How to Protect Your Digital Life as an Executive Assistant

Executive assistants are the gatekeepers of information, the organizers of chaos, and the right hand to leaders in demanding industries.

His isn’t just about protecting the company; it’s about protecting your executive, your colleagues, and yourself. 

This guide will walk through a typical day, highlighting the key security practices that every EA should integrate into their routine. And since a high percentage of cyberattacks happen due to human error, like a study made by Aura found that 95% of cybersecurity breaches are because of this, the below sections may be pretty helpful.

How Executive Assistants Can Start Their Day Secured

How to Make Devices Secure Before Beginning the Workday?

“The alarm clock signals the start of another busy day. Before the first sip of coffee, the executive assistant reaches for their laptop and phone, the essential tools connecting them to their executive and the wider world. In the rush to get started, it’s easy to overlook the critical first step: ensuring those devices are secure…” 

This isn’t just a precaution; it’s a fundamental necessity, especially considering that a staggering 70% of all cyberattacks target small businesses, leading to an average loss of approximately $180,000 per incident.

The first line of defense is ensuring everything is up-to-date. 

This means installing any pending operating system updates (whether it’s Windows, macOS, iOS, or Android) and updates for all installed applications. 

These updates often contain crucial security patches, closing loopholes that cybercriminals are eager to exploit. 

Next comes strong authentication. A strong, unique password for each device is the absolute minimum. This means avoiding easily guessable passwords like birthdays or pet names. Aim for at least 12 characters, mixing uppercase and lowercase letters, numbers, and symbols. 

However, even the most complex password can be compromised. 

That’s where multi-factor authentication (MFA) becomes essential. MFA adds an extra layer of security, requiring a second verification method – a code from a smartphone app, a fingerprint scan – in addition to the password. 

The impact of MFA is undeniable: studies show it can reduce the risk of account compromise by an impressive 99.22% across the general population and by 98.56% even when credentials have been leaked.

The technology industry has embraced MFA, with an 87% adoption rate.

Another vital step is enabling full disk encryption. If a laptop or phone is lost or stolen, full disk encryption, such as BitLocker on Windows or FileVault on macOS, protects the data by making it unreadable without the correct password. 

This is particularly crucial for devices holding sensitive company information. 

How to Spot and Avoid Phishing Emails and Scams?

The inbox beckons – a seemingly endless stream of requests, updates, and information. 

Sifting through it all requires a keen eye and a healthy dose of skepticism. 

One email, seemingly from a familiar vendor, requests an urgent payment. 

Another promises a bonus or a gift card. But lurking beneath the surface of these seemingly legitimate messages could be a phishing scam, a cleverly disguised attempt to steal your credentials, install malware, or trick you into revealing sensitive information.

Phishing attacks are incredibly common, and executive assistants are prime targets due to their access to sensitive data and their role in managing communications for executives. 

So, how can you protect yourself and your organization? 

Here’s a breakdown of how to spot and avoid these traps:

1. Scrutinize the Sender’s Email Address: Don’t just look at the display name, which can be easily spoofed. Examine the actual email address carefully. 

Look for subtle misspellings, extra characters, or a different domain than you’d expect.

For example, an email supposedly from “[email address removed]” (with a zero instead of an “o”) is a clear red flag.

2. Be Wary of Urgent or Threatening Language: Phishing emails often create a sense of urgency or fear to pressure you into acting quickly without thinking. Phrases like “Your account will be suspended,” “Immediate action required,” or “Unauthorized login attempt” should raise suspicion.

3. Watch Out for Generic Greetings: Legitimate emails from organizations you do business with will typically address you by name. Generic greetings like “Dear Customer” or “Dear Valued Member” are often used in mass phishing campaigns.

4. Hover Over Links, But Don’t Click: Before clicking on any link in an email, hover your mouse cursor over it (on a computer) or long-press it (on a mobile device) to see the actual URL. 

Does the URL look suspicious? 

Does it match the supposed sender and the context of the email? 

If in doubt, do not click. Instead, manually type the organization’s official website address into your browser.

5. Beware of Attachments: Unexpected attachments, especially from unknown senders, should be treated with extreme caution. Even attachments from known senders can be dangerous if their account has been compromised. 

Common malicious attachment types include .exe, .zip, .scr, and even seemingly harmless files like .doc or .pdf if they contain macros.

6. Look for Poor Grammar and Spelling: While some phishing emails are becoming increasingly sophisticated, many still contain grammatical errors, awkward phrasing, or misspellings. These are often signs that the email is not legitimate.

