Fill out the form below to download the full guide.
With the ubiquity of business-oriented cloud services and their use as vessels to store everything from company portfolio stances to financial data, acquisition and divestiture postures, it is no wonder that unsecured clouds have become easy targets for hackers, and why a virtual data room is more essential than ever.
In August 2015, 32 traders and hackers earned more than $100 million in illegal funds in a scheme where rogue traders, some former employees at major hedge funds in New York, swapped corporate press releases with hackers in the Ukraine, trading on the news before it hit the newswires. The ruse, which went on for several years before federal prosecutors, law enforcement agencies and regulators from the U.S. Securities and Exchange Commission (SEC) cracked down, highlighted both the patience of hackers and the proliferation of data leaks further compounded by a slow-to-act attitude towards IT security infrastructure. And it’s being felt across the boards.
In the U.S. the number of data breaches reached 781 in 2015, according to a recent report released by the Identity Theft Resource Center (ITRC). Another report pegs the average total cost of a data breach for companies involved at $3.79 million, a 23% increase from the previous year. But it’s not just about the costs. Firmex’s own data security report found that 1/5 of M&A institutions had already had a cyber attack affect their bottom line, while 2/3 of M&A professionals still feel that e-mail is a safe form of communication. There’s a top-to-bottom problem with how M&A institutions share deal data, and it needs to be fixed before things get worse.
We broke down some of the ways information breaches could hinder or derail your next deal-making opportunity as well as some insight on how virtual data rooms can keep that from happening.
There’s a reason hackers with Wall Street smarts are increasingly looking to tap into sensitive M&A information by targeting weakly secured lines of communication like emails and unsecured cloud storage. Last summer, the SEC launched an investigation into a hacking crew targeting executives at publicly traded firms. The SEC investigation was prompted by a report from U.S. network security firm FireEye, which had been monitoring the group called FIN4 thought to be responsible for targeting over 100 organizations.
“Operating since at least mid-2013, FIN4 distinctly focuses on compromising the accounts of individuals who possess non-public information about merger and acquisition (M&A) deals and major market-moving announcements, particularly in the healthcare and pharmaceutical industries,” wrote FireEye in the report. “FIN4 has targeted individuals such as top executives, legal counsel, outside consultants, and researchers, among others.”
Groups like FIN4 are able to combine their knowledge of hacking with business deals to tap into company emails, mine them for data and hijack email threads to capture further credentials of shareholders and investors.
While email can be a quick way to send and receive info and pass along documents through free cloud solutions, a virtual data room is the best way to ensure nefarious, Wall Street-literate hackers aren’t undercutting your deals.
It runs parallel to hacking but deserves its own mention. In additional to M&A deal information in general, this is one place where the biotech, life sciences and pharmaceutical sphere can benefit greatly from the use of virtual data rooms. Pushing a product or idea through to completion can be an arduous affair, steeped in lengthy clinical trials. Simply put, email is an inadequate way to exchange findings, pass along patients’ private data, protect intellectual property and communicate confidential licensing information.
Letting this sort of data slip into the wrong hands doesn’t just have the ability to kill a deal, it can come with both a breach of privacy laws or privacy policies. Countries like Canada and The Netherlands have already modified privacy acts to put the onus on companies for leaked personal data.
Like email, a virtual data room allows quick communication, creating a closed forum for companies and consultants – including lawyers, accountants, financiers and underwriters – to communicate one to one or as part of the crowd, dependent on the permissions set by the deal room administrator. The difference, though, is that VDRs create a communication channel with industry-grade encryption that meets major international security compliances.
Preventing Human Error
Despite major advances in information technology, human error remains one of the major causes, and possibly the biggest cause, of data breaches . A study by CompTIA claimed that 52% of breaches were caused by human error, while another study by IBM put the number at a shocking 95%.
Both surveys agree that while most information breaches come from insiders, it’s usually a result of innocent mistakes rather than some sort of malicious misuse of privileges. While typically employee training is the predominant way of combatting human issues – and a good strategy at that – for smaller to mid-sized firms with thinner resources the infrastructure necessary and the cost to build such a training regiment can be prohibitive.
A solid virtual data room can be a cost effective way to cut out human error by allowing the account administrator to monitor and fine-tune that has access to which files. Permissions and conditions can be stripped, additional access can be granted or broadened and a variety of permission-based roles can be programmed easily in order to ensure human error doesn’t result in sensitive data leaks. No training necessary and nothing goes unaccounted for so the chance of human error is plucked from the equation.
Improving Organization and Pacing
Focus can often fall of the technical side of things – ensuring all earnings and asset reports are up to date, fielding questions about the deal – but one element that often gets its role in successful mergers overlooked is momentum.
While due diligence is a vital part of the mergers and acquisition process, sifting through stacks and stacks of documents – some outdated, some duplicated – is time consuming and can derail even the best-laid deals.
But good virtual data rooms offer solutions to keep a deal on track, letting users automatically organize and archive different versions of a document. In the end, it allows for easy collaboration across the deal team and ensures documents undergoing a tireless stream of revisions are always up to date and marked as such. Advanced features also include the ability to drag and drop a document with the same name and extension into a data room and have the platform detect and highlight even the slightest differences between documents.
A Q&A feature is also an asset in keeping momentum. While complex transactions and procurement projects can often attract hundreds of questions from bidder groups, a built-in Q&A module can help route and answer major questions as well as track interest and create an audit trail for legal and regulatory purposes. Ultimately, these VDR tools lead to a more streamlined process that keeps the deal moving while organizing documents to ensure due diligence is properly executed.
Improving Deal Management
While documents need to be managed properly, managing the relationships with those viewing those documents is also vital. Companies using virtual data rooms can glean useful analytics on investors and prospective buyers by tracking activity through audit logs. Knowing who has looked at what and for how long allows a firm to focus their effort on serious potential bidders, anticipate potential enquiries or questions and determine what information is of most value to engaged investors. Failing to identify the most interested parties can cost your business the deal.
But deal management doesn’t end once the merger or acquisition has been completed. Document security continues to be critical and retaining access to that confidential information once the transaction has occurred should be a priority.
Advanced deal room providers know this and will ensure you can catalogue and archive all the documents used throughout the process from edits and downloads to audit reports and viewing information. Retaining access to those documents and storage with the provider, for a small cost, on your own servers, or physically on DVDs in a vault can give a business piece of mind well after the deal is done. It can also protect you in the event of litigation.
Learn more about virtual data rooms
With all the risks associated with information sharing, the potential costs associated with a breach, and all the ways a deal can unravel, a virtual data room is essential for organizations large and small. Fortunately, with Firmex, VDRs are easy to use and well priced. Head here to learn more and book a demo.