Security and confidentiality are paramount when allowing others to access your files & systems. You'll hear the important questions to ask surrounding security when hiring a virtual assistant.
Welcome to Savvy Sessions #28.
In this episode we're going to be covering off five security questions to ask when hiring a virtual assistant. Now, disclaimer here, we're not IT experts, but we have been doing this for quite some time in conjunction with IT people.
Some of the things we'll go over are what we do and can highly recommend that you do and ask when you're looking to hire a virtual assistant. It takes time to build up that trust. But there is definitely immediate trust that needs to happen when you first hire a virtual assistant because you open up your business to them and you're going to be handing over passwords and information that you want to make sure that they are going to keep and hold securely. So, it's really important that you hire a virtual assistant that has thought about this. They've thought about the security of their clients' data and they have put things in place to be able to keep that all secure.
One of the first questions to ask a virtual assistant is how do they manage passwords?
You've got to make sure that your virtual assistant is actually using a password vault, something that is completely encrypted and is one of the top password vault tools. We use LastPass here at Strictly Savvy, which is one of the top tools. Everything is completely encrypted and it's really secure and they take it extremely seriously. We have the paid version of LastPass and we centrally control that with our office manager. She centrally controls it and puts in all of the passwords, the credit card details, etc then shares them anonymously with our team members. Our team members don't actually see what the password is, but they can use the password to access all of the tools and websites and email accounts and things that they will need to access on your behalf.
Make sure that your virtual assistant has thought about this, that they use something. What you don't want is a virtual assistant who writes down all of the passwords for their clients in a notebook or in a word document on their desktop or something like that. That's just opening up for all sorts of risk there. So, make sure they have a vault.
And then another question to ask is how they manage the security of their devices. Obviously if they're logging in on your behalf, on their phone, laptop, desktop, anything, there could be a number of devices, so how do they actually manage that. It's a really good question to ask. And this also goes for when they have a team too, it might be that they're not necessarily going to do the work, whoever the owner is, so they need to have thought about how they are making the data that other team members have access to on devices secure, because they are logging into your emails, all sorts of things. They may be doing that on multiple devices.
Here at Strictly Savvy, we have worked with our IT provider and implemented the Meraki system back six or seven years ago. What that means is that there's a whole bunch of features in there, but one of the key features is that if any of the laptops are either lost or stolen or in any way jeopardised or compromised for any of our team members, no matter where they are, we can centrally wipe that laptop and remove that risk completely by having no data at all on that device.
That's how we manage it here. Make sure that your virtual assistant has thought about not just having a password to get into their laptop, but what is the secondary or more advanced option that they might have thought about. A really good question to ask.
The next one is how do they manage the protection of any of the data on the apps that you're using. It's one thing to have LastPass and login to the websites that they need, but then there's also a second stage where they need to think about having two-factor authentication on the apps that they're logging into for you. So, two-factor authentication may be on emails, on Office 365. We have it on our LastPass account, so not only do we have the paid version of LastPass but we also have two-factor authentication. So, we need to be getting the code from our phone on the authentication app and then putting that into LastPass, so there's just that second layer, which now most apps have that option now to put that in there. Xero has it, LastPass, Google accounts, all of those things all have two-factor authentication options and they should be thinking about using those.
Another really good question to ask is how they manage client confidentiality within their team, because of course it may not just be one person accessing your information, there could be a whole range of team members, so how do they manage that within the team?
They need to have thought about non-disclosure agreements and being OK with doing one of those agreements, or a confidentiality agreement, with you and both of you signing. They need to make sure that they have confidentiality covered in employment agreements and also, contractor agreements. So, ask them about their other team members, and are they contractors or employees, and what have they got in place in terms of agreements with those team members? So, making sure that that's really robust, making sure that when you read the terms of engagement they also have confidentiality clauses in there and you ask them how they keep that information confidential.
Here at Strictly Savvy, we have a mixture of employees and contractors and we have extremely robust clauses in our employment agreements. We know that that's still people and it's all very well to have an agreement, but that's the first step. If any clients ask us to sign a non-disclosure or a confidentiality agreement, then we do that as well.
Confidentiality is something that we talk about at Strictly Savvy often, and we make sure that along with all of the other things, like the passwords, the vault, the two-factor authentication, the Meraki system, the Meraki system also knows where each of the laptops that our team members have is located, and we can see at a glance in a dashboard whether the antivirus is actually live and updated on their computers as well. So, all of those things combined help us keep that information secure and then the human aspect to keeping things confidential.
We talk a lot with our team members about keeping information confidential because we know lots of things about our clients and our clients are really important to us. I think we talk about it a lot and we don't talk about details about clients other than like they might be having an issue, team members might be having an issue or trying to figure out how to do something or the best way to do something or streamlining things. We're really firm on not talking about the personal details of clients within the team, that's really private with the virtual assistant and the client. That's how we manage it, that's what we discuss and talk about within our team.
Ask your virtual assistant about virus protection, how they manage it to protect against viruses and any malware on their systems that they're using on their devices.
We have cyber insurance as one of the other things that we do. If we were ever held ransom we have insurance that pays the ransom so that we can get that data unlocked again. But in terms of viruses and malware, we used to be able to just have an antivirus software, pay for that and have that implemented. And then recently our IT provider came to us and said, actually, there's now this second layer, or an upgrade, that we can do in terms of protecting against malware, ransomware and viruses. It makes sense to now protect ourselves as much as possible against anything that could happen. We have not just the standard Endpoint anti-virus protection but we also have the upgraded version as well that protects against the malware and ransomware. Even if something did happen, then we have the insurance that covers that as well.
That's probably another thing to ask too, is to actually just check in and see what insurances they have.
And we have professional indemnity and that cyber insurance. Those things are covered with them.
At the end of the day any relationship you do have with a virtual assistant, ideally, you're in it for the long haul. We know that we are. So, for us, security and confidentiality are paramount to how we operate with all of our clients and building that long lasting, trusting relationship.
Thank you so much for watching. That was Savvy Sessions #28.
See you next time!
Want to start delegating to a virtual assistant? Book a call with Jaymie to chat.
Want more information?
Download the Strictly Savvy Pricing
Download the '101 Tasks To Delegate To A Virtual Assistant' guide