7. Verify Requests Through a Separate Channel: If an email requests sensitive information (passwords, financial details, etc.) or asks you to perform an unusual action (like making a wire transfer), always verify the request through a separate, trusted channel. Call the supposed sender using a known phone number (not one provided in the email), or contact them through their official website.

8. Trust Your Gut: If something feels “off” about an email, even if you can’t pinpoint exactly why, trust your instincts. It’s better to be cautious than to fall victim to a scam.

What to Do If You Suspect a Phishing Email:

• Don’t Click: Do not click on any links or open any attachments.
• Don’t Reply: Do not reply to the email.
• Report It: Report the email to your IT department or security team. Many email providers also have a “Report Phishing” button.
• Delete It: Delete the email from your inbox and your deleted items folder.

Safest Way to Use Public or Home Wi-Fi?

“Today’s office might be a bustling coffee shop, the airport lounge, or the quiet corner of a home office…” 

For an executive assistant, staying connected is non-negotiable, and Wi-Fi is the essential link. 

However, the convenience of readily available Wi-Fi, especially public networks, comes with a significant caveat: security risks.

Public Wi-Fi hotspots, like those found in cafes and airports, are often unsecured. 

This means that any data transmitted over the network – passwords, emails, browsing activity – could potentially be intercepted by malicious actors lurking nearby. Even networks that require a password aren’t necessarily secure; the password is often shared publicly, offering minimal protection.

The safest approach when using public Wi-Fi is to assume that the network is compromised and act accordingly. The most effective protection is to use a Virtual Private Network (VPN) which encrypts your internet traffic, creating a secure tunnel between your device and the VPN server, preventing anyone on the same Wi-Fi network from eavesdropping on your activity. Choose a reputable VPN provider with a strong track record of privacy and security.

Beyond using a VPN, there are other crucial precautions: avoid accessing online banking, making financial transactions, or handling highly confidential information while on public Wi-Fi, even with a VPN. 

If possible, wait until you have a secure, trusted connection. When browsing the web, ensure that websites use HTTPS encryption – look for “https://” in the address bar and a padlock icon. 

This indicates that the communication between your browser and the website is encrypted. 

Make sure file and printer sharing are disabled on your device when connected to public Wi-Fi, and turn off Wi-Fi when you’re not actively using the connection.

While home Wi-Fi is generally more secure, it’s still important to take protective steps. The most crucial is to change the default password on your router. 

Manufacturers often use simple, well-known default passwords that are easily compromised. 

Choose a strong, unique password for your Wi-Fi network, and ensure your router is using WPA2 or WPA3 encryption. 

These are the most secure wireless security protocols currently available; avoid older protocols like WEP. 

Keeping your router’s firmware up-to-date is also important, as updates often include security patches.

Best Way to Manage Passwords and Access Credentials Securely?

The modern executive assistant often manages a vast array of digital keys – passwords and access credentials for the executive, online services, and company accounts. 

A single compromised password can lead to a major data breach, making robust password management critical. Given that the average person has to manage nearly 170 passwords, and 84% of users reuse passwords across multiple sites, relying on memory or insecure methods like sticky notes is simply not an option.

The best practice is to use a reputable password manager. This software acts as a secure digital vault, storing all passwords and sensitive information, protected by a single, strong master password. A good password manager generates strong, unique passwords for each account, eliminating the need to remember (or reuse) them. 

It also auto-fills login information, saving time and reducing the risk of typing errors that could lead to phishing sites. Most importantly, the information is encrypted, meaning only the master password can unlock it.

When choosing a password manager, prioritize strong encryption (AES-256 is the industry standard), a zero-knowledge architecture (meaning the provider cannot access your data), and multi-factor authentication (MFA) for the password manager itself. Regular independent security audits are also a must.

How to Securely Share Confidential Documents with Colleagues?

“A board meeting presentation containing sensitive financial projections needs to be sent to the leadership team. What do I do?” 

For an executive assistant, distributing sensitive information is a daily occurrence, but sending these documents via unencrypted email is like sending a postcard through the mail – anyone along the way could potentially read it. 

Secure file sharing is therefore not just a best practice; it’s a necessity.

Several secure methods exist, each offering varying levels of security and convenience. The best choice depends on the sensitivity of the data and the company’s policies. 

1. Encrypted Email Services:

Some email providers offer end-to-end encryption, meaning that only the sender and the recipient can read the message and any attachments. If your company uses Microsoft 365 or Google Workspace, they may have built-in encryption features that can be enabled.

2. Secure File-Sharing Platforms:

These platforms are specifically designed for secure file sharing and collaboration. 

Examples of reputable secure file-sharing platforms include Tresorit, Sync.com, Mega, and Egnyte. 

