CapLinked FileProtect

CapLinked FileProtect

CapLinked launches a brand new security feature ‚FileProtect’ to its digital dataroom which could revoke access to files shared with outside parties, even after they have been downloaded.

The goal of the new FileProtect security attribute is to extend document controls (Document Rights Management or DRM) beyond the boundaries of the virtual dataroom.

Within the protected environment of the virtual data room, user accessibility is already restricted and consumer rights can be delegated on specific folders or documents. These rights may include preventing the usert to start, copy, download or print a document. And when users do have such rights, they may be revoked at any time for example when their involvement in a transaction ends.

But if users can download a document, in principle there are no limits to what they could do with this (technically). And despite legal protection, likely in the form of a confidentiality agreement, technical assurances are sometimes needed to control access even after the record was downloaded. FileProtect allows this, it is a means to revoke block and access opening, copying, and printing of Microsoft Office and Adobe PDF files when they have been downloaded. This can be if the transaction ends or when a deadline passes.

The best of all for us in Dataroom Review is that FileProtect works without plugins that have to be installed on the end-user computer. We have never been a lover of plugins since these are notoriously difficult to set up in managed IT environments (such as the ones of law firms, accountants, banks and many consultancies). By incorporating post-download DRM to files without needing neighborhood plugins, CapLinked reaffirms its intention to innovate and offer plugin-free security, and earns our admiration for doing so.

CapLinked’s FileProtect delivers strong protection with ease-of-use. Security doesn’t need to come at the expense of the user experience.

Firmex Versions

Versions is a new attribute to the Firmex VDR that enables users easy access to the latest version of a record, while keeping older versions as well.

We are seeing innovation in the VDR industry by integrating workflow and collaboration features into the base protected document sharing system. A number of those additional dataroom providers have been adding similar features for managing multiple versions of the same record, and Firmex definitely attempts to stay ahead of the curve concerning features and usability.

„We are very excited about this new attribute,” explained Firmex CEO Joel Lessem. „It’ll bring a new level of ease and organization into the deal making process, and help our customers succeed.”

V-Rooms private label

By providing a ‚private label’ or ‚white label’ version of their digital dataroom, V-Rooms opens its stage for investment banks, investors and other professionals to offer a safe file sharing platform within their very own, branded fashion, title and logo. V-Rooms claims that this will even make the system more appealing as an investor stage, for instance for for private placements, or for clinical trials from the medical and pharmaceutical businesses.

V-Rooms is a US-based virtual data room supplier with aggressive pricing. V-Rooms Virtual Deal Marketplace (VDM) integrated with WuFoo forms, along with the firm plans to add additional integrations to automate workflow and processes.

In December 2014, a major episode involving theft of M&A data saw an increased concern for information safety in M&A. Dataroom suppliers and users should improve their awareness about data security.

About the 1st of December 2014, safety company FireEye reported that a highly sophisticated group of hackers dubbed ‚Fin4′ was stealing confidential M&A information from nearly 100 publicly traded firms or their advisory firms.

See the full video report from Bloomberg under (full credits to Bloomberg’s article „Hackers With Wall Street Savvy Stealing M&A Data”).

The news comes as a shock to the business. While advice leaks and insider trading have been around for a very long lime, the components of this attack are as yet unseen. Read the specifics below.

What happened?

Confidential information was stolen, especially non-public information regarding merger and acquisition (M&A) deals and major market-moving announcements of publicly traded companies.

No details were released about the companies which were targeted. Before however, attacks often targeted the healthcare and pharmaceutical companies in which stock prices may make significant swings on news of mergers, clinical-trial results and regulatory decisions.

Why would hackers want to get confidential M&A info?

Presumably the data was stolen for the purpose of Forex, gaining an unfair advantage in the stock market by using non-public info.

This insider trading might have been done by the consumer group right trading in the stocks that were affected, or maybe by selling the information to other people. It’s unknown if specialist investors or hedge virtual data room reviews funds may be involved.

Yet other motives are also possible, as this type of information can be valuable in a variety of scenarios. An opportunity is that the opposing sides of merger discussions would want to acquire insight into the other hand strategy. Or a bidder in an M&A auction wanting knowledge about competing bids. There is not any way to tell at this stage.

Who’s behind these attacks?

The unknown set of Moses dubbed ‚Fin4′ by researchers in FireEye are not your average assailants. In the past, hacker attacks often originated in Asia or Eastern Europe, but not this time.

The hackers ‚ are native-English speaking, probably US-based or Western European. The team has a very clear background in the financial industry, likely from having worked (or working??) on Wall Street. They reveal extensive industry knowledge and understand the nuances of financial sector regulatory and compliance criteria. Simply speaking, this is an assault by financial sector insiders.

Fin4 is thought to have started over a year ago, at least since mid-2013. So they’d have had plenty of time to benefit from their illegal actions.

How did they slip the data?

Also different from preceding hacking occasions, the attack was not so much technical but social in character. Fin4 did not use malware to infect IT systems, but employed sophisticated social engineering tactics.

The group could send dangerous versions of valid company documents and used expert knowledge on product development, purchasing, M&A and legal issues to attain user’s e-mail passwords. They focussed their attention specifically on the account details of individuals with insider information on M&A deals, including top executives, lawyers, advisers, bankers, advisors, etc..

What can you do to protect yourself?

Providers of virtual datarooms have made data security the center of their business model. But this attack indicates that is pays to focus on the weakest link in the security chain: the end-user. We advocate end-users be especially cautious when handling confidential information and documents, as users are an integral role in preventing both technical and social bookmarking. We therefore recommend to:

  • Use strong passwords
  • utilize 2-factor authentication when accessible
  • beware of ‚phishing’ e-mails
  • never send confidential files to (anonymous) email addresses
  • utilize a protected virtual data room to disperse confidential data
  • Meanwhile, the FBI and SEC are reviewing the FireEye report and will try to track down the hackers.