CapLinked launches a brand new security feature ‘FileProtect’ to its virtual dataroom which can revoke access to files shared with external parties, even after they’ve been downloaded.
The goal of the new FileProtect security attribute is to expand document controls (Document Rights Management or DRM) beyond the bounds of their digital dataroom.
Within the secure environment of this virtual data room, consumer access is already restricted and consumer rights can be delegated on particular folders or documents. These rights can consist of preventing the usert to start, copy, download or print a document. And if users do have such rights, they can be revoked anytime for instance when their involvement in a transaction ends.
But if users may download a record, in principle there are no limits to what they can do with this (technically). And despite legal protection, probably in the kind of a confidentiality agreement, technical assurances are sometimes needed to restrain access even after the record was downloaded. FileProtect allows this, it’s a means to reverse access and block opening, copying, and printing of Microsoft Office and Adobe PDF files even when they’ve been downloaded. This can be when a deadline passes or if the transaction ends.
The top of all for us in Dataroom Review is that FileProtect functions without plugins which have to be set up on the end-user computer. We have never been a fan of plugins as these are notoriously difficult to set up in controlled IT environments (such as the ones of law firms, accountants, banks and many consultancies). By incorporating post-download DRM to documents without requiring neighborhood plugins, CapLinked reaffirms its intention to innovate and offer plugin-free security, and earns our admiration for doing virtual dataroom so.
CapLinked’s FileProtect delivers powerful protection with ease-of-use. Security does not have to come at the expense of the user experience.
Versions is a new attribute to the Firmex VDR that enables users easy access to the most recent version of a document, while retaining older versions too.
We are seeing invention in the VDR sector by integrating workflow and collaboration features into the base protected document sharing platform. A number of the other dataroom providers are adding similar features for handling multiple versions of the same record, and Firmex certainly attempts to stay ahead of the curve concerning features and usability.
“We are very excited about this new attribute,” explained Firmex CEO Joel Lessem. “It will bring a new level of organization and ease into the deal making process, and help our customers succeed.”
V-Rooms private label
By offering a ‘private label’ or ‘white label’ version of the digital dataroom, V-Rooms opens up its stage for investment banks, investors and other professionals to offer a safe file sharing platform in their very own, branded fashion, title and emblem. V-Rooms asserts this will even make the system more appealing as an investor platform, for instance for for private pensions, or for clinical trials in the medical and pharmaceutical industries.
V-Rooms is a US-based digital data room provider with aggressive pricing. V-Rooms Virtual Deal Marketplace (VDM) integrated with WuFoo forms, and the firm plans to add additional integrations to automate processes and workflow.
Back in December 2014, a major incident involving theft of M&A information saw an increased concern for data security in M&A. Dataroom providers and especially users should improve their awareness about data security.
On the 1st of December 2014, safety firm FireEye reported that a highly complex set of hackers dubbed ‘Fin4′ was stealing confidential M&A information from almost 100 publicly traded companies or their advisory companies.
Watch the full video report from Bloomberg under (full credits to Bloomberg’s article “Hackers With Wall Street Savvy Stealing M&A Data”).
The news comes as a jolt to the industry. While information leaks and insider trading have been around for a very long lime, the components of the attack are yet hidden. Read the particulars below.
Confidential data was stolen, specifically non-public information regarding acquisition and merger (M&A) deals and major market-moving statements of publicly traded companies.
No details were released about the companies which were targeted. Before however, attacks frequently targeted the healthcare and pharmaceutical industries where stock prices may make significant swings on information of mergers, clinical-trial results and regulatory decisions.
Why would hackers to want to get confidential M&A data?
Presumably the data was stolen for the purpose of insider trading, gaining an unfair advantage in the stock exchange by using non-public information.
This insider trading might have been accomplished by the consumer group directly trading at the stocks that were affected, or maybe by selling the data to others. It is unknown if professional traders or hedge funds may be involved.
However other reasons are also possible, as this kind of information could be valuable in various situations. A possibility is that the opposing sides of merger discussions would want to acquire insight into the other hand strategy. Or similar, a bidder in an M&A auction wanting knowledge about competing bids. There is no way to tell at this stage.
Who’s behind these attacks?
The unknown set of Moses dubbed ‘Fin4′ by investigators in FireEye are not your average assailants. In the past, hacker attacks often originated in Asia or Eastern Europe, but not this time.
The hackers are native-English talking, likely US-based or possibly Western European. The team has a very clear background in the financial industry, likely by having worked (or working??) on Wall Street. They reveal extensive industry knowledge and know the nuances of financial sector regulatory and compliance criteria. Simply speaking, this is an attack by financial industry insiders.
Fin4 is thought to have begun over a year ago, at least since mid-2013. So they’d have had plenty of time to gain from their illegal activities.
How did they slip the data?
Also different from preceding hacking events, the attack was not so much technical but social in character. Fin4 failed to use malware to infect IT systems, but employed sophisticated social engineering tactics.
The group could send dangerous versions of valid corporate documents and employed expert knowledge on product development, buying, M&A and legal problems to obtain user’s e-mail passwords. They focussed their focus specifically on the accounts information of individuals with insider knowledge about M&A deals, including leading executives, lawyers, consultants, bankers, advisers, etc..
What can you do to protect yourself?
Providers of virtual datarooms have produced data security the center of their business model. But this attack indicates that’s pays to concentrate on the weakest link in the security chain: the end-user. We recommend end-users be especially mindful when handling confidential data and documents, as users are a key role in preventing both social and technical hacking. We therefore urge to:
Meanwhile, the FBI and SEC are reviewing the FireEye report also will attempt to track down the hackers.