BY STEVE J. TIE SHUE, SENIOR DIRECTOR - PRODUCT MARKETING
There’s been seeming inertia among some M&A legal advisors to simply accept whichever data room another advisor on a deal, or their client, selects – particularly on mid-size or smaller deals. Surprising since the law firms on a transaction often stand to lose the most in the event of a data breach or cyber-attack. Look no further than recent headlines to identify the reputational risk at stake in similar situations. Here are three bedrock security requirements all lawyers should mandate for any platform used to manage financial transactions.
There’s a reason pre-VDR data rooms were kept under actual lock & key – requiring detailed access logs of those who entered. With research finding more than 25% of law firms have experienced some kind of data breach, legal advisors would do well to avoid accepting “good enough” file-sharing programs to function as quasi-deal rooms. Sure – the platform may allow you to share files “securely” but how secure is it? Was its architecture actually designed for regulatory compliance – ahem GDPR / CCPA – and transmission of highly sensitive financial and human capital information?
VDRs should be closely vetted to confirm compliance with international security standards (Is it ISO certified? Has there been SOC 2 Type 2 auditing?). Similarly, vulnerability and penetration testing cadence, backup and encryption protocols, and confirmation of the cloud computing service on which the solution runs should all be validated before signing any SOW or end-user license agreement.
Legal advisors on both the buy-side and sell-side report typically working with more than fifteen stakeholders during due diligence. That’s a lot of people accessing files and communicating about open issues and key findings. Complicating things further is the fact that not everyone should have access to the exact same files or capabilities.
Data rooms should allow administrators to customize the experience of every user – granting access ranging from a single file or folder to every document uploaded and indexed. Similarly, it should be simple to restrict core permissions like printing and downloading files as well as enhanced capabilities like data analytics and redaction.
Dealmaking exists within a truly global community – cross border deals approach a third of all transactions in some years. This means the fabled 2 AM fire drills – often becoming war stories traded by M&A lawyers during social hours – may actually occur at 2 PM for other members of the deal team across the world and require immediate human intervention.
Having 24/7 client support – not just an online form or email address that may at best get answered within a day or two – makes all the difference in staying regulatory compliant or safeguarding confidential information. Ditto for multi-lingual support for assisting on escalations of this nature.
Pro tip: Consider data rooms offering single sign-on (SSO) authentication – it significantly improves security while reducing login credential fatigue. Plus, your technology office will be happy you’ve identified a preferred vendor to help reduce the reputational risk of your law firm.
More than nine thousand financial transactions are securely managed within Datasite Diligence each year. Click here to request a demo or to speak with a local consultant to learn more about our ironclad security and 24/7/365 client services team – fluent in eighteen languages.