Ian Lopez, Legaltech News
M&As leave much room for data
leaks. Vaporstream’s Galina Datskovsky talks securing communications when
closing the deal.
When it comes
to being vulnerable for a breach, mergers and acquisitions (M&As) tend to
leave many doors open, creating great potential for highly-confidential
information to get in the wrong hands.
The leaky-nature of M&As is partially attributable
to “human nature,” says Galina Datskovsky, CEO of secure messaging app service
Vaporstream. In a conversation with Legaltech News, Datskovsky explained that
people often email parties they shouldn’t be contacting about M&A deals,
such as family members that might have investing interests based off a deal’s
implications or colleagues not involved in the deal but from whom they would
like to get feedback.
Many companies have turned to enterprise communication
tools, such as Slack, which are downloaded by end users, and often they leave
information vulnerable. “The only way to limit who actually knows about the
M&A is to keep the information about it to the most limited amount of
people you can,” Datskovsky added. “And generally that is not easy to do with
the tools we use today.”
Yet communication is core to M&As, and thus “lots
of chatter” between the multiple parties involved must occur. “You need the
chatter; you need to discuss the terms of the deals,” such as parameters,
people in the organization, etc., Datskovsky explained. Unfortunately, most of
this communication occurs over standard office email, and thus the chatter can
easily be exposed. “It’s just the nature of the beast.”
So how to secure? Datskovsky has some practical tips
for being more secure in your M&A communications:
1. Control Your Content: Sending is Not the End
How often have you sent an email that, moments later,
you wished you hadn’t? Whether filling the recipient field with the wrong
address, clicking “send” too quickly, or suddenly realizing your recipient
shouldn’t have this information, we’ve all been there.
Wish you had a “retract message” button? Certain
enterprise tools allow this, so long as the recipient has yet to open it. This
can be particularly handy for M&A communications. Privy parties need to
prevent forwarding of messages “so somebody can’t say, ‘Oh, I think this would
be useful to get the opinion of X, Y, Z, and let me just forward this,”
Datskovsky noted.
Additionally, senders “want to be able to control who
sees [a message], how they see it, and what they can do with it,” which can be
done with certain apps, she added.
2. Too Little Too Late: Maintain an Expiration Date for Content
Often, documents can linger in storage, forgotten
about once they’re no longer immediately useful. However, as many know, that
doesn’t mean they don’t exist.
By setting an expiration date for a message, you are
“limiting distribution through channels,” Datskovsky said. “The more you limit
the conversation … the more you are likely to limit leakages and inappropriate
distributions.”
3. Don’t Forward the Master: Copies are Key
It’s important to draw a clear distinction between a
master document and its copies. This distinction is important to adhere to in
emails as well, for in the digital age, sending a master document could lead to
unintended edits to a document, hugely problematic for M&As.
While you’ll need to keep a master copy for record
keeping, sending copies in PDF format for review limits security risks. In the
event of a breach, “it’s one thing to have a copy and another to have the
content walking around across the board on devices that belong to your
organization and any outside entities,” Datskovsky explained.
Overall, Datskovsky says that while many rely on the
encryption of an enterprise messaging app for protection, that alone isn’t
enough. “You’re not going to get that benefit of expiration and forward
prevention. You need a greater
sense of control.”
No comments:
Post a Comment