw an increased concern for data security in M&A. Dataroom providers and users must improve their awareness about data protection.
About the 1st of December 2014, safety company FireEye reported that a highly sophisticated set of hackers called ‘Fin4’ was stealing confidential M&A information from nearly 100 publicly traded companies or their advisory companies.
See the full video report from Bloomberg under (full credits to Bloomberg’s post „Hackers With Wall Street Savvy Stealing M&A Data“).
The information comes as a shock to the industry. While advice leaks and insider trading have been around for a long lime, the components of the attack are as yet unseen. Read the specifics below.
Confidential data was stolen, especially non-public info about merger and acquisition (M&A) deals and major market-moving announcements of publicly traded businesses.
No details were released about the firms that were targeted. In the past however, attacks often targeted the pharmaceutical and healthcare companies in which stock prices can make significant swings on information of mergers, clinical-trial outcomes and regulatory decisions.
Why would hackers wish to get confidential M&A info?
Presumably the data was stolen with the intention of insider trading, gaining an unfair advantage in the stock exchange by employing non-public information.
This insider trading might have been accomplished by the consumer group right trading in the stocks that were affected, or maybe by selling the information to others. It’s unknown if professional traders or hedge funds might be involved.
However other motives are also possible, since this kind of information could be valuable in various situations. A possibility is that the opposing sides of merger discussions would want to gain insight into the other hand strategy. Or similar, a lien within an M&A auction wanting knowledge about competing bids. There’s no way to tell at this stage.
Who is behind these attacks?
The unknown group of attackers dubbed ‘Fin4’ by investigators at FireEye are not your typical assailants. In the past, hacker attacks often originated in Asia or Eastern Europe, but not this time.
The hackers are native-English speaking, probably US-based or possibly Western European. The team has a very clear history in the financial industry, likely by having worked (or still working??) on Wall Street. They reveal extensive industry knowledge and understand the nuances of financial sector regulatory and compliance standards. In short, this is an attack by financial industry insiders.
Fin4 is thought to have started over a year ago, at least since mid-2013. So they would have had plenty of time to gain from their illegal actions.
How did they steal the information?
Also different from preceding hacking events, the attack wasn’t so much technical but social in character. Fin4 failed to use malware to infect IT systems, but used sophisticated social engineering approaches.
The group could send dangerous versions of legitimate corporate records and used expert knowledge on product development, purchasing, M&A and legal issues to attain user’s e-mail passwords. They focussed their attention specifically on the account information of people with insider information on M&A deals, including leading executives, lawyers, advisers, bankers, advisers, etc..
What can you do to protect yourself?
Providers of virtual datarooms have produced information security the core of their business model. However, this attack shows that’s pays to concentrate on the weakest link in the security chain: the end-user. We recommend end-users be especially cautious when handling confidential data and files, as users are an integral part in preventing both social and technical bookmarking. We therefore urge to:
Meanwhile, the FBI and SEC are reviewing the FireEye report and will try to track down the hackers.