Is Outsourcing Your Admin Safe?

To put it plainly, the world of work has changed dramatically within the last several years. Once upon a time, a person could expect to stay in the same job, work from 9 A.M. to 5 P.M. each day, and travel both to and from work five times a week. But these days, the alternative of sitting at a desk in your own home, a cafe, or a shared work space, is rapidly becoming the norm. In fact, according to a 2017 Gallup poll, 43% of American employees reported that they work remotely at least some of the time.

Granted, remote employment boasts a lot of benefits. It has been shown to improve productivity, as individuals isolated at home are less likely to be distracted by “work gossip” and office politics. A Staples survey interested in the attitudes of millennials currently working remotely discovered that 59% say they are more productive thanks to the increased flexibility. In a similar study by Vodafone, this figure increased to 83% of respondents, who also stated that remote working increased productivity.

But remote working, like anything else in life, also comes with challenges. One such challenge is in administration. As more and more businesses have been encouraging working remotely by their employees, and as smaller organizations begin to realize that they do not need permanent office space, the need for a Virtual Personal Assistant (VPA), and outsourcing certain aspects of a business, increases.


Why A Virtual Personal Assistant?

When an office becomes nebulous and a team becomes highly dispersed, organizing a business can become more difficult because people who work remotely do not have a central place where they can check in. That daily coordination of who is doing what, when, and why is much more difficult to manage. Remote working does allow organizations to work more fluidly, and alleviates cost and overhead, but that doesn’t mean that the administration of employees and business processes doesn’t still need to be handled by someone sitting at the center of it all to coordinate day-to-day operations.


Enter the Virtual Personal Assistant.

While disputes continue regarding who first developed the idea of the VPA, the first incarnation as a business was with the company Virtual Assistant, Inc. in 1995. Since then, the industry has taken off. These days, a VPA will often work from their own home as a freelancer, but a number of agencies dedicated to offering Virtual Personal Assistant services have also sprung up, and they cover everything from personal assistance duties to financial admin, and even customer support.


The Privacy and Security Implications of Using a Virtual PA?

Picture a law firm running remote offices all over the east coast of the U.S. – using several VPAs to take calls from potential customers, monitor incoming emails, and keep track of the comings and goings of the CEO, the firm is able to run smoothly on a day-to-day basis without keeping that help in-house. Meanwhile, the VPAs themselves remain part of another, separate agency that has hundreds of other VPAs on their books, all working with a multitude of other companies across many industries – perhaps even several simultaneously, at any given time.

This outsourcing of the administration of certain activities associated with data management understandably has many privacy implications. Due to an organization’s dependence on them for a great many services, VPAs may well be privy to personal or company proprietary information, including intellectual property, and as such, they have the potential to be a point of weakness in any security strategy. It is especially important to understand this weakness under certain regulatory frameworks, such as the HIPAA Privacy Rule, which requires that business associates need to follow stringent obligations around protecting the privacy of protected health information (PHI).

Despite these potential privacy sensitivities, the benefits of a VPA are many, and it is possible to have the best (and least vulnerable) of both worlds. To make the most of a VPA whilst ensuring that privacy and security of data are upheld, you should follow these basic guidelines.

Items to assess when hiring a VPA:

  • Isolation: If your VPA is part of a large agency, confirm that their work, including phone calls, etc., is confined to isolated or sound-proofed units so that your company information is not accidentally exposed.
  • Audit: Make sure you have made an audit of the types of data that is being accessed and shared by a VPA. This includes emails, access to databases (including customer relationship management)—even notes taken from phone calls. With this knowledge in hand, you can understand where best to place security measures.
  • Policy Knowledge: Make sure your VPA and their agency have an understanding of your own internal security and privacy policies. Check out if the agency itself has a privacy and security policy for added assurance.
  • Security Awareness: Find out if the VPA agency carries out security awareness training for their VPA staff. This can help to alleviate issues like passwords written down on Post-it notes or phishing emails that could allow access to databases. Additionally, include VPAs in your own in-house security awareness training.
  • Tracking Use: Keep records of the access of anything deemed to be sensitive, such as customer or employee data, and intellectual property.
  • Two-Factor Authentication: If the VPA requires access to databases or other resources requiring a login, use a second factor such as an SMS text code to help prevent non-authorized access.
  • Non-Disclosure: Enter into a non-disclosure agreement with the agency or individual to help prevent intellectual property theft.

    In this modern age, using a Virtual Private Assistant has become part of the newly established remote office, as they are capable and efficient in administrating a multitude of day-to-day operations for each company within their purview. Though the advantages to VPAs are many, they are not without at least one drawback, as they also represent a potential chink in the privacy and security walls of the places they serve. In order to avoid any breaches, VPAs should be held to the same expectations regarding security and privacy policies as any other staff member or business associate. While policing this can certainly be a challenge for firms, with stringent checks both during the hiring process and other precautions taken throughout the relationship with the VPA, your security and privacy should be part of a growing and flourishing relationship that is sweeping across businesses everywhere.


    Editor’s Note: This blog article was written by an outside contributor – a guest blogger – for the purpose of offering a wider variety of content for our readers. However, the opinions and recommendations expressed in this guest blog are solely those of the contributor, and do not necessarily reflect those of The Security Awareness Company, LLC. If you are interested in writing something for us, please do not hesitate to contact us:

    Avani Desai

    Partner and Executive Vice President at Schellman & Company
    Avani Desai is a Partner and Executive Vice President at Schellman & Company, the largest niche CPA firm in the world that focuses on technology and security assessments. She is also CEO and co-founder of MyCryptoAlert, a push notification and portfolio app for cryptocurrency. Avani started her career working at a Big 4 accounting firm for over 10 years, where she led a team and oversaw IT Risk Management and Privacy across national service-lines. In addition, Avani managed the development of internal and external privacy programs and related practices, leveraging her deep knowledge with healthcare and emerging technologies, such as blockchain, cloud computing, artificial intelligence, and virtualization.

    Latest posts by Avani Desai (see all)