Sensitive business operations like private equity transactions or M&As often require enhanced due diligence, a process in which dozens of professionals review hundreds of pages of documents in order to help buyers size up companies, and vice versa. While this process has largely moved online, selecting a platform that enables individuals to access and share documents securely remains a challenge. Cloud hosting providers abound, as providing document hosting has become a standard feature even in regular, everyday productivity tools (i.e., Google Docs for regular Google accounts).
WeTransfer has emerged as a simple, lightweight solution for sharing large-size files over the web (up to 2GB per file) for free. However, security needs to be a central issue when selecting a vendor. Therefore enterprise, financial and legal professionals — and those that support them — need to more closely scrutinize WeTransfer as a potential provider to host the documents needed during a complex transaction.
So, is WeTransfer safe? In short, it does not measure up.
Built for Anonymity
An attractive feature of WeTransfer, at least for consumers or one-time users, is its lack of friction and near-anonymity: there is no need to create an account, enter credit card information, verify an identity or the like.
Just click the blue plus sign, add files (you can also add a folder), enter both your recipient’s email address (you can add up to 20) and your email address, input a short message, and click Transfer. It’s that simple. You can decide to transfer the file(s) via email or transfer link. However, neither of these options present strong security options. Indeed, the files can easily end up in the wrong hands: the recipient can simply forward the email to recipients other than those intended by the sender.
Setting passwords and expiration dates for the file transfers are Pro features of WeTransfer, and while helpful, these features still aren’t secure enough for the type of extensive document sharing and management needed for financial transactions.
Lack of Compliance
WeTransfer is headquartered in Amsterdam and does comply with the EU’s strict General Data Protection Regulation (GDPR), which mandates that companies secure their data against loss or theft. However, this is not enough for clients operating in regulated industries or professions.
WeTransfer is not compliant with other industry data security standards and directives, including the Payment Card Industry (PCI) Data Security Standard, Health Insurance Portability and Accountability Act (HIPAA), the Federal Information Security Management Act (FISMA) and the Association of International Certified Public Accountants (AICPA) Service Organization Controls standard.
For company owners and buyers in these industries engaged in a transaction, especially as they will be sharing sensitive financial and customer data, it’s best to lean on a cloud hosting provider that is compliant with the strictest of standards.
Pro Features Still Limited
While the Pro version of WeTransfer does offer custom URLs and backgrounds, in order to provide file recipients with a special look and feel, this customization is still limited. Because different groups need to see different documents, the organization needs to be presented much more uniquely, not with a one size fits all solution.
In fact, investors, company owners, bankers, lawyers, accountants and other professionals involved in a deal have become more accustomed to viewing documents in a separate virtual data room. WeTransfer does not provide an interface that can be considered a data room; without a special UX tailored for such professionals, recipients may be unsure of the importance or hierarchy of documents. Such distractions can impede the proper review of critical documents, affecting the outcome of a deal.
WeTransfer’s Larger Interests
While this might not seem like a security risk, the corporate mission of WeTransfer should be of concern to those seeking a secure document sharing solution.
“A set of beautifully obvious tools,” asserts WeTransfer’s Products page. Aside from the core file sharing service, the company also offers Paste, Collect, Paper and WePresent; these are all products developed for and aimed at a creative audience, such as designers and artists.
With this in mind, those needing a robust solution for highly sensitive documents might rethink the idea of using a service that is not 100% focused on secure document sharing. As new security protocols or standards continue to be developed by the industry, investors and their advisors need to lean on a provider that is staying on top of and incorporating such trends, in order to deliver the safest experience for customers.
The Best Solution for Documents
While thousands of pages of highly-sensitive documents are handled by dozens or hundreds of people in a transaction, advanced tracking tools are needed to ensure that the right access has been granted to the right person at the right time.
While the Pro version of WeTransfer allows for the document owner to create passwords and set expiration dates, WeTransfer offers no mechanism to track the number of times a document has been downloaded and printed — or even to prevent this from happening in the first place. This is a security risk, because that printed document can easily be photocopied, scanned and shared with unauthorized persons.
Organizations should consider an enterprise document security solution, such as Caplinked, that has tighter privacy and security needs in mind. Digital rights management (DRM) capabilities provide encryption and complete control over how a document is used, and Caplinked’s FileProtect feature lets companies share documents while retaining the ability to deny access to anything even after it’s downloaded.
Providing access is important, but restricting that access is even more vital when working with the most sensitive of documents in a complex transaction. Are you ready to level up your security? Reach out for a free trial today!
Jake Wengroff writes about technology and financial services. A former technology reporter for CBS Radio, Jake covers such topics as security, mobility, e-commerce and IoT.