by Cydney Posner
According to this article in the WSJ, companies involved in M&A activity had better make special efforts with regard to cybersecurity. In the course of the transaction, thieves may try to gain access to internal systems. extract negotiating positions or other information about the transaction, or make off with trade secrets or other inside information.
Apparently, data thieves target companies engaged in M&A deals because, in light of the confusion that often surrounds M&A activity, employees are more vulnerable to cyberattacks. Employees of merged companies do not know who may be sending them emails and are more likely to open them. For example, in one case, cyberthieves went phishing by sending emails to employees of a newly acquired subsidiary announcing the acquisition. That email included malware that allowed the hackers to enter the company’s network and steal proprietary data. Similarly, executives travelling for deal negotiations can also be a prime target for data thieves.
To help address these risks, employees should be advised to be more cautious about opening emails when the company is going through a merger or acquisition. It may also be perilous for travelling executives to use Wi-Fi on mobile devices or plug into free Wi-Fi in hotels and public areas. In addition, companies should also “be careful not to link up their networks until the new network has been tested by the security team to make sure it’s safe.”