CapLinked FileProtect

CapLinked FileProtect

CapLinked launches a new security feature ‘FileProtect’ to its digital dataroom which could revoke access to files shared with outside parties, even when they have been downloaded.

The goal of the new FileProtect security attribute is to expand document controls (Document Rights Management or DRM) past the bounds of the digital dataroom.

Within the secure environment of this digital data room, consumer accessibility is already limited and user rights can be assigned on particular documents or folders. These rights may include preventing the usert to start, copy, print or download a file. And when users do have these rights, they can be revoked anytime for example when their participation in a transaction finishes.

However if users may download a record, in principle there are no limitations to what they can do with it (technically). And despite legal security, probably in the kind of a confidentiality agreement, technical assurances are sometimes desired to restrain access even after the document has been downloaded. FileProtect allows just this, it’s a means toreverse block and access opening, copying, and printing of Microsoft Office and Adobe PDF files even after they’ve been downloaded. This can be if the transaction ends or when a pre-determined deadline goes.

The best of all for us in Dataroom Review is that FileProtect works without plugins that have to be installed on the end-user computer. We have never been a fan of plugins as these are notoriously difficult to install in managed IT environments (such as those of law firms, accountants, banks and many consultancies). By adding post-download DRM to documents without needing local plugins, CapLinked reaffirms its intent to innovate and supply plugin-free security, and earns our appreciation for doing so.

CapLinked’s FileProtect delivers strong protection with ease-of-use. Security doesn’t need to come at the expense of the user experience.

Firmex Models

Versions is a brand new feature to the Firmex VDR which enables users easy access to the latest version of a record, while keeping older versions as well.

We’re seeing invention in the VDR industry by incorporating workflow and collaboration features to the base protected document sharing platform. Some of the additional dataroom suppliers are adding similar features for managing multiple versions of the same record, and Firmex definitely attempts to stay ahead of the curve in terms of usability and features.

«We’re very excited about this new feature,» explained Firmex CEO Joel Lessem. «It’ll bring a new level of organization and ease into the deal making process, and help our customers succeed.»

V-Rooms private label

By offering a ‘private label’ or ‘white label’ version of their virtual dataroom, V-Rooms opens its platform for investment banks, investors and other specialists to offer you a safe file sharing platform in their very own, branded fashion, name and logo. V-Rooms claims this will also make the system more appealing as an investor platform, for example for for private placements, or for clinical trials in the medical and pharmaceutical industries.

V-Rooms is a US-based virtual data room provider with competitive pricing. V-Rooms Virtual Deal Marketplace (VDM) incorporated with WuFoo forms, along with the firm plans to add more integrations to automate processes and workflow.

Back in December 2014, a major incident involving theft of M&A data saw a heightened concern for data safety in M&A. Dataroom providers and users must improve their awareness about information protection.

About the 1st of December 2014, safety company FireEye reported that a highly complex group of hackers dubbed ‘Fin4′ has been stealing confidential M&A data from almost 100 publicly traded companies or their advisory firms.

Watch the Entire video report from Bloomberg under (full credits to Bloomberg’s post «Hackers With Wall Street Savvy Stealing M&A Data»).

The news comes as a shock to the business. While information leaks and insider trading have existed for a very long lime, the components of the attack are yet hidden. Read the specifics below.

What occurred?

Confidential data was stolen, especially non-public information regarding merger and acquisition (M&A) deals and important market-moving statements of publicly traded companies.

No details were released regarding the firms that were targeted. In the past however, attacks often targeted the pharmaceutical and healthcare companies in which stock prices may make substantial swings on information of mergers, clinical-trial outcomes and regulatory decisions.

Why would hackers want to access confidential M&A data?

Presumably the data was stolen with the intention of Forex, gaining an unfair advantage in the stock market by using non-public information.

This insider trading could have been done by the consumer group right trading at the affected stocks, or perhaps by selling the data to others. It’s unknown if specialist traders or hedge funds might be involved.

However other reasons are also possible, as this type of information can be valuable in various scenarios. An opportunity is that the opposing sides of merger discussions would want to acquire insight in the other side’s strategy. Or a bidder in an M&A auction wanting knowledge about competing bids. There’s not any way to tell at this stage.

Who’s behind these attacks?

The unknown group of attackers dubbed ‘Fin4′ by investigators in FireEye aren’t your average assailants. In earlier times hacker attacks often originated in Asia or Eastern Europe, but maybe not this time.

The hackers ‘ are native-English speaking, likely US-based or Western European. The team has a very clear background in the financial sector, likely by having worked (or still working??) on Wall Street. They show extensive industry knowledge and know the nuances of financial sector regulatory and compliance criteria. In short, this is an assault by financial industry insiders.

Fin4 is believed to have started over a year ago, at least since mid-2013. So they would have had plenty of time to gain from their illegal activities.

How can they slip the information?

Also different from preceding hacking occasions, the attack wasn’t so much technical but social in character. Fin4 did not use malware to infect IT systems, but used sophisticated social engineering tactics.

The team could send dangerous variations of valid company records and used expert knowledge on product development, purchasing, M&A and legal problems to obtain user’s email passwords. They focussed their focus specifically on the accounts information of individuals with insider knowledge about M&A deals, such as top executives, attorneys, advisers, bankers, advisers, etc..

What do you do to protect yourself?

Providers of virtual datarooms have produced data security the core of their business model. But this attack shows that’s pays to concentrate on the weakest link in the security chain: the end-user. We advocate end-users be particularly mindful when handling confidential data and documents, as we’re a key part in preventing both social and technical hacking. We therefore urge to:

  • Use strong passwords
  • use 2-factor authentication when available
  • beware of ‘phishing’ e-mails
  • never send confidential files to (anonymous) email addresses
  • use a protected virtual data space to disperse confidential information
  • Meanwhile, the FBI and SEC are reviewing the FireEye report also will try to track down the hackers.