Fundraising is generally unavoidable for startups and small businesses. This is particularly true in certain sectors where access to capital and equipment is crucial, such as life sciences and technology. Of course, these are industries that tend to be driven by intellectual property (IP) as well, so there is always quite a bit at stake when companies are in pursuit of a cash infusion and required to divulge company information to garner interest and dollars. It is likely impossible to avoid sharing all of a company's IP during fundraising rounds, as prospective investors need to have some sense of where their investment is going. But, companies can take steps before, during, and subsequent to any fundraising round to ensure that their IP remains secure.
Institute a Security Plan
Before sharing any IP, and really before even embarking on a fundraising round, companies need to institute a data security plan. Fundraising rounds can move quickly, with requests for documentation left and right. If a company is not prepared and fears that failing to furnish an item in a timely fashion will deter interest, they may make the mistake of just passing along whatever is requested. Urgency and transparency are obviously integral facets of fundraising, but that does not mean that investors should have unfettered access to valuable information.
One way to control information sharing is to establish a virtual data room (VDR) in which pertinent pieces of information can be uploaded, organized, and shared, as appropriate. This will ensure that everything is in one secure location and allow companies to keep a handle on what information is going where. Important documents should never be emailed for security reasons, and because a bunch of people could be sending things out, it would be impossible to keep track. With a VDR, these potential lapses are avoidable.
Invest in Secure Technology
Of course, any available VDR will not suffice. There are solutions at all price points available with a range of features and security practices. But, focusing on price alone is a huge mistake when it comes to selecting a solution that will be entrusted with the safekeeping of valuable IP. Companies obviously need to choose a provider that fits within their budget, but this is an area where skimping from the outset could be disastrously costly in the long run. Beyond the quoted price, an important thing to consider is whether there are limits on data storage capacity or user accounts, as some solutions charge more depending on how much a company is using. This isn't a great setup for companies looking to grow and needing services that will allow it to do so without additional fees.
Price is no doubt important, but the system design and security features are even more so, as these will show whether a company is really getting the most bang for its buck. A reputable VDR will prioritize data security with certified data centers, advanced encryption, and reliable backup. But, just because a solution is highly secure does not mean that it has to be overly complicated. Any VDR should be quick to set up, easy to use, and come with unlimited tech support.
The solution also needs to have purpose-built features that further strengthen data security, such as permissions-based roles. The whole point of implementing a data room is to maximize security and retain control over important data. As a result, it is key to designate an administrator of the VDR and only allow pre-screened individuals to access its contents. It is even better if the system is designed so that people are only granted permission to access specific items within the VDR rather than the entire VDR.
Fortunately, there are solutions that allow for customizable permissions-based roles such as this, so for companies that want to keep a very tight rein on information, this is obviously ideal. Ultimately, the goal should be to share as little as possible with as few people as necessary and to ensure that access is extinguished when appropriate to prevent further review or dissemination.
Even though minimizing data distribution is preferable, it certainly won’t be realistic to keep everything under wraps. It does not matter whether your company is engaged in fundraising, establishing a strategic partnership, or engaging in an M&A transaction, there will always be a ton of document sharing in order to get a business transaction accomplished. Obviously, sharing certain aspects of a company’s IP will be a part of that document sharing in some form or fashion.
Thus, just as a VDR should enable access restrictions, it should also offer audit logs that provide information about every single activity that takes place within the data room. This will allow the administrator to keep an eye on who is viewing what, when, and for how long, and may even come in handy if an item is misappropriated and legal recourse is necessary.