What security questions should I ask my virtual assistant?

Have you thought about what kind of questions you need to ask your virtual assistant (VA) to ensure that your information stays secure? 

Think of it like this: A virtual assistant is an external team member, essentially a type of contractor, that is being given access to important information within your business. Things like email logins, Xero access, payroll information, and maybe even contracts and confidential documents.  

How do you ensure that this information stays safe from cyber-attacks, viruses, ransomware, or data leaks? 

Start by asking these key questions:

How do you manage logins and passwords?

What you don’t want to hear is that your virtual assistant writes down all of the passwords for their clients in a notebook, Word document, or anywhere else where it is not secured.  

What you do want to hear is that your virtual assistant uses a password vault type tool to keep your information safe.  

An example of a top quality password vault and what it can do is LastPass. Using Lastpass keeps login information secure and encrypted. All logins and passwords are centrally controlled by the administrator of the Lastpass account.  

If you’re working with a VA agency, and expect multiple people to be logging into your accounts, this is even more important. With LastPass, login details can be shared with specific team members who need access to your accounts, without them ever actually seeing what the password is.  

Whether it’s a tool like LastPass or something similar such as OnePassword, you need to make sure that this is something your VA has thought about, prioritises and has robust processes for.  

How do you manage the security of your devices?

What you don’t want to hear is that your virtual assistant relies just on the password to their laptop or computer to protect your information.  

What you do want to hear is that your virtual assistant has multiple levels of protection in place, and a backup plan if something goes wrong.  

What happens if your VA’s laptop is lost or stolen? Do they have a system like Meraki in place, allowing the laptop to be wiped of all its data remotely?  

Also, what anti-virus protection does your VA use, and what does it protect them against? Are they fully covered and protected from not just viruses, but also malware and any other risks that they may encounter on their systems? 

How do you manage the security of the data on the apps you’re using?

What you don’t want to hear is that your VA relies only on their password vault to gain access to your tools, apps and accounts 

What you do want to hear is that they also expect two-factor authentication to be set up on all of these accounts.  

It’s one thing to have a password vault to log in to the tools, apps and websites that your VA will need, but two-factor authentication is becoming the standard for protecting online accounts, and should be used on every account your VA is logging into remotely.  

What this means is that every time your VA logs into an account (using the login details saved in their password vault), they will be prompted to also enter an authentication code that has been sent to an email, phone number or authentication app.   

This second layer of protection is vital to ensure that your data stays safe. 

How do you manage confidentiality within your team?

What you don’t want to hear is that you should just trust your VA with your confidential information. 

What you do want to hear is that your VA or VA agency has a robust confidentiality policy that covers their whole team, and that they are willing to sign a non-disclosure agreement if required.  

Whether you’re working with a VA agency, where multiple people could be working on your tasks, or a freelancer, you need to ensure that they have a confidentiality procedure that you feel comfortable with.  

Is confidentiality covered in their employment agreements, or the terms of engagement that they provide to you? Would they be willing to sign a non-disclosure agreement provided by you? 

Do the other members of their team also have these same confidentiality clauses in their agreements? What is the agency’s protocol around keeping information confidential within the team?  

These questions might seem a little more on the extreme side, but when you have an external team member like a virtual assistant accessing your confidential information remotely, these are the minimum things you should be checking before signing a contract with them. 

What kind of cyber insurance do you hold?

What you don’t want to hear is that your VA does not hold any form of cyber insurance.  

What you do want to hear is that your VA has a comprehensive cyber insurance policy to deal with data breaches and attacks.  

Why is cyber insurance important? If your data was ever held ransom, cyber insurance ensures that your VA can pay the ransom and get that data unlocked again.  

Even if your VA has a great system for anti-virus software, the ability to wipe their laptop remotely, and your information stores securely in a password vault, cyber insurance should still be there as a backup.  

At the end of the day any relationship you do have with a virtual assistant, would ideally be one that you're in for the long haul. Security and confidentiality are paramount to building that long lasting, trusting relationship. 

Want to talk to us about hiring a virtual assistant that can handle your security requirements? We’re here to help. Book a no-obligation discovery call with us here.


This product has been added to your cart