Private Equity firms’ cyber security is key to ensuring that NDAs are intact

Cyber security breaches are becoming more sophisticated and dangerous than ever before, with the previous year recording over 300 million known ransomware attacks.??

The permanent shift to hybrid working, spurred on by substantial changes to digital infrastructure to enable remote working at the pandemic’s height, means that cyber security is not only a growing concern but one that is harder to manage for many organisations, including Private Equity firms.??

Fully remote working staff with inadequate remote security systems can leave firms an ideal target for the growing number of cyber criminals seeking lucrative financial data and competitive intelligence.?

The NDA (non-disclosure agreement) is often the prerequisite to any transaction within Private Equity. The usual practice is that each of the parties seek to ensure their confidential information is protected by asking the other party to sign an NDA. But without the physical protection of an office’s firewall as many firms continue to work remotely, how can firms be secure in the knowledge that the data held under NDA are intact and protected???

Location, location, location?

Firms need to first establish a location where any data covered by an NDA will be stored, in line with the agreement, and supported by policies and technical controls that allow access data to be managed.?

Many firms will need to use a platform that allows the labelling of data so that it can be marked as protected (for example, Microsoft Teams) to prevent the data being leaked or moved from the location in error.? Ease of use is key – professionals need to be able to work effectively and not be hindered by excessively strict policies, while at the same time protecting the data.? This means that technology and people need to work together to allow data to be shared – but while understanding the type of data and the risk in doing so.? Technologies such as Data Loss Prevention (DLP) help with these sorts of requirements.?

Encryption and protection to mitigate risk?

With employees all over the world using a blend of devices to conduct personal and professional work, encrypting devices with access to sensitive information means that you are protecting your company in the event of theft. Ensure that a remote wipe facility is in place, so that any stolen devices can easily be cleared of all data, no matter the location.? All devices running Windows 11 will have technology to facilitate encryption by default and can be joined to cloud management to allow remote wipes and compliance controls to be enforced no matter where the device is.?

Some platforms provide you with the option to lock access to data held in the cloud to a person or selected number of people, and also decide whether the document can be shared or forwarded. In the remote working world, you need to go one step further than password protecting documents, so by limiting access and including multifactor authentication as part of the verification process, you will be helping to keep your data safe from a breach.?

No data, no risk?

One way to reduce data protection risk is by not having the data at all. Marking confidential data as such will help make it easier to remove files once an NDA expires, preventing it from being leaked if there is a cyber-attack or breach in the future.?

There is also the option to ‘timebomb’ specific documents if you use a platform that enables this; so that any data covered under an NDA will automatically expire once the agreement ends.?These controls can be automatically applied if the data leaves the firm's cloud platform or systems.?

Take action if there’s a breach?

Firms need to act swiftly to mitigate the damage caused by a breach – and practicing your breach response will help you stop the attack from spreading any further and help you to regain control of the situation should it occur.?Having a partner with the right security incident management technology and people available 24/7 to respond to breaches is key to a rapid and effective response.?

Once you have a robust policy in place, it will help your firm put the relevant technological controls in place and respond quickly in the event of a cyber security attack.??

Speak to your trusted IT partner as soon as you are aware of an attack, so that they can help you to manage your devices and reduce the risk of your data being exfiltrated.?

By Owen Morris, Operations Director at Doherty Associates, experts in building cloud-based modern workplaces for the finance industry. To help improve your cyber posture, protect your data and keep your NDAs intact, please speak to a member of the Doherty Associates team today for their expert advice and guidance. You can contact us here.?