CapLinked FileProtect

CapLinked launches a brand new security attribute ‘FileProtect’ to its digital dataroom which could revoke access to documents shared with external parties, even after they’ve been downloaded.

The target of the new FileProtect security feature is to expand document controls (Document Rights Management or DRM) beyond the boundaries of the digital dataroom.

Within the protected environment of the digital data room, consumer access is already restricted and user rights can be delegated on specific folders or documents. These rights may include preventing the usert to start, copy, download or print a file. And if users do have such rights, they can be revoked at any time for example when their involvement in a transaction finishes.

But when users may download a document, in principle there are no limits to what they can do with this (technically). And despite legal security, likely in the form of a confidentiality agreement, technical assurances are sometimes needed to restrain access data room even after the record was downloaded. FileProtect allows this, it’s a way to revoke access and block opening, copying, and printing of Microsoft Office and Adobe PDF files even after they’ve been downloaded. This is when a pre-determined deadline passes or if the transaction ends.

The top of all for us in Dataroom Review is that FileProtect functions with plugins which have to be installed on the end-user computer. We’ve never been a lover of plugins as these are notoriously hard to install in controlled IT environments (such as those of law firms, accountants, banks and many consultancies). By adding post-download DRM to files without requiring neighborhood plugins, CapLinked reaffirms its intent to innovate and supply plugin-free safety, and earns our admiration for doing this.

CapLinked’s FileProtect delivers strong protection with ease-of-use. Security doesn’t need to come at the expense of the consumer experience.

Firmex Models

Versions is a brand new attribute to the Firmex VDR which allows users easy access to the latest version of a document, while keeping older versions as well.

We’re seeing innovation in the VDR industry by integrating workflow and collaboration features into the base secure document sharing platform. A number of those other dataroom providers have been incorporating similar features for managing multiple versions of the same document, and Firmex certainly tries to stay ahead of the curve concerning features and usability.

“We’re very enthusiastic about this new attribute,” explained Firmex CEO Joel Lessem. “It’ll bring a new level of organization and ease into the deal making process, and help our clients succeed.”

V-Rooms private label

By offering a ‘private label’ or ‘white label’ version of the virtual dataroom, V-Rooms opens up its stage for investment banks, investors and other professionals to offer you a secure file sharing platform within their own, branded style, name and emblem. V-Rooms asserts this will also make the platform more appealing as an investor platform, for example for for private placements, or for clinical trials in the medical and pharmaceutical businesses.

V-Rooms is a US-based virtual data room provider with aggressive pricing. V-Rooms Virtual Deal Marketplace (VDM) incorporated with WuFoo forms, and the firm plans to add more integrations to automate processes and workflow.

In December 2014, a significant episode involving theft of M&A data saw a heightened concern for information safety in M&A. Dataroom suppliers and users must improve their awareness about information protection.

On the 1st of December 2014, security company FireEye reported that a highly complex group of hackers called ‘Fin4′ has been stealing confidential M&A data from almost 100 publicly traded companies or their advisory companies.

See the Entire video report from Bloomberg below (complete credits to Bloomberg’s article “Hackers With Wall Street Savvy Stealing M&A Data”).

The information comes as a jolt to the business. While information leaks and insider trading have existed for a long lime, the elements of the attack are yet hidden. Read the particulars below.

What happened?

Confidential information was stolen, especially non-public info regarding acquisition and merger (M&A) deals and major market-moving announcements of publicly traded businesses.

No details were released regarding the companies that were targeted. Before however, attacks frequently targeted the healthcare and pharmaceutical industries where stock prices can make substantial swings on news of mergers, clinical-trial results and regulatory decisions.

Why would hackers wish to access confidential M&A info?

Presumably the information was stolen for the purpose of insider trading, gaining an unfair advantage in the stock market by using non-public information.

This insider trading might have been accomplished by the hacker group directly trading at the stocks that were affected, or perhaps by selling the information to other people. It is unknown if specialist traders or hedge funds may be involved.

Yet other motives are also possible, as this kind of information could be beneficial in various situations. An opportunity is that the opposing sides of merger discussions would want to gain insight into the other side’s strategy. Or similar, a lien within an M&A auction needing knowledge about competing bids. There is no way to tell at this stage.

Who’s behind these attacks?

The unknown group of attackers dubbed ‘Fin4′ by researchers at FireEye aren’t your typical assailants. In earlier times hacker attacks often originated in Asia or Eastern Europe, but not this time.

The hackers ‘ are native-English talking, likely US-based or Western European. The team has a very clear background in the financial sector, probably from having worked (or working??) on Wall Street. They show extensive industry knowledge and know the nuances of financial sector regulatory and compliance standards. Simply speaking, this is an assault by financial sector insiders.

Fin4 is thought to have started over a year ago, at least since mid-2013. So they’d have had plenty of time to gain from their illegal activities.

How can they steal the data?

Also different from preceding hacking events, the assault wasn’t so much technical but social in character. Fin4 did not use malware to infect IT systems, but employed sophisticated social engineering tactics.

The group could send dangerous variations of legitimate corporate documents and used expert knowledge on product development, purchasing, M&A and legal problems to obtain user’s e-mail passwords. They focussed their focus specifically on the account information of individuals with insider information about M&A deals, including leading executives, lawyers, consultants, bankers, advisors, etc..

What do you do to protect yourself?

Providers of virtual datarooms have produced data security the core of their business model. But this attack shows that’s pays to concentrate on the weakest link in the security chain: the end-user. We advocate end-users be especially mindful when handling confidential data and documents, as users are an integral part in preventing both technical and social hacking. We therefore recommend to:

  • Use strong passwords
  • utilize 2-factor authentication when available
  • beware of ‘phishing’ e-mails
  • never send confidential documents to (anonymous) email addresses
  • utilize a secure virtual data room to disperse confidential data
  • Meanwhile, the FBI and SEC are reviewing the FireEye report and will try to track down the hackers.