M&As Leave Much Room for Data Leaks. Vaporstream’s Galina Datskovsky Talks Securing Communications When Closing the Deal.

When it comes to being vulnerable for a breach, mergers and acquisitions (M&As) tend to leave many doors open, creating great potential for highly-confidential information to get in the wrong hands. The leaky-nature of M&As is partially attributable to “human nature,” says Galina Datskovsky, CEO of secure messaging app service Vaporstream. In a conversation with Legaltech News, Datskovsky explained that people often email parties they shouldn’t be contacting about M&A deals, such as family members that might have investing interests based off a deal’s implications or colleagues not involved in the deal but from whom they would like to get feedback. Many companies have turned to enterprise communication tools, such as Slack, which are downloaded by end users, and often they leave information vulnerable. “The only way to limit who actually knows about the M&A is to keep the information about it to the most limited amount of people you can,” Datskovsky added. “And generally that is not easy to do with the tools we use today.” Yet communication is core to M&As, and thus “lots of chatter” between the multiple parties involved must occur. “You need the chatter; you need to discuss the terms of the deals,” such as parameters, people in the organization, etc., Datskovsky explained. Unfortunately, most of this communication occurs over standard office email, and thus the chatter can easily be exposed. “It’s just the nature of the beast.” So how to secure? Datskovsky has some practical tips for being more secure in your M&A communications:

1. Control Your Content: Sending is Not the End

How often have you sent an email that, moments later, you wished you hadn’t? Whether filling the recipient field with the wrong address, clicking “send” too quickly, or suddenly realizing your recipient shouldn’t have this information, we’ve all been there. Wish you had a “retract message” button? Certain enterprise tools allow this, so long as the recipient has yet to open it. This can be particularly handy for M&A communications. Privy parties need to prevent forwarding of messages “so somebody can’t say, ‘Oh, I think this would be useful to get the opinion of X, Y, Z, and let me just forward this,” Datskovsky noted. Additionally, senders “want to be able to control who sees , how they see it, and what they can do with it,” which can be done with certain apps, she added.

2. Too Little Too Late: Maintain an Expiration Date for Content

Often, documents can linger in storage, forgotten about once they’re no longer immediately useful. However, as many know, that doesn’t mean they don’t exist. By setting an expiration date for a message, you are “limiting distribution through channels,” Datskovsky said. “The more you limit the conversation … the more you are likely to limit leakages and inappropriate distributions.”

3. Don’t Forward the Master: Copies are Key

It’s important to draw a clear distinction between a master document and its copies. This distinction is important to adhere to in emails as well, for in the digital age, sending a master document could lead to unintended edits to a document, hugely problematic for M&As. While you’ll need to keep a master copy for record keeping, sending copies in PDF format for review limits security risks. In the event of a breach, “it’s one thing to have a copy and another to have the content walking around across the board on devices that belong to your organization and any outside entities,” Datskovsky explained. Overall, Datskovsky says that while many rely on the encryption of an enterprise messaging app for protection, that alone isn’t enough. “You’re not going to get that benefit of expiration and forward prevention. You need a greater sense of control.”

(Article originally published on Legaltech News by Ian Lopez, August 15, 2016.)