1. Stay away from e-mail
Don’t send important documents over e-mail, even if it seems convenient. E-mail can easily be hacked, plus documents can stay in the recipient’s inbox indefinitely, making them available at any time for theft. If you must use e-mail, send the recipient a link to the document in an archive that you control rather than attaching it, and use a password sent through a different line of communication. This way you can cut off access at any point.
Also avoid freemium file sharing services, like Dropbox, GoogleDrive, and Box because their security settings are “flat,” or the same across all users. Most have desktop integration options, meaning anyone can access a shared folder on a computer if it is lost or stolen. Instead, use a file sending service designed for businesses. They typically provide customizable document security options (i.e., you can expire or watermark a document) and user options (i.e., you can give different users different access levels).
“The volume of information that we’re required to deal with on a daily basis has increased so much that it’s made technology essential in our world…My team uses virtual data rooms for sharing information with clients.”
-Kelly Inglese, Director of Litigation Support Services, Fasken Martineau
2. Focus on IT infrastructure
Document security begins with making the right infrastructure choices, and the first thing every organization should do is set up a virtual data room subscription. According to Kelly Inglese, Director of Litigation Support Services at Fasken Martineau, “The volume of information that we’re required to deal with on a daily basis has increased so much that it’s made technology essential in our world.” While she says is an industry that can be resistant to technological change, it actually makes their jobs easier and their work more effective. “My team uses virtual data rooms for sharing information with clients,” she says.
Far too many companies still exchange documents via email or free file sharing services. The consumer-grade security on those services exposes them to numerous hack risks. Even more importantly, they lack the high level document control features offered by virtual data rooms. A good virtual data room lets administrators control which participants in a deal can see which specific documents, and for how long, and tracks all activity so administrators can know exactly what everyone is doing. Nothing goes unaccounted for, and there’s no room for user slip-ups.
Many companies choose to use a permanent virtual data room subscription to handle all of their secure document sharing needs, whether internally or when dealing with clients. A virtual data room service can function as the backbone of a firm’s information management infrastructure. This has the extra benefit of letting firms set up a data room for a deal as soon as they’re approached by a client, cutting any unnecessary red tape and letting them get straight to business.
3. Start early, and ask tech support for help
Document management is a process, and it’s crucial to develop good habits sooner than later. If you wait until a deal opens to start organizing and securing documents then you’re opening yourself up to more risks.
For M&A firms, this usually means making sure clients are ready for sale before there’s even a buyer in the picture. It’s important to help companies gather and organize all of their financial records, their HR information, etc., in advance so the eventual due diligence process goes smoothly. A crucial part of this is making sure documents contain the right information and nothing more.
Then, when uploading documents to your virtual data room, make sure to organize them in a way that’s intuitive for the buyer but also eliminates the risk of the wrong parties finding sensitive information. Remember that there can be numerous players in a deal and each one might require access to specific pieces of information but not others. Work together with your data room provider’s customer service representatives to set up all the proper folders, document management strategies, and security settings. Too many users enter their data room and treat it like another version of Dropbox – there’s much more you can do, and customer service will show you options you might not have known existed.
4. Use data organization and labeling tools
Putting your documents in the right places is just the first step. But once there, it’s important to use various organization and labelling tools to keep the team up to speed on where the due diligence process stands and what actions are needed moving forward.
A good virtual data room provider will offer customizable statuses for documents, like “DRAFT,” “IN PROGRESS,” “IN REVIEW,” and “FINAL.” This reduces the need for external – and less secure – communication between team members, placing all relevant information about the document review process inside the data room. The virtual data room should also let you create custom document descriptions to convey contents and relevant notes to readers.
An advanced data room can also manage different versions of the same document – say, when two parties are developing a contract, and there is a continuous stream of edited and updated versions. Your VDR should be able to organize these and point users to the “document of truth.”
According to Jason Mervyn, Director of Technology Business Solutions at Growlings, Lafleur, and Henderson, “Without a data room, usually folks resort back to sending emails with large amounts of information that often don’t get delivered, become very difficult to manage, and version control becomes non-existent.”
All of these features dramatically reduce the possibility of error or leaked information during the review process.
“Without a data room, usually folks resort back to sending emails with large amounts of information that often don’t get delivered, become very difficult to manage, and version control becomes non-existent.”
-Jason Mervyn, Director of Technology Business Solutions, Growlings, Lafleur, and Henderson
5. Redact information correctly and scrub metadata from documents
Electronic documents hold more information than meets the eye. Each common format collects metadata in its own way, keeping a record of things like who created it and when, who has opened it, who has altered it, and information it contained in previous versions. While these elements might seem hidden, they can be accessed as easily as right clicking a document and selecting “properties” or “get info.” Needless to say, stored metadata can pose a severe risk if not managed properly as it can provide an easy path to confidential information that has been ostensibly deleted or altered.
Specific methods for scrubbing metadata vary according to the file format. In PDFs, it’s as simple as selecting Tools > Protection > Remove Hidden Information. In Word documents, go to File > Info > Check for Issues > Inspect document, and then select which data to keep and remove. These are just two example, but whatever file format you use, it’s crucial to understand how it stores metadata and how to edit and remove it.
Also key is redacting sensitive information within documents. For example, a buyer might want to remove all mentions of a target company, or a seller might want to remove any specific names or personal information associated with their company. There are numerous places for leaks and it’s critical to pay systematic attention to all documents. Word and PDF documents both offer numerous options for redacting information in the menus mentioned above, as do many other document types, and it’s important to understand how to use these features.
6. Think about file type, size, and format
To that end, it’s best to use PDF format for all documents whenever possible. This is for several reasons. In addition to containing the most advanced redaction and editing information, outlined above, they are also formatted more neatly than Word documents and remain the same across all interfaces. When PDFs have layered elements, like signatures, it’s important to “re-print” and flatten them so they’re all fixed within the document. Also, a good virtual data room will have extensive document security options, so disable any native security in the PDF to avoid confusion later on. Conversely, use optical text recognition (OCR) to make the documents searchable to readers and the VDR provider.
In order to make the deal move faster for all parties, it’s also important to make documents light and mobile friendly. When “printing” PDFs, use a lower DPI so they download easier, faster, and without additional tools. Also use a standard page layout whenever possible to avoid a confusing and clunky experience on phones and tablets.
7. Back up documents post-closing
Document security becomes no less critical once the deal ends – in fact, the afterlife of your confidential information is just as important as its life during the deal, so they can be referenced in case any discrepancies or lawsuits comp up. Your virtual data room provider should let you create an archive of all documents used during a deal as well as all recorded information on use, edits, downloads, and reads. This can be stored with the provider, often at a small cost, or kept on your company’s own servers. Many providers will also offer the option to put all of the information from a deal on a set of DVDs, which can be kept in a vault or other secure facility indefinitely.