{"id":630,"date":"2026-01-12T21:45:21","date_gmt":"2026-01-13T01:45:21","guid":{"rendered":"https:\/\/manageph.com\/blog\/?p=630"},"modified":"2026-01-12T21:45:38","modified_gmt":"2026-01-13T01:45:38","slug":"prevent-technology-misuse-filipino-vas","status":"publish","type":"post","link":"https:\/\/manageph.com\/blog\/prevent-technology-misuse-filipino-vas\/","title":{"rendered":"How to Prevent Misuse of Technology with Filipino VAs"},"content":{"rendered":"\n

Tech misuse falls into three categories that can actually harm your business.<\/p>\n\n\n\n

Security breaches.<\/strong> Your VA saves client data to a personal Google Drive. They share login credentials with a friend. They work from a coffee shop on public WiFi while accessing your payment processor.<\/p>\n\n\n\n

Under Philippine law (RA 10173, the Data Privacy Act), this isn’t just careless. It’s a violation that can trigger breach notifications and penalties.<\/p>\n\n\n\n

Time theft and productivity fraud.<\/strong> Someone logs hours but doesn’t work. They run scripts to wiggle their mouse and fake “active” status. They claim 8 hours but deliver 2 hours of actual work.<\/p>\n\n\n\n

Abuse of company resources.<\/strong> Installing unapproved software on work devices. Using company email for side businesses. Accessing your CRM to steal client lists for their own projects.<\/p>\n\n\n\n

These behaviors can violate the Philippine Cybercrime Prevention Act and create serious liability.<\/p>\n\n\n\n

Now here’s how to actually prevent each one.<\/p>\n\n\n\n

\n
\n <\/svg> <\/div>\n
\n

Security starts with who can access what.<\/h4>\n <\/div>\n
\n \n Get Started <\/a>\n <\/div>\n<\/div>\n\n\n\n

Step 1: Set Up Proper Access Controls<\/strong><\/h2>\n\n\n\n

Most tech misuse happens because access is too easy.<\/p>\n\n\n\n

Use strong authentication everywhere.<\/strong> Require multi-factor authentication (MFA) for every tool that touches client data, payment systems, or sensitive information.<\/p>\n\n\n\n

If someone’s device gets stolen or their password leaks, MFA is what stops unauthorized access.<\/p>\n\n\n\n

Create role-based permissions.<\/strong> Not every team member needs access to everything.<\/p>\n\n\n\n

Set up permissions so people can only see and do what their job requires. This limits damage if credentials get compromised.<\/p>\n\n\n\n

Require VPN for sensitive systems.<\/strong> If someone needs to access systems with client data or financial information, require them to connect through a VPN first.<\/p>\n\n\n\n

This encrypts their connection and prevents snooping on public networks.<\/p>\n\n\n\n

Ban accessing sensitive systems from coffee shops, co-working spaces, or any public WiFi without VPN protection.<\/p>\n\n\n\n

Use company-approved tools only.<\/strong> Create a list of approved tools and require everyone to use them.<\/p>\n\n\n\n

Approved: Company email, designated password manager, official project tracker, company CRM.<\/p>\n\n\n\n

Banned: Personal email for client files, personal cloud storage for work documents, unapproved messaging apps for client communication.<\/p>\n\n\n\n

Put this in writing. Make sure everyone signs it.<\/p>\n\n\n\n

Step 2: Implement Device Security Policies<\/strong><\/h2>\n\n\n\n

The device your VA uses is a potential security hole.<\/p>\n\n\n\n

Decide on company devices vs BYOD.<\/strong> If you provide the device, you control security. If they use their own (BYOD), you need agreements.<\/p>\n\n\n\n

For BYOD, require:<\/p>\n\n\n\n