Working with a virtual team can be the greatest gift to a new business owner. Hiring freelancers and virtual assistants gave me the freedom to focus on the things I was good at and expand my offers to include things I’m not so good at.
While I’m grateful now to have a few talented, kind, fun people helping me in my business, it didn’t go so well in the beginning. I had to learn a few things through the school of hard knocks.
So in today’s post, I will share some practical tips to keep your business and sensitive data secure.
Speaking of learning things the hard way, that was the case with the first virtual assistant I hired. She stole a few of my clients by offering to help them for less than I was charging. For a long time, I was once bitten and twice shy about hiring someone else. I was mad at myself for leaving the business in a vulnerable position by not having a solid independent contractor agreement in place. In the back of my mind, I knew better, but she seemed sweet. Live and learn.
I also learned that you need to have a plan for how to handle things if accounts and passwords are compromised due to a security breach on another platform or if your site gets hacked.
One of our clients recently came to us because there were odd transactions in her Stripe account. It turns out that one of her team member’s Google accounts was hacked. Our client had given her team member access to a spreadsheet with all the user names and passwords for all her business accounts. To make matters worse, the file was removed from the Google account, so she couldn’t remember everything that was on the list to go back and update passwords. This put everything at risk, including her bookkeeping and banking information, websites and marketing tools, and social media.
Another client had her Instagram account hacked. Instead of beautiful, encouraging quotes and helpful information, porn was splashed all over her page. It was a nightmare for her to regain access to the account and to clean up the spam. Plus, it put her professional license as a counselor at risk.
So how do you protect yourself when you’re growing a business online and working with a virtual team?
In order to do their job, your website designers, virtual assistants, and social media managers will need to have access to accounts like your domain name registrar, hosting account, email marketing platform, social media scheduler, etc. But, as I described above, sharing passwords willy-nilly with people is not the best way to keep you and your business safe.
I don’t want anyone to wake up, like my client did, to find out that their website is down or someone spammed their social media accounts and email list.
Not only could this damage your reputation and credibility, but it could also lead to legal and financial consequences. At the very least, it’s a hassle no one really has the time to deal with. No, thank you!
So here are my ten easy tips to keep your accounts and business safe
#1 – Use a password manager:
Say goodbye to weak passwords and hello to a password manager! These handy tools generate and store strong, unique passwords for each of your accounts. Plus, you only need to remember one master password to access your password vault.
These password managers aren’t a 100% failproof solution, but using one is a whole lot more secure than having your passwords floating around among current and past freelancers!
We use LastPass here at Wise Owl Marketing. I created several shared folders for the various members of our team. For example, the design team has access to website logins, hosting, email marketing, domain, etc. The social media team has access to our social media scheduler, Canva, social channels, etc. If someone leaves the team, I can simply remove them from the shared folder, which removes their access to the passwords.
Check out LastPass, 1Password, or Dashlane for popular, trusted options to get started.
#2 – Use strong passwords and change them regularly
To reduce the risk of compromised passwords, use strong, unique passwords for each of your accounts and change them regularly. Using a password manager, as I mentioned above, can make this easier since you don’t have to try to remember a string of characters that looks like a cat walked across your keyboard.
For those passwords that you need to memorize, try a passphrase. A passphrase is a series of words or a sentence that is easy to remember but hard to guess. For example, “correct horse battery staple” is a well-known passphrase that has been recommended by security experts. It’s important to know that just using a few random words does not make a super strong password, so add in some numbers, symbols, or capital letters.
And for goodness sake – please don’t use the same password for every account!
#3 – Use two-factor authentication
Two-factor authentication (2FA) is like a bouncer for your accounts. It requires you to enter a code generated by an app or sent to your phone in addition to your password. This makes it much harder for hackers to get into your accounts, even if they have your password. Yes, it makes it harder for us too, but it’s so worth it.
When using two-factor authentication with our virtual team, we set up a secret alias email that we all have access to, and we use that email as the username on the accounts we’ve set to require two-factor authentication. That way, my team doesn’t have to get ahold of me to get access to an account. They can request the 2FA code via email and continue with their work.
