Are Freelance SMB Virtual Assistants a Target for Hackers?

By Bill Peatman | Updated: 24 Jun, 2021

Traditionally, your financial controller and your executive assistant are the two employees who statistically represent your greatest security risk. They have the access and opportunity. “A CEO’s executive assistant is statistically more likely to be a very attacked person than the CEO,” said Ryan Kalember, cybersecurity VP at email security vendor Proofpoint.  “Anyone who can move money is a likely target.” 

The global pandemic has now only increased this risk. Year 2020’s Covid pandemic has also launched a cyber pandemic. As much of the world shifted to working from home, hackers also went on the move:  

  • Cyber-attacks grew 2x.  
  • Ransomware attacks grew 40 percent, costing businesses $200 million.  
  • Phishing scams increased by 128 percent.  
  • Botnet traffic grew 29 percent.  

"For small businesses, 2020 was especially brutal,” said IT security consultant and author Joel Snyder. "Just as work-from-home (WFH) arrangements and transitions to the cloud became the top priority. In 2021, we can expect cybercriminals to adjust their tactics to take advantage of these changes in the profile of their small business targets."  

Here is Snyder's list of the top-five threats to SMBs and how they are ramping up:  

  • Credential theft. "Stealing passwords through malware, impostor websites, keyloggers and other tools has been popular for a while. But 2020 turned up the heat."  
  • Phishing, vishing, smishing. "Cybercriminals will try anything to convince someone to open their message or click on their link."  
  • Ransomware. "The protections that large businesses have put in place have shifted the focus to small businesses. With today's WFH focus, attacks are now targeting users far from the corporate network.”  
  • Personal devices accessing corporate systems. "The bad news is that in 2020, users began mixing personal and business computing on the same devices more than ever, and that's a recipe for a security disaster."  
  • Cloud computing. “Not unique to 2020, but certainly increasing year after year, is the discovery that hackers are going after the management tools for your SaaS applications directly."  

Remote Work-Era Security  

Security Magazine has called for "reshaping cybersecurity in the remote work era," as home networks lack the hardened infrastructure of the enterprise. The risk is even higher for SMBs that do not have the security personnel to monitor threats. But one of the biggest risks falls on businesses that use freelancers who use their home networks and personal computers.  

"Freelancers are easy targets for cybercriminals," said the Information Security Institute, and by extension, so are the businesses that hire them. Security software company Kaspersky agrees: "Freelancers are beloved targets for cybercriminals, who use phishing and malware to steal credentials and money." Kaspersky cites a scheme where cybercrooks used job ads on Twitter and job boards to plant malware on the devices of those that clicked on the ads. That malware can spread to client networks. 

Risks of VAs Using Their Own Devices  

For businesses hiring remote virtual assistants as freelancers or contractors, either individually or through an agency, you need to be aware of the security risks you might be bringing onto your networks. Think about the common tools and systems virtual assistants have access to:  

  • Email servers (94 percent of attacks happen via email).  
  • Expense reporting (credit card information).  
  • Bookkeeping software (keys to the kingdom—payment systems).  
  • CRMs (sensitive customer data).  
  • Calendars and travel (they know when you're not home or in the office).  
  • Passwords and files (60 percent of breaches came through phishing scams).  

The introduction of malware into any of these systems could result in significant theft or downtime.   

That's just the beginning. There's also the issue of device security 

  • 40 percent of data breaches are through lost or stolen devices.  
  • Of the 70 million devices stolen each year, only 7 percent are recovered.  

A stolen device can be used to access your network. Do you have the ability to disable or revoke access to contractors or freelancers? 

Fake Freelancers  

These are the risks with people you can trust. But what if a disgruntled or malicious freelancer actually wants to steal from or otherwise defraud your business? Security firm Comparitech cited a rise in remote work scams—which become a lot easier when you can't meet someone in person. Scammers use a variety of tactics to trick businesses into agreements by:  

  • Creating fake profiles and portfolios.  
  • Using accomplices to provide references.  

Usually, there is some form of upfront payment in these engagements, and those payments can disappear.   

A Managed Service Approach 

An alternative to hiring a virtual assistant as a freelancer or through a contract agency is to work with a managed virtual assistant service. A good managed virtual service recruits, trains, hires, and manages your assistants on secure systems, with their hardened networks and computers. Managed service providers provide enterprise-level security as well as:  

  • Perform background checks.  
  • Encrypt access to your networks.  
  • Encrypt passwords and can revoke them if a risk is suspected.  
  • Comply with relevant industry and regional regulations (HIPPA, GDPR). 

If you think your business is too small to serve as an active target for cyber crooks, think again. A 2020 survey found that 55 percent of SMBs have experienced an attack. The increasing use of remote freelancers and independent contractors represent a growing risk, and the practice is common in the virtual assistant industry.

A managed virtual assistant service provider can significantly reduce that risk. To learn more about what it is like to hire virtual assistants through a managed service provider, check out this guide.  

7 Skills of Highly Effective SMB Leaders