Cyber due diligence: Five features to look for

We live in a time with accelerated digitalisation. Processes that we used to handle manually are now digitised. It has not only been a necessity. This digitalization also presents vast opportunities to work more efficiently and to improve our processes.

Mari Nygård

Head of Data Rooms

+47 452 00 024

[email protected]

However, as companies grow increasingly dependent upon digital tools and processes, they also become increasingly vulnerable to cyberattacks and a potentially devastating loss of trust. We are especially vulnerable when working from home, being outside our office environments, often using private Wi-Fi networks.

We are glad to see that most companies are now more conscious about ensuring that the software and services adheres to the security requirements. But in many cases it can be hard to know exactly what to look for. When choosing a service like a data room, can you safely assume that all the providers have security as the number one priority? Or should you rely on the essential security ‘tick-offs’ like:

These are essential factors to consider and these should always be in place. However, we recommend that you dig deeper into the security mechanisms offered by the vendors and products you are considering, to make sure you have all the features needed to meet your needs for ultimate protection.

Data room security is so much more than the essential tick-offs

Mari Nygård, Head of Data Rooms, Admincontrol

Five features to look for in a secure data room

1. Two-Factor Authentication (2FA)

Every week you can read new stories about high profile data breaches and password leaks. 2FA is an additional layer of security used to ensure that only the correct users gain access to an online account. It is one of the most effective security measures you can implement and should be considered mandatory for any account with access to sensitive or business critical information. 

Learn more about 2FA HERE

2. Encrypted download

When using a data room, being able to do an easy download is key to many users. Even so, you should also pay attention to the risk of disclosure once the data is exported from the secure environment of the data room. For larger downloads, encryption is essential to keep your data safe.

3. Session time-out

Although it would be convenient if you were still logged into the data room after your coffee break, it would certainly not be secure. A session time-out is essential to avoid data breaches. The session time-out only kicks in when you are not actively working in the data room. This is therefore an effective measure to prevent others from accessing your data while your focus is somewhere else.

4. Secure Messaging

We all need to have a way of communicating confidential information in a secure manner.

To avoid email being used to share confidential information, it is essential to have the right tools in place.  A good data room should provide a secure, on-platform alternative to outside communication channels for messages and document sharing within each team.

Admincontrol’s Secure Messaging function ensures encrypted communication for the M&A team within the data room

Admincontrol’s Secure Messaging module enables users of the data room to send and receive confidential messages within the platform (this should not be confused with the Q&A, which is a module for questions and answer between seller and buyer teams).

5. Make sure that any third-party integrations require re-authentication.

Third-party integrations can be essential to ensure an efficient digital process. However, there are always risks involved with providing a gateway from a data room to another solution, since you might have two or even more entry points to your data. If any of these additional providers has a breach, this could directly affect the data in the data room. Having the provider re-authenticate at regular levels reduces the consequence of a breach at any of these providers.

Some questions to ask yourself when evaluating third-party integrations in the data room:

  • Is the integration developed in a way that meets your security requirements?
  • Is the integration between the data room and the third-party permanent?  
  • Is re-authentication supported, and at what frequency?

Connecting third-party integrations to a data room can be valuable but also requires an extra review of security measures to avoid any breaches.

Look for a data room that is designed to faciliate secure behaviour

Mari Nygård, Head of Data Rooms, Admincontrol

Stay secure during due diligence

Securing the due diligence and deal process are about more than the tools at hand. It is just as much about ensuring that the M&A team and every employee in the company has a strong security knowledge and the skills to make secure choices in their way of working.

My final advice is therefore to look for a data room that is designed to facilitate secure behaviour and enable people to make these smart choices.  

Want to learn more about cybersecurity in due diligence?

Watch the recording of our talk on the topic at The Global M&A Conversation 2021: Cyber due diligence – protection your deal

    Our newsletter is in English and sent 2-4 times a year. You can opt-out at any time.