October 29, 2020

3 Data Room Security Capabilities Every Legal Advisor Should Mandate

BY STEVE J. TIE SHUE, SENIOR DIRECTOR - PRODUCT MARKETING

There’s been seeming inertia among some M&A legal advisors to simply accept whichever data room another advisor on a deal, or their client, selects – particularly on mid-size or smaller deals. Surprising since the law firms on a transaction often stand to lose the most in the event of a data breach or cyber-attack. Look no further than recent headlines to identify the reputational risk at stake in similar situations. Here are three bedrock security requirements all lawyers should mandate for any platform used to manage financial transactions.

1.     It’s not a data room if it wasn’t built for transaction management

There’s a reason pre-VDR data rooms were kept under actual lock & key – requiring detailed access logs of those who entered. With research finding more than 25% of law firms have experienced some kind of data breach, legal advisors would do well to avoid accepting “good enough” file-sharing programs to function as quasi-deal rooms. Sure – the platform may allow you to share files “securely” but how secure is it? Was its architecture actually designed for regulatory compliance – ahem GDPR / CCPA – and transmission of highly sensitive financial and human capital information?

VDRs should be closely vetted to confirm compliance with international security standards (Is it ISO certified? Has there been SOC 2 Type 2 auditing?). Similarly, vulnerability and penetration testing cadence, backup and encryption protocols, and confirmation of the cloud computing service on which the solution runs should all be validated before signing any SOW or end-user license agreement.

"more than 25% of law firms have experienced some kind of data breach"

2.     Managing authorized VDR users at the content and feature levels is a non-negotiable  

Legal advisors on both the buy-side and sell-side report typically working with more than fifteen stakeholders during due diligence. That’s a lot of people accessing files and communicating about open issues and key findings. Complicating things further is the fact that not everyone should have access to the exact same files or capabilities.

Data rooms should allow administrators to customize the experience of every user – granting access ranging from a single file or folder to every document uploaded and indexed. Similarly, it should be simple to restrict core permissions like printing and downloading files as well as enhanced capabilities like data analytics and redaction.

"data rooms should allow administrators to customize the experience of every user"

3.     VDR security is only as good as the support team behind it

Dealmaking exists within a truly global community – cross border deals approach a third of all transactions in some years. This means the fabled 2 AM fire drills – often becoming war stories traded by M&A lawyers during social hours – may actually occur at 2 PM for other members of the deal team across the world and require immediate human intervention.

Having 24/7 client support – not just an online form or email address that may at best get answered within a day or two – makes all the difference in staying regulatory compliant or safeguarding confidential information. Ditto for multi-lingual support for assisting on escalations of this nature.

Pro tip: Consider data rooms offering single sign-on (SSO) authentication – it significantly improves security while reducing login credential fatigue. Plus, your technology office will be happy you’ve identified a preferred vendor to help reduce the reputational risk of your law firm.

More than nine thousand financial transactions are securely managed within Datasite Diligence each year. Click here to request a demo or to speak with a local consultant to learn more about our ironclad security and 24/7/365 client services team – fluent in eighteen languages.

Driving Client Experience

Best practices for optimizing legal advisor-client engagement to win more mandates

Download infographic

Datasite for Law Firms

Speed up due diligence. Reduce costs. Share information securely.

Learn more

Ready to Get Started?

Contact Us

You may also like:

Market Spotlight: Rising Cybersecurity Demand in Our New, Risky Reality

In Europe, cyberattacks are on the rise, exacerbated by rising digitalization. How is this impacting M&A dealmaking in this sector? And will M&A in this space continue to grow in importance?

Expert Spotlight: Will the Strong Momentum in European M&A last in 2022?

The M&A world was going full steam ahead in 2021. But the big question now is whether the frenzy can continue in Europe? If so, for how long? And what will help drive activity there?

City Skyline
Regrouping But Not Retreating - Corporate M&A in Q2 of 2022

Is the American M&A market just catching its breath after the frantic activity of 2021? Or is this the start of a more profound slowdown? For Datasite’s Q2 Corporate Update, a panel of corporate M&A leaders discussed what we can expect from the rest of the year.

M & A Professional waiting on a Data Room

© 2022 Datasite All rights reserved

Datasite provides secure software solutions for managing the full spectrum of financial transactions — including M&A, restructuring & administration, and capital raising. Our intuitive platform offers ironclad security enabling file sharing and collaboration within and across organizations. More than a virtual data room (VDR), Datasite supports advisors and their clients across the entire deal lifecycle with secure collaborative software that shortens timelines for buy-side and sell-side teams from deal sourcing and deal preparation to post-merger integration (PMI) while meeting regulatory compliance — including GDPR and CCPA requirements. As the premiere virtual data room for M&A due diligence globally, Datasite is consistently recognized for breakthrough technologies like our AI/ML-enabled capabilities and automated redaction tools. Beyond due diligence, Datasite provides transaction and document management solutions for investment banks, corporate development, private equity, and law firms across industries.