What you need to know about virtual assistant security

Executives who want to hire a remote virtual assistant need to know a few important things about information security.

Take, for example, this warning.

“The assistant general manager for statistics is more likely to be attacked than the CEO,” said Ryan Calember, vice president of cybersecurity at email security firm Proofpoint. “Anyone who can transfer money is a likely target.”

Does your assistant have access to your credit cards and bank accounts, or do you plan to provide it?

Target home offices and devices

Cybercrime has skyrocketed since people started working from home in 2020, home offices don’t have enterprise-grade network security. In most services for the provision of personal assistants and business assistants, specialists work on home personal computers, as a result, the service organizing the provision of services does not receive control over attacks, and does not control the protection of personal computers of its specialists.

“For small businesses, 2020 has been an especially brutal year,” said IT security consultant and author Joel Snyder. “Just like work-from-home (WFH) mechanisms and moving to the cloud have become a top priority. In 2021, we can expect cybercriminals to adjust their tactics to take advantage of these changes.

And indeed, they did just that. A survey conducted by Forrester Research and Tenable at the end of 2021 found that 80% of business leaders said their organizations are at greater risk today due to remote work.

It is important to remember what remote specialists have access to:

  • More than 50% of remote professionals access confidential customer data using personal devices;
  • About 71% of managers do not have access to the personal computers of their remote specialists.

“Attackers are well aware of this gap, as evidenced by the fact that 67% of cyberattacks affecting businesses were aimed at remote professionals,” the study says.

Small business is a growing target. In 2019, 43% of attacks targeted small businesses. By 2022, this number has risen to 66%. Only 45% of SMBs consider themselves prepared for a malicious hack.

Unmanaged risk and relentless cyberattacks

“Remote and hybrid work strategies are here to stay, and so are the risks associated with them, unless organizations understand what their new attack surface looks like,” said Amit Yoran, CEO of Tenable. “This research reveals two paths forward – one riddled with unmanaged risks and relentless cyberattacks, and one that safely boosts business productivity and operations.”

The combination of the rise in home-based attacks and the fact that executive virtual assistants can access sensitive data and accounts makes the risk of an attack on a virtual assistant very real.

How to Prevent Cyber Attacks on Virtual Assistants

The risk of an attack on a virtual assistant is more significant if they are freelancers or independent contractors who do not have a prepared IT infrastructure. Here are some tips to keep in mind when hiring a virtual assistant who will have keys to your data:

  • Conduct a background check – if the assistant or firm does not agree to a background check, look elsewhere for the performer;
  • Confidentiality and Non-Disclosure Agreements (NCAs) – data breaches are not the only risk for remote professionals. They may share sensitive sales, product, and customer information;
  • Premises – Some services hire and manage their virtual assistants in secure rooms physically protected by biometric access controls, security guards and cameras, and encrypted virtual network connections;
  • Devices – specialists should not access your systems from unauthorized devices, make sure that personal computers support up-to-date protection against malware;
  • Password Encryption – Credentials must be passed through a password encryption platform.

Ransomware on the rise

Ransomware was the top cyberattack of 2020, accounting for 68% of attacks. The principle of such an attack is to capture the network and encrypt the servers, then the attackers demand a ransom from the companies, mostly they demand a ransom in Bitcoin. In 2021, the number of ransomware attacks increased by 151%. The cost of ransoming encrypted data ranges from $25,000 for the smallest companies to $9 million for large enterprises.

Ransomware protection becomes even more relevant when it comes to systems that a virtual assistant would normally have access to. The risk concerns not only your financial information, but also customer data. The following are the systems most vulnerable to hacking:

  • Mail servers (94% of attacks occur via email);
  • Accounting programs and payment systems;
  • CRM with sensitive customer and sales data;
  • Calendars and travel with information about your location.

You should also be concerned about device security, especially if your remote or freelance workers use portable devices such as phones, tablets, and laptops.

  • 40% of data breaches are due to lost or stolen devices;
  • Of the 70 million devices stolen each year, only 7% are recovered.

Attackers use stolen devices to access your network. Do you have a technique and an opportunity to prevent blocking of lost devices in advance?

Security of personal assistants and business assistants

Worried about the security of your current or future Remote Assistance? Instead of a freelancer or independent contractor, consider a managed virtual assistant service. Managed Remote Assistance Service Provider hires, trains, and provides secure IT infrastructure.

An additional level of security is provided by the presence of a specialist responsible for daily backup of data. A backup copy prevents information loss in the event of a hack or equipment failure.

Managed Remote Assistance Service Providers have the strongest data security infrastructure, physical, electronic and human security to provide a comprehensive set of security measures for their customers. It is the responsibility of the service provider to maintain bulletproof security through processes developed in conjunction with industry experts that are constantly updated.