If there is one thing which might put you off the idea of outsourcing some of your business activities to a virtual assistant, it’s a concern for the security of your data. After all, virtual assistants must have access to your intellectual property if they are to offer services of any real value.
But should such a concern really be a reason to avoid working with virtual assistants?
Data Security Should Be a Concern… Period
Data protection is a vital consideration in any business today and the risks of lost, stolen, or leaked data are very real. With that in mind, we thought we’d offer some tips and advice for securing your data, so you can feel confident when working with virtual assistants and hence, enjoy the cost and time benefits they can provide for your business.
Furthermore, if you follow these guidelines, your data will be more thoroughly protected, reducing the security risks presented by your in-house employees, as well as any virtual assistants who have access to your company’s digital resources.
First and Foremost: Develop Clear Security Policies
Most virtual assistants (and local employees) understand the general need to take care with their clients’/employers’ data. But if you take data security seriously, you should set out your expectations precisely and clearly.
You can do this by publishing documented security policies and directives, and making them applicable to all service providers and employees who might be allowed access to your data.
If you already have data security policies in place, make sure you provide the details to any virtual assistants that you hire. If you use a virtual assistant company, inform the management team of your policies too, and ask what security measures the VA provider employs to protect your company’s data.
Hire Virtual Assistants from a Reputable VA Provider
While there are many excellent freelance virtual assistants looking for clients, you can generally be a bit more confident about data security if you hire from a company that employs VAs and manages them within its own facilities.
For one thing, a good VA company will already have data security policies and practices in place to protect its clients’ businesses. For another, you have the knowledge that your virtual assistants will be under a degree of physical supervision.
A virtual assistant company may also offer standard confidentiality or non-disclosure agreements to protect your intellectual property, which will be signed by the VA management team and any virtual assistants that you hire. If you prefer to draft your own agreements though, most providers will be happy to be bound by them.
Understand the Real Value of Passwords
All virtual assistants (and in-house employees) who work for you should be issued with their own, unique user IDs and passwords to any of the following applications that you require them to use:
• Social media accounts
• Project management tools
• Email accounts
• File storage media
• Cloud-based software applications
However, the reason for making sure virtual assistants have unique passwords may not be as obvious as you think. Of course it reduces the risks involved with shared accounts.
More to the point (but perhaps less obviously), Unique user IDs give you the ability to track the activity of each VA and employee (provided you have control over the assignment of user IDs).
In reality, you probably won’t have time to keep a constant watch on who’s accessing your software, when they are doing so, or what they are doing; but if your users know you can do so, they will be unlikely to risk contravening your data security policies.
It may sometimes seem more straightforward to issue a generic user ID and allow multiple VAs or employees to use it, especially if yours is a small business. However, there are a number of reasons why this should really be a no-no.
• You’ll never know if that generic ID gets shared with someone who shouldn’t have it
• You have no visibility of who is accessing your systems, when, or what they are actually doing
• Shared IDs can create the impression that data security is generally lax, making those who work for you less conscientious about protecting sensitive information
Place Limitations on Data Access
Many of the applications you use in your business will be equipped with capabilities to limit access, for example, by way of user-privileges. Use these tools to set appropriate levels of access for your virtual assistants.
Another way to restrict your VA’s access to files is to use shareable folders. You can use applications such as DropBox to share spreadsheets, MS Word documents and other files that your virtual assistants will work on.
When you want your VA to complete a certain task, add the necessary files to a shareable folder, and remember to remove it once your VA has completed his work.
Access control is especially important if you have virtual assistants working on any of your business websites. For instance, you might grant editor privileges only. This will allow them to add and edit content to your website, such as blog posts, but will not let them access any other administrative website functions.
Categorise and Control
Many business owners baulk at the idea of allowing virtual assistants to access really sensitive data such as financial accounts and credit card information. However if the appropriate controls are put in place, there’s no reason not to involve virtual assistants in bookkeeping, customer order capture, or even the payment of bills to your suppliers and creditors.
It’s fair to say though, that if you will let VAs access accounts and financial information, you will have to be diligent about identifying the data most at risk of compromise. It’s a good idea to categorise the data generated by your business, placing highly sensitive data (like credit card details) in the highest security-category.
When you first hire a virtual assistant, don’t entrust them with anything but data in your lowest security category.
As time goes by and trust is developed between you and your VA, let them access data in the next category and so on, until you’re really sure about the VA and feel comfortable giving him/her access to your most sensitive data.
If The Unthinkable Should Happen…
No matter how carefully data security is managed, businesses sometimes fall victim to breaches, which occasionally result in private customer-data being leaked into the public domain—or even stolen. If this should ever happen to your company—whether through the actions of a virtual assistant or anyone else in your service—don’t try to sit on the problem or pretend it hasn’t happened.
You owe it to your customers or clients to let them know if their data has been compromised, so they can take steps to prevent or mitigate any harmful consequences before it’s too late.
Prevention is vastly preferable to cure though. If you ensure some elementary data-security precautions are in place (like those described in this post), you will be protected against most causes of accidental data leaks and the attention of opportunist hackers and cyber-criminals.