Security breaches are expensive. Remote breaches are more expensive.
The average data breach costs a company $9.5 million, and remote security breaches cost $1.07 million more. Executives’ assistants are prime targets. Remote breaches cost more because of the time it takes to locate the remote device, and executive assistants are attractive targets because they often have access to sensitive information.
“A CEO’s executive assistant is statistically more likely to be a very attacked person than the CEO,” said Ryan Kalember, cybersecurity VP at email security vendor Proofpoint. Hackers target executive assistants because the assistant usually has access to valuable information and accounts.
It is a growing trend to outsource executive administrative support. The virtual executive assistant market is growing 40 percent per year. The growth comes as operations and HR leaders see executives spending more than half their time on administrative tasks, dragging productivity and job satisfaction. They can offload that work to a lower-paid, part-time person overseas.
But security is, or should be, one of your most significant concerns.
Risks with Freelance and Contract Remote Executive Assistants
There are multiple models for hiring remote or virtual executive assistants, with offshore freelancers and independent contractors hired through agencies being the most common methods.
But freelancers and independent contractors typically work on home computers and networks. Is it safe to give a freelancer executive assistant access to your company’s files, tools, and platforms? What about financial data, sales numbers, customer lists, and credit card information?
Security Requirements for Remote Executive Assistants
There are three levels of security to consider when hiring remote executive assistants:
- Information security.
- Physical security.
- Human security.
IT Security for Remote Executive Assistants
Information is the lifeblood of businesses in the digital economy. Giving a virtual assistant access to your company’s IT is inherently risky. Questions to ask about a virtual assistant’s IT security include:
- Network security: Is the VAs home network secure? Does the VA connect through public wi-fi at coffee shops? You should prohibit access through unsecured wi-fi networks.
- Device security: Does the virtual assistant’s computer have up-to-date virus and malware protection? If not, you should purchase a virus protection package. Do you allow remote assistants to access your network through a personal phone? You should not.
- Password management: Do you give virtual assistant passwords to your network and platforms? You should only provide encrypted passwords through a password management platform so that they do not see passwords, and you can revoke access at any time.
- Fraud protection: You should train your assistant to detect phishing, malware, and ransomware attacks.
Physical Security for Remote Executive Assistants
Physical security has to do with the location of virtual assistants and their devices. Most offshore virtual assistants working as freelancers or independent contractors use personal computers and work from home offices or use public wi-fi networks, as opposed to employees working in secure buildings on secure networks.
- Stolen devices: Someone can steal a laptop when a virtual assistant works from home or in public spaces. A laptop is stolen every 53 seconds, 86 percent of IT professionals say someone in their organization has had a laptop lost or stolen, and 56 percent resulted in a data breach. A professional virtual assistant should be able to disable a lost or stolen computer remotely.
- Public wi-fi: Free wi-fi, the kind that is available at coffee shops, hotels, libraries, and airports, can make it easy for hackers to access connected devices. “The biggest threat to free wi-fi security is the ability for the hacker to position himself between you and the connection point,” IT security firm Kaspersky said. “So instead of talking directly with the hotspot, you’re sending your information to the hacker, who then relays it on.” Virtual assistants should only access your data and network through a VPN or other encrypted connection.
Human Security for Remote Executive Assistants
Can you trust a virtual assistant to protect your data and sensitive information and that they are using security best practices? How do you ensure they do not accidentally or intentionally share information they access? Hiring someone you never met in a different part of the world? Protecting your data from human crime is just as important as protecting it from cybercrime. Think about the data a virtual assistant might have access to:
- Credit cards.
- Bank accounts.
- Sales numbers.
- Proprietary content you sell.
- Pending deals.
- Product roadmaps.
- Revenue projections.
A Safer Alternative: Managed Virtual Assistant Services
Managed virtual assistant services reduce the risk of hiring remote executive assistants. With a managed service, you don’t hire individual assistants one at a time. Instead, you hire a company based in the United States that hires, trains, and supervises assistants. With a managed virtual assistant service, virtual assistants:
- Work in secure facilities with employee-only access and video surveillance.
- Are supervised by onsite managers.
- Use time trackers to validate work hours.
- Use secure networks and company computers with up-to-date malware protection.
- Go through background checks.
- Access networks with encrypted passwords that are revokable at any time.
- Sign confidentiality agreements and NDAs.
Because the virtual assistants are employees of the service provider, any security breach is the service provider’s responsibility. The service provider signs confidentiality agreements and NDAs too.
An added layer of security comes in the form of US-based and onsite managers and backup assistants. Onsite managers monitor employee behavior, and US-based managers encrypt and protect passwords and track access to accounts.
The Most Secure Solution
Managed virtual assistant services are not the cheapest way to engage a remote executive assistant, but they are the most secure model. Managed service providers have the most robust data security infrastructure, physical, and human security, to provide a comprehensive set of safeguards for client data. The service provider is liable for any misconduct or breach, and client security is one of their top concerns. If a threat occurs, you have an onshore partner to respond and resolve issues.
About the Author: Bill is Prialto’s senior content marketing manager and writes about the future of work and how businesses can be more productive and successful. His work has appeared in the World Economic Forum Agenda blog and CIO magazine.