With our community of partners, you can get expert advice and training so you can be up and running in no time!

View setup partners

With our community of partners, you can get expert advice and training so you can be up and running in no time!

View setup partners

Get the Guide on Moving from spreadsheets to software.

Get the guide

Want to join us? Become a partner. 

Become a partner

Security is everyone’s responsibility


For most of us the internet is an intrinsic part of our lives. We rely on it to get us where we are going, connect us to friends and family and answer all of our questions, no matter how banal. It has also quickly become an integral part of most businesses, enabling them to complete business transactions in mere minutes as well as connect to their customers and a global network.

As we take advantage of the opportunities the internet has to offer it is critical that online security becomes a priority. As Xero partners and customers, you are all operating online and with this comes a need to be vigilant about keeping sensitive data and information secure from hackers and cybercriminals – the same way you keep your home or your car safe by locking it. Statistics from online security software vendor Norton show that globally 689.4 million (31%) people were affected by cybercrime in the past year. Additionally 63% of people also believed it’s become harder to stay safe and secure online over the past five years. The fact of the matter is that the impact of cybercrime has become a reality for all businesses. We continually remind all of our customers – small businesses, accountants and bookkeepers – to ensure that they are taking precautions to keep their data safe from hackers.

 As the Head of Security at Xero I have a team working around the clock and throughout every timezone to monitor and detect suspicious activity. We identify patterns of malicious activity and after discovering harmful activity we then take the appropriate steps to notify users and guide them through protecting their account. Protecting our platform against cyber attacks is a top priority and we are constantly evolving our systems to ensure they are as robust as possible. However, a system is only as good as the weakest link in the chain. Security needs to be strong on all fronts and it’s important that our small businesses and advisors are invested in protecting themselves and their customers from attacks. As a business it is your responsibility to safeguard not only your own information but more importantly that of your customers who have entrusted you with sensitive data. By keeping informed about cybersecurity and instilling the importance of security practices throughout your business, together we can build a stronger, more secure online community.

 Here are some simple, easy-to-implement steps that will help you better protect your information and that of your clients online.

Have strong, unique passwords

I cannot stress the importance of having strong passwords enough. One of the most common ways that people’s accounts get taken over is through people successfully stealing or “cracking” your password. Always use a strong, unique password for each site you log in to. While this may seem extreme, particularly in an age where we have multiple logins, having different passwords will help prevent a compromise of one login becoming a compromise of many. You can use Password-manager software to help you navigate your multiple logins, and to generate strong passwords for you. We would also advise that you clearly communicate the importance of password hygiene to your staff, in particular that reusing personal passwords, e.g. for social media sites, is not acceptable.

Use 2SA

2SA or Two-Step Authentication essentially equates to having that extra deadbolt on the door. 2SA works by having two layers of security, firstly through you entering your existing password and then through another verification code generated by an app on your smart device. Having 2SA enabled for your Xero account significantly reduces the risk of account takeover, as stealing your password isn’t enough to get access.  2SA (or 2FA, MFA or 2SV) is extra important for your email account, which is usually the means to hackers being able to reset your passwords for other sites.

 For more information about Xero login and 2SA, visit our new landing page.

Update your software

Security threats are changing all the time and new software vulnerabilities are identified every day. Keeping your operating system and applications up to date is your first line of defence against many attacks.  Set your system preferences to update automatically and delete applications that you don’t use.

Having up to date anti-malware (anti-virus) software is another simple but effective way to protect yourself. Anti-malware software will scan your attachments and downloads as you use them and alert you to any malicious software detected. Make sure your anti-malware software is updated regularly so that it will be able to detect any new viruses, trojans, ransomware, etc.

Security is of the utmost importance for Xero and like every other online business we have to be constantly vigilant about phishing attacks and account takeovers. We all have the responsibility to ensure we are utilizing security procedures and continually investing in online security. As an online community we need to work together to make sure we are all protecting one another and keeping our data secure from cyber criminals.

For more information visit Xero’s Security page, get updates on the latest security issues on Xero’s security noticeboard or forward suspicious, Xero branded emails to phishing@xero.com.

Try WorkflowMax today with a 14 day free trial

It’s easy - no credit cards, no contracts. Start today.

Start free trial

Paul Macpherson