Executives looking to hire a remote virtual assistant need to ask some challenging questions about security.
Take this warning, for example.
"A CEO's executive assistant is statistically more likely to be a very attacked person than the CEO," said Ryan Kalember, cybersecurity VP at email security vendor Proofpoint. "Anyone who can move money is a likely target."
Does your assistant have—or do you plan to provide--access to your credit cards and bank accounts? Payroll?
Home Offices and Devices Targeted
Cybercrimes have surged since 2020's work-from-home exodus, and home offices do not have enterprise-grade network security. With many virtual assistant service providers, the virtual assistants work from home offices on their personal computers, giving leaders even less control over attacks.
"For small businesses, 2020 was especially brutal," said IT security consultant and author Joel Snyder. "Just as work-from-home (WFH) arrangements and transitions to the cloud became the top priority. We can expect cybercriminals to adjust their tactics to take advantage of these changes in the profile of their small business targets."
And indeed, they did just that. A late 2021 survey by Forrester Research and Tenable found that 80% of business leaders said their organizations have more risk exposure today because of remote work.
It is essential to keep in mind what remote workers have access to:
- More than 50% of remote workers access customer data using personal devices.
- And 71% of IT security leaders lack visibility into remote employee home networks.
"This gap is well understood by bad actors, as reflected in the fact that 67% of business-impacting cyberattacks targeted remote employees," the study found.
Small businesses are a growing target. In 2019, 43% of attacks targeted small businesses. That number has soared to 66% for 2022. Just 45% of SMBs consider themselves prepared for a malicious breach.
Here is Snyder's list of the top-five threats to SMBs and how they are ramping up:
- Credential theft. "Stealing passwords through malware, impostor websites, keyloggers, and other tools has been popular for a while. But 2020 turned up the heat."
- Phishing, vishing, smishing. "Cybercriminals will try anything to convince someone to open their message or click on their link."
- Ransomware. "The protections that large businesses have put in place have shifted the focus to small businesses. With today's WFH focus, attacks are now targeting users far from the corporate network.”
- Personal devices accessing corporate systems. "The bad news is that in 2020, users began mixing personal and business computing on the same devices more than ever, and that's a recipe for a security disaster."
- Cloud computing. “Not unique to 2020, but certainly increasing year after year, is the discovery that hackers are going after the management tools for your SaaS applications directly."
Unmanaged Risk and Unrelenting Cyberattacks
"Remote and hybrid work strategies are here to stay and so will the risks they introduce unless organizations get a handle on what their new attack surface looks like," said Amit Yoran, CEO, Tenable.
"This study reveals two paths forward — one riddled with unmanaged risk and unrelenting cyberattacks and another that securely accelerates business productivity and operations."
The combination of a rise in work-from-home attacks and the fact that virtual executive assistants may have access to sensitive data and accounts make the risk of targeting a virtual assistant very real.
How to Prevent Cyberattacks on Virtual Assistants
The risk of an attack on a virtual assistant is more significant if they are freelancers with no IT support or independent contractors placed through an agency without IT support.
Here are some best practices you should look for when hiring a virtual assistant that will have the keys to your IT kingdom:
- Perform background checks: if an assistant or firm does not agree to a background check, look elsewhere.
- Confidentiality and Non-Disclosure Agreements (NCAs): data breaches are not the only risk with offsite workers. They could share sensitive sales, products, and customer information.
- Facilities: some virtual assistant firms (including Prialto) hire their virtual assistants and manage them in secure facilities protected physically with biometric access control, security guards and cameras, and encrypted virtual private network connections.
- Devices: employees should not access your systems with personal devices unless authorized, and if a firm offers corporate computers, make sure they maintain up-to-date malware protection. (which is what DNS filtering is mostly used for).
- Password encryption: you should never give your virtual assistant credentials to corporate accounts. You should provide access through a password encryption platform like LastPass.
Ransomware on the Rise
Ransomware—where hackers disable or comprise your servers and networks and demand cash to leave you alone—was a top cyber-attack in 2020 and 2021, making up 68% of attacks.
In 2021, ransomware attacks increased by 151%. The cost of a ransomware attack ranges from $25,000 for the smallest of businesses to $9 million for larger enterprises.
Protection from ransomware becomes even more urgent when considering the systems a virtual assistant can typically access. The risk is not just to your financial information but also to customer data.
Common tools and systems virtual assistants access include:
- Email servers (94% of attacks happen via email).
- Bookkeeping software and payment systems.
- CRMs with sensitive customer and sales data.
- Calendars and travel with information about your whereabouts.
You also must worry about device security, especially if your remote or freelance workers are using portable devices like phones, tablets, and laptops.
- 40% of data breaches are through lost or stolen devices.
- Of the 70 million devices stolen each year, only 7% are found.
Bad actors use stolen devices to access your network. Can you disable or revoke access to contractors or freelancers?
Managed Virtual Assistant Service Security
Concerned about the security of a current or future virtual assistant? Consider a managed virtual assistant service instead of a freelancer or independent contractor. A managed virtual assistant service provider hires, trains, and supervises virtual assistants in secure buildings and company-issued computers.
As the employer of the assistants, the service provider is responsible for security, providing:
Physical security
- Secure office buildings
- Security key cards
- Security guards and alarms
- Video monitoring
Electronic security
- Secure servers
- Encrypted passwords
- Secure devices
- IP protection
- Desktop monitoring
- Remote device control to disable lost or stolen devices
Human security
- Background checks
- Confidentiality and NDA agreements
- Documented security policies
An added level of security comes in the form of managers and backup assistants. Managed virtual assistant services train backup assistants so that if your primary assistant is absent for any reason, a fully trained backup is available.
Managed virtual assistant service providers have the most robust data security infrastructure, physical, electronic, and human security, to provide a comprehensive set of safeguards for client data.
Because the virtual assistants are employees of the service provider, the onus is on the provider to support bullet-proof security with processes developed in conjunction with industry experts continuously updated.
Read how Prialto handles our data security and confidentiality with our managed virtual assistant service.
Looking for a secure virtual assistant service you can rely on? Book a call with us today to discuss how our assistants can amplify your business.