October 29, 2020
3 Data Room Security Capabilities Every Legal Advisor Should Mandate
BY STEVE J. TIE SHUE, SENIOR DIRECTOR - PRODUCT MARKETING
There’s been seeming inertia among some M&A legal advisors to simply accept whichever data room another advisor on a deal, or their client, selects – particularly on mid-size or smaller deals. Surprising since the law firms on a transaction often stand to lose the most in the event of a data breach or cyber-attack. Look no further than recent headlines to identify the reputational risk at stake in similar situations. Here are three bedrock security requirements all lawyers should mandate for any platform used to manage financial transactions.
1. It’s not a data room if it wasn’t built for transaction management
There’s a reason pre-VDR data rooms were kept under actual lock & key – requiring detailed access logs of those who entered. With research finding more than 25% of law firms have experienced some kind of data breach, legal advisors would do well to avoid accepting “good enough” file-sharing programs to function as quasi-deal rooms. Sure – the platform may allow you to share files “securely” but how secure is it? Was its architecture actually designed for regulatory compliance – ahem GDPR / CCPA – and transmission of highly sensitive financial and human capital information?
VDRs should be closely vetted to confirm compliance with international security standards (Is it ISO certified? Has there been SOC 2 Type 2 auditing?). Similarly, vulnerability and penetration testing cadence, backup and encryption protocols, and confirmation of the cloud computing service on which the solution runs should all be validated before signing any SOW or end-user license agreement.
"more than 25% of law firms have experienced some kind of data breach"
2. Managing authorized VDR users at the content and feature levels is a non-negotiable
Legal advisors on both the buy-side and sell-side report typically working with more than fifteen stakeholders during due diligence. That’s a lot of people accessing files and communicating about open issues and key findings. Complicating things further is the fact that not everyone should have access to the exact same files or capabilities.
Data rooms should allow administrators to customize the experience of every user – granting access ranging from a single file or folder to every document uploaded and indexed. Similarly, it should be simple to restrict core permissions like printing and downloading files as well as enhanced capabilities like data analytics and redaction.
"data rooms should allow administrators to customize the experience of every user"
3. VDR security is only as good as the support team behind it
Dealmaking exists within a truly global community – cross border deals approach a third of all transactions in some years. This means the fabled 2 AM fire drills – often becoming war stories traded by M&A lawyers during social hours – may actually occur at 2 PM for other members of the deal team across the world and require immediate human intervention.
Having 24/7 client support – not just an online form or email address that may at best get answered within a day or two – makes all the difference in staying regulatory compliant or safeguarding confidential information. Ditto for multi-lingual support for assisting on escalations of this nature.
Pro tip: Consider data rooms offering single sign-on (SSO) authentication – it significantly improves security while reducing login credential fatigue. Plus, your technology office will be happy you’ve identified a preferred vendor to help reduce the reputational risk of your law firm.
More than nine thousand financial transactions are securely managed within Datasite Diligence each year. Click here to request a demo or to speak with a local consultant to learn more about our ironclad security and 24/7/365 client services team – fluent in eighteen languages.
Ready to Get Started?
You may also like:
From the Bullpen to the Boardroom: Insights from CEOs
As many professionals can attest, investment banking is a feeder job for other highly successful and ambitious career moves. However, the transition to get there is not always so clear, especially for aspiring entrepreneurs. Our expert panel of CEO's broke down the challenges for our audience and offered several great takeaways for those who want to be CEO one day.
Expert Spotlight: Japan Deal Momentum
Japan dealmakers are seeing a strong rebound in M&A following the initial impact of COVID- 19 with the current momentum backed by an uptick in corporate divestitures, low-cost financing, and activism among others, according to industry experts speaking at a recent webinar hosted by Datasite and Mergermarket. Learn more from this expert spotlight blog.
Market Spotlight: Restructuring in the Middle East
How is M&A faring in the Middle East? Is distressed market activity on the rise, as it is in other regions? And how can deals get done quickly? One thing seems fairly certain: there’s definitely more to come in the region.
