If there is one thing which might put you off the idea of outsourcing some of your business activities to a virtual assistant, it’s a concern for the security of your data. After all, virtual assistants must have access to certain proprietary data if they are to offer services of any real value.
Is this a good reason to avoid working with virtual assistants? We don’t think so and here’s why.
Data Security Should Be a Concern… Period. Data protection is a vital consideration in any business today and the risks of lost, stolen or leaked data are very real. And most of that data loss does not come from malicious internal activity.
With that in mind, here are tips and advice for securing your data so you can enjoy the time/cost benefit an assistant can provide, but more importantly, your data will be better protected in general.
Define Clear Security Policies and Stick to Them. Most employees – virtual or in-house – understand the need to be responsible when handling employers’ data but in today’s cyber-challenged world, employees and VA are just as in the dark as you may be. Note: there are more articles on this site that deal with cybersecurity issues and best practices.
Defining policies may seem simplistic, but most employees won’t know the rules if you don’t tell them. Let your employees, virtual assistants and contractors know your security policies.
Hire Virtual Assistants from a Reputable VA Provider. While there are many good freelance virtual assistants out there, reputable VA companies can provide you with more confidence about who you are bringing into your business. A reputable provider takes vetting seriously because their reputation is on the line, too. A good VA company will screen applications in a variety of ways, ask for NDAs, and require a Letter of Security Agreement, and also ask clients to provide their own country or state specific agreements, as they think necessary.
Understand the Real Value of Passwords and Unique IDs. All virtual assistants and in-house employees who work for you should be issued unique email addresses as well as unique user IDs and passwords to any of the following applications that you require them to use:
• Social media accounts
• Project management tools
• Email accounts
• File storage media
• Cloud-based software applications
Unique user IDs provide you the ability to track user activity. Although, if you are a small business or entrepreneur you don’t need to constantly monitor activity. You already put best security policies in place and had all your employees (virtual or not) sign a document that says they understand, right? Now that they know the policies and realize that they have unique IDs, they are unlikely to maliciously breach such data security policy.
Place Limitations on Data Access. Many of the applications you use in your business will be equipped with capabilities to limit access, for example, by way of user-privileges. Use these tools to set appropriate levels of access for your virtual assistants. Another way to restrict access to files is to use shareable folders. You can use applications such as DropBox, Microsoft’s SharePoint, or Google Drive.
Access control is especially important if you have virtual assistants working on any of your business websites. For instance, you might grant editor privileges only. This will allow them to add and edit content to your website, such as blog posts, but will not let them access any other administrative website functions.
Control Highly Sensitive Data. One of the biggest concerns is about allowing virtual assistants to access financial accounts and credit card information. However if the appropriate controls are put in place, there’s no reason not to involve virtual assistants in these areas as time goes by. Treat your VA as you would any other employee and build trust over time. At CVA we also suggest that if you require an assistant that will do a lot of bookkeeping and management of financial data, you have an assistant specifically for that purpose. Compartmentalizing certain function within a business is just good practice anyway. We suggest you have two VAs – one for financial matters and one for the rest.
Back it up. It should go without saying that all data needs to be backed up on a regular basis. One of the timeless best practices for data security that can effectively address any failure scenario is called the 3-2-1 backup rule.
- Have at least three copies of your data.
- Store the copies on two different media.
- Keep one backup copy offsite.