Some companies also use enterprise-grade solutions like Microsoft SharePoint or Google Drive with appropriate security settings configured.

3. Avoid Unsecure Methods:

It’s just as important to know what not to do. Never send confidential documents via regular, unencrypted email, instant messaging apps (unless specifically designed for secure communication), and public cloud storage services (without encryption). 

4. Verify Recipient Identity:

Before sending any sensitive document, double-check the recipient’s email address or username. A simple typo could have serious consequences. If possible, confirm receipt through a separate communication channel (e.g., a phone call).

By consistently using secure file-sharing methods and avoiding risky practices, executive assistants can protect confidential information and maintain the trust placed in them.

Maintaining Security During the Workday

How to Protect the Company from Business Email Compromise?

“An urgent email arrives, seemingly from the CEO. It requests an immediate wire transfer to a new vendor, citing a time-sensitive deal.” 

The pressure is on, and as a diligent executive assistant, the instinct is to act quickly. But this seemingly urgent request could be a sophisticated scam known as Business Email Compromise (BEC) – one of the most financially damaging cybercrimes.

Business Email Compromise (BEC) is a type of phishing attack that specifically targets businesses. Unlike generic phishing scams, BEC attacks are highly targeted and often involve extensive research on the company and its employees. 

Cybercriminals impersonate executives, vendors, or other trusted individuals to trick employees into making fraudulent wire transfers, sending sensitive data, or revealing login credentials.

BEC attacks often exploit the trust and authority inherent in the executive-assistant relationship. 

Criminals may spend weeks or even months studying the communication patterns, travel schedules, and vendor relationships of a company to craft convincing emails. 

They may use spoofed email addresses, compromised email accounts, or similar-looking domain names to make the emails appear legitimate.

Here’s how to protect your company from BEC attacks:

1. Implement Multi-Factor Authentication (MFA)
2. Verify Requests Through a Separate Channel
3. Establish Clear Financial Procedures
4. Train Employees on BEC Awareness
5. Use Email Security Solutions
6. Be Wary of Changes in Payment Information
7. Foster a Culture of Security

Risks of Using Personal Phones for Work Tasks (& How to Minimize Them?

A quick text message to the executive on your personal phone to confirm a meeting time…

 Checking work email while waiting in line at the grocery store…

Snapping a photo of a whiteboard during a brainstorming session…

For executive assistants, the lines between work and personal life often blur, and using personal devices for work tasks is incredibly convenient. However, this convenience comes with significant security risks that must be addressed.

The practice of using personal devices for work is often referred to as “Bring Your Own Device” (BYOD). 

While BYOD can offer flexibility and cost savings for companies, it also introduces a range of security challenges. Personal devices are often less secure than company-managed devices, making them more vulnerable to malware, data breaches, and unauthorized access. 

Here are some of the key risks associated with using personal phones for work tasks:

• Lack of Device Security: Personal devices may not have the same level of security controls as company-managed devices. They may be missing essential security software (antivirus, anti-malware), have outdated operating systems, or lack strong password protection.
• Malware Infections: Personal devices are more likely to be exposed to malware through personal browsing, app downloads, and less secure Wi-Fi networks.
• Data Loss or Theft: If a personal device is lost or stolen, any company data stored on the device could be compromised.
• Mixing Personal and Work Data: It can be difficult to separate personal and work data on a single device, increasing the risk of accidental data leakage or exposure.
• Lack of Compliance: Personal devices may not meet the company’s security and compliance requirements (e.g., HIPAA, GDPR), potentially leading to legal and regulatory issues.

Best Practices for Securing Video Conferencing Meetings?

“The executive is scheduled for back-to-back video conferences: a strategic planning session with the leadership team, a negotiation with a potential client, and a confidential presentation to the board of directors.”

As the executive assistant, you’re responsible for setting up these meetings, sending out invitations, and ensuring everything runs smoothly. 

A single compromised meeting could expose sensitive information, disrupt critical discussions, or damage the company’s reputation.

Video conferencing platforms, while incredibly convenient, have become attractive targets for cybercriminals. 

“Zoombombing” (unauthorized access to meetings), eavesdropping, and malware distribution are just some of the threats. 

A 2022 survey by Zerify and Propeller Insights, involving 1,000 IT professionals, revealed that a staggering 97% are concerned about protecting privacy and video conferencing data, and 92% are aware of security vulnerabilities in these platforms. 

This concern is well-founded. The same survey found that 81.8% of companies reported an increase in nation-state cyber threats, and 89% of IT professionals are concerned about foreign attacks. 

A concerning 69% believe cyber attackers could breach their video conferencing platforms, and 84% believe that such a breach could lead to the theft of intellectual property, sensitive data, and trade secrets.

