Keeping Xero and your accounting data secure
Your Xero account contains a huge amount of sensitive data. This includes both personal information (like salary and wage information) and business data (financial statements, bank account numbers, tax numbers etc).
- Let you view your login history so you can spot any unauthorised logins
- Email you if there’s a login from a different computer or location
- Always maintain backups of their data, in multiple geographic locations, to ensure no data loss
- Encrypt, authenticate and protect all data
Ultimately, when it comes to keeping your data secure, there are two sides to security — one is Xero’s responsibility, while the other is yours.
Here’s what you can do to keep your Xero account secure.
Extra Security at Login
Two-step authentication adds an extra layer of security to help protect your account. Each time you log in, you’ll need to enter a unique code generated by an app on your smartphone.
Used by many internet banking and online services, two-step authentication makes it much harder for anyone to hack into your account — think of it like a second lock on your front door.
Otherwise, you can watch this video to see how it works.
Control who sees what
You control what users have access to in Xero.
Until you invite them into your account, no one can access your organisation’s data. Even when you do invite someone into your account, you can still control what parts of Xero they can (and can’t) access:
To view who currently has access to your account, and their permissions, click on your business name (top left) and then Settings. Then click on Users.
From this screen, you can add and remove users, as well as change individual user’s permissions.
To find out more, click here.
Stay up to date with Security Warnings
At one point or another, we’ve all received scam emails from the bank, the IRD, suppliers and yes — even Xero.
Thankfully, Xero regularly publishes a list of all scam emails doing the rounds. You can view them here.
A link will often look like it’s going to a legitimate site, but redirects to somewhere completely illegitimate. You can check by hovering your mouse over the link (and not clicking).
In the example below (please don’t go to any of these websites!), it looks like the link is going to one website, when it actually goes somewhere completely different:
New staff and exiting Staff
Staff can be our biggest asset, but when it comes to security, they can sometimes be a liability.
When bringing on new employees, it’s important that you introduce them to your business properly, and get them onboarded securely.
On the flip side, it’s equally as important to ensure their access to Xero is shut off as soon as they exit your business.
It’s worth your time to learn the elements of security you should take into account when onboarding new staff. You can also look at the process of removing security privileges for leaving staff in this free course.
As always, if you have any questions about how to ensure your Xero is as secure as possible, please don’t hesitate to get in touch.