#4 – Add your teammate as a user or delegate access to them through the platform
Many online services, such as websites, hosting providers, email marketing tools, and social media schedulers, allow you to add users with different levels of access, such as administrator, editor, or contributor. This way, you can control what your virtual team member can see and do within the platform.
You can also use delegation features to grant temporary access to your accounts without sharing your login credentials. This is a great way to streamline collaboration and maintain security. I created a list at the bottom of this post with some of the popular tools we use below to make this easier for you!
I know my clients groan when we ask them to do this because just giving us a list of user names and passwords is so much easier, but for everything possible, we prefer delegated access instead of having to log in. That way, we don’t have to bother our clients with 2FA when we are ready to work on their projects. And they have the ability to remove us when we’re done with the project.
Tip: Before adding a user, make sure you understand the different levels of access available and choose the right one for your virtual team member. This brings us to number 5…
#5 – Grant access carefully
Before giving someone access to your accounts, think about what they really need. If someone only designs graphics for you, they may need access to your Canva account, but they don’t need access to your email marketing tool or social media accounts. Choose the right level of access for each team member.
On the flip side, I like to make sure that someone I know and trust has the keys to all the doors in the castle. That way, if something happens to me, like when I hurt my back in 2021, my team can keep the plates spinning and continue serving our clients.
#6 – Meticulously monitor account activity
Keep an eye on your accounts and activity logs to catch any unauthorized access or suspicious activity. You can also set up alerts and notifications for specific events, like login attempts from new devices or locations. If you see something that looks or feels fishy, take action immediately!
I know where my teammates live, so if I get a login from a new device notification in a weird location, I’ll go change the password right away, just in case.
#7 – Revoke access when no longer needed
Once a team member has finished their work for you, revoke their access to your accounts.
Keep a list of which accounts each team member has access to, so you can remember which accounts to revoke their access to. We created an off-boarding checklist in Asana to make sure we don’t leave someone on an account they should no longer have access to when they leave or we’re done with a project.
#8 – Use legal agreements like your life depends on it
So, I’m not an attorney, but if I had an independent contractor agreement and a non-disclosure agreement with my first VA, I wouldn’t have lost some of my clients and so many nights of sleep.
That’s why I recommend having clear legal agreements in place when you’re working with a virtual team to outline the scope of work, payment terms, timelines, and confidentiality agreements.
An independent contractor agreement and a non-disclosure agreement (NDA) can help to protect your interests and establish a professional relationship with your virtual team members.
Of course, please consult with a lawyer to ensure that your legal agreements are comprehensive and legally binding, and relevant to the nature of your project and business needs.
#9 – Cover your butt with business insurance
Not all insurance policies cover cyber risks or data breaches, but having one could protect you and your business from any damages or liabilities caused by a virtual team member or, in the unfortunate case of your own accounts getting compromised.
I also like to make sure that my virtual team members have their own insurance policies in place to cover any damages or liabilities they may cause.
#10 – Take immediate action if an account is compromised:
If an account is compromised, take immediate action to secure your accounts and data. Revoke any teammate’s access to your accounts, change your passwords, and notify the relevant online services of the security breach. Consider running a security audit of your accounts to ensure that no unauthorized access or changes have been made.
Here are links to tutorials on how to delegate access to your accounts for some of the most popular platforms and tools we use with our clients:
How to Delegate Access for Popular Domain Names & Hosting Platforms:
How to Delegate Access for Popular Email Marketing Platforms:
Mailchimp (Either we can request access, or you can delegate access if your account includes it.)
I hope sharing a few of the things that I’m doing with my team to keep my business safe was helpful to you.
Which tip will you be implementing in your business?
Stay safe and happy marketing!
🙂 Heather
P.S. If you’re looking to hire an awesome virtual team to build you a gorgeous website and marketing funnel or help you with your marketing strategy, please book a clarity call with me today!
Looking for Something Specific?
Where Should I Send Your Free 2026 Marketing Planning Bundle?
*Your free planner will be delivered to your inbox. Check your spam folder if you don't see it within 15 minutes. Submit a support ticket if you need help. By entering your email address, you agree to receive emails, including marketing tips, offers, and announcements, in accordance with my privacy policy.