The Zerify survey also highlights the growing awareness of Zero Trust cybersecurity, with 79% of respondents reporting they were very knowledgeable about the concept, and 86% stating their company had Zero Trust policies. 

And in case you were wondering, here’s how to secure your video conferencing meetings:

1. To secure your meetings, start by choosing a reputable platform like Zoom, Microsoft Teams, Google Meet, or Cisco Webex, and researching their security features. 
2. Always require a password, even for internal meetings. 
3. Avoid using your personal meeting ID (PMI) for sensitive meetings; generate a unique, random ID for each.
4. Enable the waiting room to screen participants.
5. Once everyone is present, lock the meeting. 
6. Control screen sharing by restricting it to the host or specific participants. 
7. Be mindful that the chat function may not be encrypted; avoid sharing sensitive information there. As the host, manage participants – muting, removing, or disabling video as needed. 
8. If recording, store recordings securely with access controls, and inform participants. Keep software updated. Finally, share these best practices with participants.

Securing the End of the Workday

How to Securely Dispose of Sensitive Documents (Digital and Physical)?

2.0 Pro Experimental. No tiene acceso a algunas funciones de Gemini ni a información en tiempo real.

Okay, I understand. You’d like a table summarizing the secure disposal methods for physical and digital documents, providing a clear comparison. Here’s the table, followed by the rest of the text for that section (with a slight adjustment to acknowledge the table):

How to Securely Dispose of Sensitive Documents (Digital and Physical)?

The workday is winding down, and it’s time to clear the desk – both the physical one and the digital workspace. That stack of printed reports from the board meeting, the draft contracts with handwritten notes, the USB drive containing client data… all contain sensitive information that, in the wrong hands, could be damaging. For an executive assistant, proper disposal of sensitive documents, whether physical or digital, isn’t just about tidiness; it’s a critical security responsibility.

Simply throwing paper documents in the trash or hitting the “delete” button on a computer file isn’t enough. Discarded documents can be retrieved, and deleted files can often be recovered, even after emptying the Recycle Bin or Trash.

The table below summarizes secure disposal methods:

Best Method and Frequency for Backing Up Work?

“It’s late afternoon, and the executive assistant is putting the finishing touches on a crucial presentation for tomorrow’s board meeting. 

Suddenly, the computer freezes, and the screen goes black. A wave of panic sets in – hours of work, potentially lost.” 

This scenario, all too familiar to many, highlights the critical importance of regular data backups. 

For an executive assistant handling sensitive information and time-sensitive projects, a robust backup strategy isn’t just a good idea; it’s a necessity for business continuity and peace of mind.

Data loss can occur for a multitude of reasons: hardware failure, accidental deletion, malware infection, theft, natural disasters, or even a simple power outage.

The “best” backup method often involves a combination of approaches, following the 3-2-1 backup rule:

• 3 Copies of Your Data: Maintain at least three copies of your important data. This includes the original data on your computer or device, plus two additional backups.
• 2 Different Media: Store the backups on at least two different types of media. For example, you might have one backup on an external hard drive and another in the cloud. This protects against the failure of a single storage medium.
• 1 Offsite Copy: Keep at least one backup copy offsite, in a separate physical location. This protects against data loss due to local disasters like fire, flood, or theft.

Who to Contact in Case of a Cybersecurity Concern or Suspected Incident?

“It’s the end of a long day. 

As the executive assistant is preparing to shut down, a strange email arrives – a login notification from an unfamiliar location, or perhaps a suspicious message that slipped through the spam filter. 

A feeling of unease sets in. 

Something doesn’t feel right.”

In moments like these, knowing exactly who to contact and what steps to take can make the difference between a minor inconvenience and a major security breach. 

Immediate action is crucial, but acting without guidance can sometimes worsen the situation.

While every organization should have a designated point of contact, many smaller businesses, or those without dedicated IT staff, struggle with knowing who to call and how to respond effectively. 

This is where a Managed Service Provider (MSP) like LayerLogix becomes invaluable.

Instead of scrambling to find a solution or potentially making the situation worse, LayerLogix clients have a direct line to expert support. 

We are available 24/7 to handle cybersecurity incidents and provide immediate assistance.

What to Report to LayerLogix (or your internal IT team)? 

When reporting a potential security incident, be prepared to provide as much detail as possible, including: what happened, when it happened, what devices or accounts are involved, what information may be at risk, and any other relevant details (screenshots of suspicious emails).

What Not to Do:

• Don’t try to fix the problem yourself
• Don’t delete anything
• Don’t discuss the incident with unauthorized individuals
• Don’t panic.