Sharing information with a virtual assistant is a daily necessity - but how you share files and grant screen access has real security implications. Most businesses treat file sharing as an afterthought until something goes wrong. A VA who retains access to sensitive files after offboarding, a shared folder with client data open to the wrong people, or a screen share session recorded without authorization can each create serious business and legal exposure.
This guide covers the tools and practices that make file sharing and screen access both functional and secure for VA relationships.
Why File Sharing Security Matters More With Remote VAs
With in-house employees, physical security measures - badge access, device restrictions, office environments - add natural boundaries around sensitive information. Remote VAs don't have those boundaries. Every file they can access exists on their personal device, in their browser history, or in their local downloads folder unless you actively manage what they receive.
This isn't about distrusting VAs - most are entirely trustworthy professionals. It's about building systems where the security of your business doesn't depend on any individual's behavior. The right tools enforce access controls automatically, create audit trails, and make offboarding clean regardless of how a relationship ends.
The core principle: VAs should have access to what they need to do their work, and nothing more. This principle of least privilege limits exposure without affecting operational capability.
Secure File Storage and Sharing - Google Drive and SharePoint
Google Drive is the most common file sharing solution for VA teams, and when configured correctly, it's secure enough for most business contexts. The key is using Shared Drives rather than sharing from your personal My Drive. Shared Drives keep files owned by the organization rather than by an individual, which solves the offboarding problem - files don't disappear when you revoke a VA's access.
Grant folder-level or file-level access rather than top-level Drive access. A VA handling social media content doesn't need access to your financial documents or client contracts. Use the "Viewer" or "Commenter" permission level for files your VA needs to reference but shouldn't edit. Reserve "Editor" access for files they actively update.
Turn off download, print, and copy permissions for highly sensitive documents by adjusting sharing settings at the file level. A VA can view and reference a document without being able to create a local copy. This setting isn't foolproof - screenshots exist - but it reduces casual data leakage significantly.
Microsoft SharePoint and OneDrive offer equivalent functionality within the Microsoft 365 ecosystem. SharePoint's permission groups let you assign access at scale without managing file-by-file permissions, which is useful when VAs work across many documents.
Screen Sharing - Tools and What to Avoid
Screen sharing is often necessary for training, task review, or collaborative problem-solving. The risks are straightforward: a VA sees everything on your screen, not just what you intend to show. And if sessions are recorded, that footage may contain sensitive information.
Before any screen share session, close browser tabs or applications containing sensitive information - banking, HR systems, personal email, client contracts not relevant to the session. Consider using a separate browser profile for work sessions with VAs, with only relevant tools visible.
For live screen sharing, Zoom and Google Meet are the standard tools. Both allow you to share a specific application window rather than your entire screen - always use this option when sharing with VAs. "Share entire screen" gives visibility into notifications, taskbar contents, and any window that surfaces during the session.
Loom, for pre-recorded screencasts used in SOP training, is lower risk since you control the recording before sharing. Review Loom videos before sharing to confirm nothing sensitive is visible in browser tabs, notification popups, or other screen areas.
Avoid using remote desktop tools (like TeamViewer or AnyDesk) unless there is a specific technical reason requiring full computer access. Remote desktop gives a VA control of your machine, not just visibility - which is a fundamentally different level of access that should require explicit justification.
Managing File Access During the Relationship
Beyond initial setup, file access management needs ongoing attention. VAs accumulate access to more resources over time as their responsibilities grow. Without periodic review, the access footprint expands quietly.
Build a quarterly access audit into your management routine. Review which files and folders each VA can access, compare it to their current responsibilities, and revoke anything that's no longer relevant. This takes 15–20 minutes per VA and prevents access creep from becoming a security problem.
For email attachments, avoid sending files as email attachments if the files are sensitive. Instead, share a Google Drive or Dropbox link with view or comment access. Email attachments create copies that exist outside your controlled environment with no revocation capability.
When VAs need to deliver work back to you, establish a designated shared folder where they upload completed work. This keeps deliverables organized and eliminates the need to send files back and forth via email.
Clean Offboarding - Revoking Access Completely
The offboarding process is where file security most commonly fails. When a VA relationship ends, a checklist of access revocations needs to happen the same day, not whenever you get around to it.
For Google Drive: remove the VA from all Shared Drives and shared folders. Check your Drive's sharing permissions view to confirm no files have been individually shared with their personal email outside the Shared Drive structure.
For Dropbox, Box, or similar services: remove the user from all shared folders and revoke team membership. Check for any links they may have created that are still publicly accessible.
Review any email forwarding rules the VA may have set up, check for any cloud services they were authorized to access that have their own authentication (Canva, Notion, project management tools), and revoke those independently.
Finally, ask your VA to confirm deletion of any locally downloaded copies of sensitive files. Most reputable VAs will comply without issue; the request itself signals that you take security seriously.
Ready to Build Your VA-Powered Tech Stack?
Secure collaboration starts with trustworthy people and the right systems. Stealth Agents works with vetted virtual assistants who understand professional data handling standards and integrate cleanly with Google Drive, SharePoint, and other secure file sharing tools. Visit virtualassistantva.com to find a VA you can trust with your business's sensitive information.