Virtual assistants and protecting yourself

Virtual assistants are experienced executive or personal assistants who you can engage to work remotely from you, to assist your business with  required one-off or ongoing administrative tasks. Communication can be made through applications such as Skype, Google Drive and Dropbox, and a certain amount of training or direction also needs to be provided. Most virtual assistants are engaged as contractors and therefore paid only for the hours they actually work (plus expenses) rather than a set income, meaning you can control costs and are not paying unnecessary wages, superannuation or income tax. Virtual assistants can even be hired as a business babysitter if you are a sole trader and would like someone to look after your business when you take a holiday.

There are many cost and time benefits to hiring a virtual assistant, however it is important to manage their engagement with you properly, and ensure that you protect your confidential business information. As you are allowing your virtual assistant to access your intellectual property and other proprietary information, data security needs to be a priority and handled appropriately.

If you need to let them go:

If you are firing your virtual assistant due to poor performance, first do an assessment of the quality of work they have done for your business, delivery time, and their communication with you. If giving further direction, motivation or clarification is not a solution, then speak to your virtual assistant and be specific about what went wrong and why you are ending the contract with them. Make sure you follow any relevant termination procedures required by the contract you have with them or the virtual assistant’s company (if applicable). If you are letting them go due to budget cuts, an unsuccessful project, or other reason out of the virtual assistant’s control, share this with them openly so that you may hire them again in the future with your relationship intact – you have probably put quite a bit of time and money into their training, and put effort to build a healthy business relationship with them.

Give your assistant reasonable notice that their engagement with you is going to end. You may wish to phase out the time they work for you over a few weeks, while you find someone to replace them. Once the contract  has officially ended, immediately change all account login details that your virtual assistant had access to and remove shared assets, to prevent any unauthorised access or damage.

How to ensure your information is not revealed to competitors:

There is a very real risk that your intellectual property or proprietary information  could be lost, stolen or leaked. This is a concern with both in-house employees and virtual assistants – however the risk may be greater when you are dealing with someone off-site who you do not know personally, where business information necessarily must be accessible online.

Your data protection policy:

It is important to set out your data security policy very clearly in a published document, and that you provide a copy to the virtual assistant at the outset of their engagement,  communicating to them  that it is a top priority in your business, and a condition of them working for you. If the virtual assistant is hired through a company, inform their company of your policy as well so there are no misunderstandings. Only engage with a company that has an excellent reputation, and do your own due diligence  on them and  their security measures to ensure they meet your standards before engaging  them. Sometimes virtual assistants work within company facilities, and security-wise this is preferable, as the technology is likely to be controlled and protected, and the virtual assistant will be physically supervised.

If the virtual assistant is working on a document or design for your business, clearly state that you will own the copyright in that material, and stamp or mark it as ‘confidential’ to reinforce obligations of confidentiality.

The virtual assistant company may offer their own standard confidentiality or non-disclosure agreements for you to sign, or should be happy to be bound by an agreement your business has had drafted. Make sure an agreement is signed by an authorised signatory of your business and ofthe virtual assistant company, along with the  virtual assistant themselves.

User identification and passwords:

User identification and passwords must be uniquely created and given to virtual assistants (and in-house employees) to allow access to all business applications, including cloud-based software, file-storage media, email accounts, social media accounts, websites and project management functions. This will allow your business to track each user’s activity online, and deter any data security contravention. Passwords must be kept securely by your business and the virtual assistant as a condition of them working for you.

Maintain business control:

You should set appropriate levels of access for each employee and virtual assistant, restricting access to what is necessary for thorough completion of their work. For example, you may wish to only grant editor privileges for website work, so that creative content can be worked on, but administrative functions cannot be modified. If there is just a specific task you would like completed by a virtual assistant, place relevant files in a shared folder and later remove. Ensure there is no access to sensitive financial accounts or credit information, unless it is necessary – and if it is you need to categorise what is accessible to whom. You should keep all data back-ups secure from external manipulation, virtual assistants should not have access unless there is a specific reason.

If, despite taking every precaution, there is a data breach or leak by a virtual assistant, inform any customers or clients who may be affected straight away to mitigate your exposure and enable them to take appropriate steps to protect themselves and prevent against further loss.

This is general advice only. Liability limited by a scheme approved under Professional Standards Legislation. 

Published Oct 23, 2017

Clifton Hill Jessica Kerr Sinclair + May jessica@sinclairmay.com.au

Jessica Kerr is the Director of Sinclair + May, a female-led, boutique commercial law firm based in Melbourne’s inner north.  Sinclair + May work with small businesses to ensure their legals are in order. Book a free 15-min chat here to talk with one of our solicitors.

Go back