CapLinked launches a new security attribute ‘FileProtect’ to its virtual dataroom which can revoke access to files shared with external parties, even when they have been downloaded.
The target of the new FileProtect security feature is to extend document controls (Document Rights Management or DRM) beyond the bounds of their virtual dataroom.
Within the protected environment of the virtual data room, consumer accessibility is already restricted and user rights can be delegated on particular folders or documents. These rights can include preventing the usert to open, copy, print or download a file. And if users do have such rights, they may be revoked anytime for instance when their participation in a transaction finishes.
But when users can download a document, in principle there are no limitations to what they could do with this (technically). And despite legal protection, probably in the kind of a confidentiality agreement, technical assurances are sometimes needed to restrain access even after the document was downloaded. FileProtect allows this, it’s a means to reverse access and block opening, copying, and printing of Microsoft Office and Adobe PDF files when they’ve been downloaded. This is when a pre-determined deadline passes or if the transaction ends.
The top of all for us in Dataroom Review is that FileProtect works without plugins that must be set up on the end-user computer. We have never been a fan of plugins as these are notoriously hard to install in managed IT environments (such as the ones of law firms, accountants, banks and many consultancies). By incorporating post-download DRM to documents without needing local plugins, CapLinked reaffirms its intention to innovate and offer plugin-free safety, and earns our admiration for doing so.
CapLinked’s FileProtect delivers strong protection with ease-of-use. Security doesn’t need to come at the expense of the user experience.
Versions is a brand new attribute to the Firmex VDR that allows users easy access to the most recent version of a document, while keeping older versions as well.
We’re seeing invention in the VDR industry by integrating workflow and collaboration features to the base secure document sharing system. Some virtual deal room of those additional dataroom suppliers are incorporating similar features for managing multiple versions of the identical record, and Firmex definitely attempts to stay ahead of the curve concerning usability and features.
“We’re very excited about this new feature,” explained Firmex CEO Joel Lessem. “It will bring a new level of organization and ease into the deal making process, and assist our customers succeed.”
V-Rooms private label
By offering a ‘private label’ or ‘white label’ version of their virtual dataroom, V-Rooms opens up its platform for investment banks, investors and other specialists to offer you a secure file sharing platform in their own, branded fashion, title and emblem. V-Rooms asserts this will even make the platform more appealing as an investor platform, for example for for private pensions, or for clinical trials from the pharmaceutical and medical industries.
V-Rooms is a US-based digital data room provider with aggressive pricing. V-Rooms Virtual Deal Marketplace (VDM) integrated with WuFoo forms, and the firm plans to add more integrations to automate workflow and processes.
In December 2014, a significant incident involving theft of M&A data found an increased concern for information safety in M&A. Dataroom suppliers and users must increase their awareness about data security.
On the 1st of December 2014, security firm FireEye reported that a highly complex set of hackers called ‘Fin4’ has been stealing confidential M&A information from almost 100 publicly traded firms or their advisory companies.
See the full video report from Bloomberg below (full credits to Bloomberg’s article “Hackers With Wall Street Savvy Stealing M&A Data”).
The information comes as a shock to the business. While information leaks and insider trading have existed for a very long lime, the elements of this attack are yet hidden. Read the specifics below.
Confidential data was stolen, specifically non-public info regarding merger and acquisition (M&A) deals and major market-moving announcements of publicly traded businesses.
No details were released regarding the companies which were targeted. In the past however, attacks frequently targeted the healthcare and pharmaceutical companies in which stock prices can make substantial swings on news of mergers, clinical-trial results and regulatory decisions.
Why would hackers wish to get confidential M&A info?
Presumably the information was stolen with the intention of Forex, gaining an unfair advantage in the stock exchange by using non-public info.
This insider trading might have been accomplished by the hacker group right trading in the stocks that were affected, or perhaps by selling the data to other people. It’s unknown if professional investors or hedge funds might be involved.
However other reasons are also possible, since this type of information could be beneficial in a variety of scenarios. A possibility is that the opposing sides of merger discussions would want to gain insight in the other side’s strategy. Or a bidder in an M&A auction needing knowledge about competing bids. There is not any way to tell at this stage.
Who’s behind these attacks?
The unknown set of Moses dubbed ‘Fin4’ by researchers at FireEye aren’t your average assailants. In earlier times hacker attacks often originated in Asia or Eastern Europe, but maybe not this time.
The hackers are native-English talking, likely US-based or Western European. The team has a very clear background in the financial sector, likely from having worked (or still working??) on Wall Street. They reveal extensive industry knowledge and understand the nuances of financial sector regulatory and compliance criteria. Simply speaking, this is an assault by financial sector insiders.
Fin4 is believed to have begun over a year ago, at least since mid-2013. So they would have had lots of time to gain from their illegal activities.
How can they slip the data?
Also different from previous hacking occasions, the assault wasn’t so much technical but social in nature. Fin4 failed to use malware to infect IT systems, but used sophisticated social engineering tactics.
The team could send dangerous versions of legitimate corporate documents and used expert knowledge on product development, purchasing, M&A and legal issues to attain user’s e-mail passwords. They focussed their attention specifically on the accounts information of people with insider knowledge about M&A deals, including top executives, attorneys, advisers, bankers, advisers, etc..
What do you do to protect yourself?
Providers of virtual datarooms have made information security the center of their business model. However, this attack indicates that is pays to focus on the weakest link in the security chain: the end-user. We advocate end-users be particularly mindful when handling confidential information and documents, as users are a key role in preventing both technical and social hacking. We therefore recommend to:
Meanwhile, the FBI and SEC are reviewing the FireEye report also will try to track down the hackers.