Five Security Questions To Ask When Hiring A Virtual Assistant

Security and confidentiality are paramount when allowing others to access your files & systems. You'll hear the important questions to ask surrounding security when hiring a virtual assistant.

Want more information?
Download the Strictly Savvy Pricing Guide 
Download the '101 Tasks To Delegate To A Virtual Assistant' guide

Want to hear more from us?
Connect on LinkedIn ► Joy Hewitt 
Connect on LinkedIn ► Jo Jensen
Follow us on Facebook


- Welcome to Savvy Sessions number 28 with Joy and Jo.

- Now in this episode, we're going to be covering off five security questions to ask when hiring a VA. Now, disclaimer here, we're not I.T. experts, but we have been doing this for quite some time in conjunction with I.T. people.

- So, some of the things we'll go over are what we do and can highly recommend that you do and ask when you're looking to hire a VA. It takes time to build up that trust. But there is definitely immediate trust that needs to happen when you first hire a VA because you open up your business to them and you're going to be handing over passwords and information that you want to make sure that they are going to keep and hold securely. So, it's really important that you hire a virtual assistant that has thought about this. They've thought about the security of their client’s data and they have put things in place to be able to keep that all secure.

- So, on that note, one of the first questions to ask a VA is how do they manage passwords?

- Yeah, so you've got to make sure that your VA is actually using a password vault, something that is completely encrypted and one of the top password vault tools. Now, we use LastPass here at Strictly Savvy, which is one of the top tools. Everything is completely encrypted and it's really secure and they take it extremely seriously. We have the the paid version of LastPass and we centrally control that with our office manager. She centrally controls it and puts in all of the passwords, the credit card details, etcetera. then shares them anonymously with our team members. So, our team members don't actually see what the password is, but they can use the password to access all of the tools and websites and email accounts and things that they will need to access on your behalf.

- So, make sure that your virtual assistant has thought about this, they use something. What you don't want is a VA who writes down all of the passwords for their clients in a notebook or in a word document on their desktop or something like that. That's just opening up for all sorts of risk there. So, make sure they have a vault. 

- And then another question to ask is how they manage the security of their devices. Now that can be...obviously if they're logging in on your behalf, on their phone, laptop, desktop, anything, there could be a number of devices, so how do they actually manage that. It's a really good question to ask. And this also goes for when they have a team too, so, it might be that they're not necessarily going to do the work, whoever the owner is, so, they need to have thought about how they are making the data that other team members or just they have access to on devices because they are logging into your emails, all sorts of things. They may be doing that on multiple devices, as Joy said.

- So here at Strictly Savvy, we have worked with our IT provider and implemented the Meraki system back six or seven years ago. We've had a Meraki system this entire time. And what that means is that there's a whole bunch of features in there, but one of the key features is that if any of the laptops are either lost or stolen or in any way jeopardised or compromised for any of our team members, no matter where they are, we can centrally wipe that laptop and remove that risk completely by having no data at all on that device.

- So, yeah, that's how we manage it here. Make sure that your VA has thought about not just having a password to get into their laptop, but what is the secondary or more advanced option that they might have thought about. So yeah, a really good question to ask.

- The next one is how do they manage the protection of any of the data on the apps that you're using. Yeah, so it's one thing to have LastPass and login to the websites that they need, but then there's also a second stage where they need to think about having two-factor authentication on the apps that they're logging into for you. So, two-factor authentication may be on emails, on Office 365. We have it on our LastPass account, so not only do we have the paid version of LastPass but we also have two-factor authentication. So, we need to be getting the code from our phone on the authentication app and then putting that into LastPass, so, there's just that second layer, which now most apps have that option now to put that in there. Xero has it...LastPass...Google accounts... all of those things all have two-factor authentication options and they should be thinking about using those. 

- Another really good question to ask is how they manage client confidentiality within their team, because of course it may not just be one person accessing your information, there could be a whole range of team members, so how do they manage that within the team? They need to have thought about, non-disclosure agreements and being OK with doing one of those agreements or a confidentiality agreement with you and both of you signing. They need to make sure that they have confidentiality covered in employment agreements and also, contractor agreements. So, ask them about are their other team members, and are they contractors or employees, and what have they got in place in terms of agreements with those team members? So, making sure that that's really robust, making sure that when you read the terms of engagement, that they also have confidentiality clauses in there and you really ask them how they keep that information confidential.

- Here at Strictly Savvy, we have a mixture of employees and contractors and we have extremely robust clauses in that. Now, I know that that's still people and it's all very well to have an agreement, but that's the first step. And then if any clients ask us to sign a non-disclosure or a confidentiality agreement, then we do that as well. Confidentiality is something that we talk about at Strictly Savvy often, and we make sure that with all of the other things, like the passwords, the vault, the two-factor authentication, the Meraki system, the Meraki system also knows where each of the laptops is located that our team members have, and we can see at a glance in a dashboard to see whether the antivirus is all actually live and updated on their computers as well. So, all of those things combined help us keep that information secure and then the human aspect to keeping things confidential...

- We talk a lot with our team members about keeping information confidential because we know lots of things about our clients and our clients are really important to us. I think we talk about it a lot and we don't talk about details about clients other than like they might be having an issue, team members might be having an issue or trying to figure out how to do something or the best way to do something or streamlining things. So, yeah, I'm really firm on not talking about the personal details of clients within the team, that's really private with the virtual assistant and the client. So, that's how that's how we manage it, that's what we discuss and talk about within our team.

- One thing you covered off there Jo, was virus protection, you commented on that.

- So that would be the last thing I was going to say actually, is ask your VA how they manage to protect against viruses and any malware on their systems that they're using on their devices.

- Yeah, because I think we see a lot of......so, we have cyber insurance as one of the other things that we do. If we were ever held ransom or I don't know how you say that, but held to ransom, I think it is for data that we have on our devices, then we have insurance that pays the ransom so that we can get that data unlocked again. So, we have that there. But in terms of viruses and malware, we used to be able to just have an antivirus software on there, pay for that and have that implemented. And then recently IT provider came to us and said, actually, there's now this second layer of, or an upgrade that we can do in terms of protecting against malware, ransomware and viruses. And it's now just, you know, it makes sense to now protect ourselves as much as possible against anything that could happen. So, we have not just the standard I think it's called Endpoint anti-virus protection that we have, not just the standard version, but we also have the upgraded version as well that protects against the malware and ransomware. So, yeah, and even if something did happen, then we have the insurance that covers that as well.

- That's probably another thing to ask too, is to actually just check in and see what insurances they have.

- Good point. And we have professional indemnity and that cyber insurance. So, yeah, that is, those things are covered with them. 

- Yeah, at the end of the day any relationship you do have with a VA, ideally, you're in it for the long haul. I know that we are. So, for us, security and confidentiality are paramount to how we operate with all of our clients and building that long lasting, trusting relationship.

- Alright, so that is Savvy Sessions number 28 with Joy and Jo.

- And we'll see you next time.

End of Transcription.


This product has been added to your cart