Brought to you by

Champion your clients’ cybersecurity

Posted 2 years ago in Xero news by Rob Stone
Posted by Rob Stone

When you work alongside small businesses everyday, you’re entrusted with a special shared responsibility; one of keeping their sensitive data protected. It’s not your responsibility to bear alone, and neither is it theirs. Security is everyone’s responsibility.  

We all know it’s no longer good enough to choose our pet’s name as our password, even if you spell it backwards. As technology evolves to be evermore sophisticated and intrinsic to our lives, so too must the means by which we protect ourselves and our customers against hackers and cybercriminals.

Let’s take security seriously

We recently let every accountant and bookkeeper across Australia know that Xero will start making two-step authentication (2SA) compulsory for all our small business customers, just as it is for partners. Today, the opt-in period began for subscribers and Payroll administrators across Australia and will be mandatory from September 11. By the end of this year, every customer with access to Xero in Australia will be required to take up 2SA – and we’ll let you know as it becomes mandatory across different groups.

Imposing the take-up of enhanced security across our platform is one way we can help everyone in our community stay as safe as can be. As our Head of Security Paul Macpherson is known to say, a system is only as good as the weakest link in the chain and 2SA is like putting that extra deadbolt on the door.

A welcome opportunity for advisors

As modern security measures become increasingly mandated in this way, with wide scale rollouts supported by government offices like the ATO, security will become a mainstream part of life and business.

Now’s the perfect time to champion cybersecurity with your clients. Present a what-if scenario that helps business owners understand the impact of their data being compromised, and educate them on the modern ways to step up their security.

Take the opportunity to share some key, easy-to-implement steps, such as encouraging clients to:  

    • Activate 2SA across Xero and all other available systems, like their bank accounts and email providers. The extra authorisation that 2SA requires at login means that cracking a password isn’t enough for a hacker to gain access. For more information about 2SA in Xero, visit our help centre.
    • Have strong unique passwords, that you use only once. A weak password is equivalent to having a dodgy lock on your door – it’s easy to break if someone wants in. Password-manager software can help your clients create and manage strong passwords that are different for every site. Doing so will help prevent a compromise of one login turning into a compromise of many.
    • Set up an alternative email, so they can link their two-step authentication to a second verified email address. This provides clients with an easy fallback option in the event that the authenticator app on their smartphone isn’t available.
    • Check out cyber resilience resources such as our Introduction to Cloud Security small business guide, the Australian Securities and Investment Commission (ASIC) resource hub, and this handy resource from Get Safe Online. CERT NZ, the national Computer Emergency Response Team over in New Zealand, also shares a range of useful (and universal) information in the form of easy-to-digest cyber security guides.

When it comes to security, best-of-breed mandates are there to help protect us all. I hope you’ll join me in championing the change as we build a stronger, more secure online community together.

For more information visit Xero’s Security page, get updates on the latest security issues on Xero’s security noticeboard or forward suspicious, Xero branded emails to

Leave a reply

Your email address will not be published. Required fields are marked *