What You Need to Know About Virtual Assistant Security

By Bill Peatman | Updated: 03 Mar, 2022

Executives looking to hire a remote virtual assistant need to ask some challenging questions about security.

Take this warning, for example.

"A CEO's executive assistant is statistically more likely to be a very attacked person than the CEO," said Ryan Kalember, cybersecurity VP at email security vendor Proofpoint. "Anyone who can move money is a likely target."

Does your assistant have—or do you plan to provide--access to your credit cards and bank accounts? Payroll?

Home Offices and Devices Targeted 

Cybercrimes have surged since 2020's work from home exodus, and home offices do not have enterprise-grade network security. With many virtual assistant service providers, the virtual assistants work from home offices on their personal computers, giving leaders even less control over attacks.

"For small businesses, 2020 was especially brutal," said IT security consultant and author Joel Snyder. "Just as work-from-home (WFH) arrangements and transitions to the cloud became the top priority. In 2021, we can expect cybercriminals to adjust their tactics to take advantage of these changes in the profile of their small business targets."

And indeed, they did just that. A late 2021 survey by Forrester Research and Tenable found that 80 percent of business leaders said their organizations have more risk exposure today because of remote work.

It is essential to keep in mind what remote workers have access to:

  • More than 50 percent of remote workers access customer data using personal devices.
  • And 71 percent of IT security leaders lack visibility into remote employee home networks.

"This gap is well understood by bad actors, as reflected in the fact that 67 percent of business-impacting cyberattacks targeted remote employees," the study found.

Small businesses are a growing target. In 2019, 43 percent of attacks targeted small businesses. That number has soared to 66 percent for 2022. Just 45 percent of SMBs consider themselves prepared for a malicious breach.

Unmanaged Risk and Unrelenting Cyberattacks 

"Remote and hybrid work strategies are here to stay and so will the risks they introduce unless organizations get a handle on what their new attack surface looks like," said Amit Yoran, CEO, Tenable. "This study reveals two paths forward — one riddled with unmanaged risk and unrelenting cyberattacks and another that securely accelerates business productivity and operations."

The combination of a rise in work from home attacks and the fact that virtual executive assistants may have access to sensitive data and accounts make the risk of targeting a virtual assistant very real.

How to Prevent Cyberattacks on Virtual Assistants

The risk of an attack on a virtual assistant is more significant if they are freelancers with no IT support or independent contractors placed through an agency without IT support. Here are some best practices you should look for when hiring a virtual assistant that will have the keys to your IT kingdom:

  • Perform background checks--if an assistant or firm does not agree to a background check, look elsewhere.
  • Confidentiality and Non-Disclosure Agreements (NCAs)—data breaches are not the only risk with offsite workers. They could share sensitive sales, products, and customer information.
  • Facilities—some virtual assistant firms (including Prialto) hire their virtual assistants and manage them in secure facilities protected physically with biometric access control, security guards and cameras, and encrypted virtual private network connections.
  • Devices—employees should not access your systems with personal devices unless authorized, and if a firm offers corporate computers, make sure they maintain up-to-date malware protection. (which is what DNS filtering is mostly used for).
  • Password encryption—you should never give your virtual assistant credentials to corporate accounts. You should provide access through a password encryption platform like LastPass.

Ransomware on the Rise

Ransomware—where hackers disable or comprise your servers and networks and demand cash to leave you alone—was a top cyber-attack in 2020 and 2021, making up 68 percent of attacks. In 2021, ransomware attacks increased by 151 percent. The cost of a ransomware attack ranges from $25,000 for the smallest of businesses to $9 million for larger enterprises.

Protection from ransomware becomes even more urgent when considering the systems a virtual assistant can typically access. The risk is not just to your financial information but also customer data. Common tools and systems virtual assistants access include:

  • Email servers (94 percent of attacks happen via email).
  • Bookkeeping software and payment systems.
  • CRMs with sensitive customer and sales data.
  • Calendars and travel with information about your whereabouts.

You also must worry about device security, especially if your remote or freelance workers are using portable devices like phones, tablets, and laptops.

  • 40 percent of data breaches are through lost or stolen devices.
  • Of the 70 million devices stolen each year, only 7 percent are found.

Bad actors use stolen devices to access your network. Can you disable or revoke access to contractors or freelancers?

Managed Virtual Assistant Service Security

Concerned about the security of a current or future virtual assistant? Consider a managed virtual assistant service instead of a freelancer or independent contractor. A managed virtual assistant service provider hires, trains, and supervises virtual assistants in secure buildings and company-issued computers. As the employer of the assistants, the service provider is responsible for security, providing:

  • Physical security
    • Secure office buildings
    • Security key cards
    • Security guards and alarms
    • Video monitoring
  • Electronic security
    • Secure servers
    • Encrypted passwords
    • Secure devices
    • IP protection
    • Desktop monitoring
    • Remote device control to disable lost or stolen devices
  • Human security
    • Background checks
    • Confidentiality and NDA agreements
    • Documented security policies

An added level of security comes in the form of managers and backup assistants. Managed virtual assistant services train backup assistants so that if your primary assistant is absent for any reason, a fully trained backup is available. 

Managed virtual assistant service providers have the most robust data security infrastructure, physical, electronic, and human security, to provide a comprehensive set of safeguards for client data. Because the virtual assistants are employees of the service provider, the onus is on the provider to support bullet-proof security with processes developed in conjunction with industry experts continuously updated.

Amplify Your Productivity

About the Author: Bill is Prialto's senior content marketing manager and writes about the future of work and how businesses can be more productive and successful. His work has appeared in the World Economic Forum Agenda blog and CIO magazine.