Security Checklist for Working With a Virtual Assistant

12 things to set up before your VA touches anything sensitive — from password managers to access reviews.

4 min read Working with Your VA

Set this up in your first week

These 12 controls cover 95% of real-world risk and take less than two hours to implement.

Use a shared password manager (1Password or Bitwarden) — never share passwords in chat or email
Enable MFA on every account your VA can access
Create a dedicated VA login wherever possible — never share your personal account
Sign an NDA before sharing any client or financial data
Use least-privilege roles in tools that support them (HubSpot, QuickBooks, Notion)
Restrict bank, payroll, and tax tools to view-only or proxy workflows
Turn on audit logging in your CRM and finance tools
Use email forwarding rules instead of sharing inbox passwords
Set a calendar reminder to review access every 90 days
Use a single shared file location (Drive or SharePoint) — no personal accounts
Document the offboarding checklist before you ever onboard
Run a test offboarding once a year so it works when you need it

Talk to us about staffing a VA matched to your industry, tools, and tone.

Most VAs ramp in 30 days when the first 4 weeks are structured. Here's the exact plan we use with every new client.

A great SOP is a 3-minute Loom plus a 1-page checklist. Here's how to produce them in under an hour each.

Put what you learned into practice — see the roles we staff and the industries we serve.