Outsource Executive Support, Not Security with Virtual Assistants

Security breaches are expensive. Remote breaches are more expensive.

The average data breach costs a company $9.5 million, and remote security breaches cost $1.07 million more. Remote breaches are more costly due to the time it takes to locate the remote device, and executive assistants are particularly attractive targets because they often have access to sensitive information.

Executives' assistants are prime targets.

"A CEO's executive assistant is statistically more likely to be a very attacked person than the CEO," said Ryan Kalember, cybersecurity VP at email security vendor Proofpoint. Hackers target executive assistants because they typically have access to valuable information and accounts.

"Freelancers are beloved targets for cybercriminals, who use phishing and malware to steal credentials and money," says Alex Perekalin of Kaspersky. He cites a scheme in which cybercriminals used job ads on Twitter and job boards to plant malware on the devices of those who clicked on the ads. That malware can spread to client networks.  

It is a growing trend to outsource executive administrative support. The virtual executive assistant market is growing 40 percent per year. The growth comes as operations and HR leaders observe executives spending more than half their time on administrative tasks, which can drag down productivity and job satisfaction. They can offload that work to a lower-paid, part-time person overseas.

But security is, or should be, one of your most significant concerns.

Risks with Freelance and Contract Remote Executive Assistants

There are multiple models for hiring remote or virtual executive assistants, with offshore freelancers and independent contractors hired through agencies being the most common methods.

But freelancers and independent contractors typically work on home computers and networks. Is it safe to give a freelancer executive assistant access to your company's files, tools, and platforms? What about financial data, sales numbers, customer lists, and credit card information?

Security Requirements for Remote Executive Assistants

There are three levels of security to evaluate when hiring remote executive assistants.

• Information security.
• Physical security.
• Human security.

IT Security for Remote Executive Assistants

Information is the lifeblood of businesses in the digital economy. Giving a virtual assistant access to your company's IT is inherently risky.

Questions to ask about a virtual assistant's IT security include:

• Network security: Is the VA's home network secure? Does the VA connect through public Wi-Fi at coffee shops? You should prohibit access via unsecured Wi-Fi networks.
• Device security: Does the virtual assistant's computer have up-to-date virus and malware protection? If not, you should purchase a virus protection package. Do you allow remote assistants to access your network through a personal phone? You should not.
• Password Management: Do you share virtual assistant passwords with your network and platforms? You should only provide encrypted passwords through a password management platform so that they are not visible, and you can revoke access at any time.
• Fraud protection: Train your assistant to detect phishing, malware, and ransomware attacks.

Physical Security for Remote Executive Assistants

Physical security is about where virtual assistants and their devices are located. Typically, offshore virtual assistants who work as freelancers or independent contractors use their personal computers and work from home offices or public Wi-Fi networks, unlike employees who work in secure buildings on secure networks.

• Stolen devices: Someone can steal a laptop when a virtual assistant works from home or in public spaces. A laptop is stolen every 53 seconds, 86 percent of IT professionals say someone in their organization has had a laptop lost or stolen, and 56 percent of these resulted in a data breach. A professional virtual assistant should be able to remotely disable a lost or stolen computer.
• Public Wi-Fi: Free Wi-Fi, the kind available at coffee shops, hotels, libraries, and airports, can make it easy for hackers to access connected devices. "The biggest threat to free wi-fi security is the ability for the hacker to position himself between you and the connection point," IT security firm Kaspersky said. "So instead of talking directly with the hotspot, you're sending your information to the hacker, who then relays it on." Virtual assistants should only access your data and network through a VPN or other encrypted connection.

Human Security for Remote Executive Assistants

Can you trust a virtual assistant to protect your data and sensitive information, and ensure they are using security best practices? How do you ensure they do not accidentally or intentionally share information they access? Hiring someone you have never met in a different part of the world? Protecting your data from human crime is just as important as protecting it from cybercrime. Think about the data a virtual assistant might have access to:

• Credit cards.
• Bank accounts.
• Sales numbers.
• Proprietary content you sell.
• Pending deals.
• Product roadmaps.
• Revenue projections.

A Safer Alternative: Managed Virtual Assistant Services 

Managed virtual assistant services lower the risk of hiring remote executive assistants. Instead of hiring individual assistants one by one, you work with a company based in the United States that handles hiring, training, and supervision. With a managed virtual assistant service, virtual assistants:

• Work in secure facilities with employee-only access and video surveillance.
• On-site managers supervise them.
• Utilize time trackers to track work hours accurately.
• Use secure networks and company computers with up-to-date malware protection.
• Go through background checks.
• Access networks with encrypted passwords that can be revoked at any time.
• Sign confidentiality agreements and NDAs.

Since virtual assistants are employees of the service provider, any security breach is the responsibility of the service provider. The provider also signs confidentiality agreements and NDAs.

US-based and on-site managers and backup assistants provide an added layer of security. On-site managers monitor employee behavior, and US-based managers encrypt and protect passwords and track access to accounts.

The Most Secure Solution

Managed virtual assistant services are not the cheapest way to engage a remote executive assistant, but they are the most secure model. Managed service providers have the most robust enterprise-level data security infrastructure, physical, and human security to provide a comprehensive set of safeguards for client data.

The service provider is responsible for any misconduct or breach, and client security remains a top priority. In case of a threat, you have an onshore partner to respond and resolve issues.

Read More: What to Know About Virtual Assistant Security Risks