Editor | 10 July 2018
How to secure your Xero login cloudaccountant

How to secure your Xero login

Your business depends on keeping data secure. And this counts double for sensitive financial information.

It’s normally big companies that make the news when they have a data breach, but cybercriminals are targeting small businesses like yours as well.

Research indicates that 40% of cyber attacks in 2017 were targeted at small businesses and this is increasing.

Most small businesses can’t afford advanced in-house data security systems.

That’s one of the reasons why using a low-priced online accountancy package like Xero is so attractive.

Xero stores all of your data in the cloud, protected by bank-level encryption and security systems.

Your company’s accounts and financial information are far more secure in the cloud than it would be if the data were stored on a company computer.

Xero also makes it safer to transfer sensitive financial information. Having your cloud accountant log in to your Xero account is more secure than sending information by email or in the post.

Nothing is every 100% safe. But your data is more likely to be compromised by yourself or one of your employees than anyone else.

Most data breaches come when a hacker gets hold of your log in details so you need to be vigilant about protecting this information.

Here are our top tips for securing your Xero log in.

Watch out for Phishing scams

Some online fraudsters use phishing scams to try and gather your email and password for websites.

One of the most common tactics is to send an email from what, at first glance, looks like an official source like your bank or Xero. The email usually asks you to confirm information like your email and password.

If you receive one of these emails, don’t click on any of the links.

If an email looks as if it is from Xero, you can forward it to phishing@xero.com.

Enable two factor authentication

Xero introduced two factor authentication to make the Xero log in screen more secure.

Two factor authentication helps protect you against phishing attacks where hackers get access to your email and password.

It is used by a wide range of companies including banks, Amazon and social media platforms.

When you log in with two factor authentication enabled, as well as entering your password, you’ll also be prompted to enter a unique six digit code that’s generated from a separate app on your smart phone.

This means that only the Xero user with access to this ‘trusted device’ will be able to log in on a certain computer.

To make logging in easier, you can ask Xero to remember a device for 30 days.

You can also set three tricky security questions which you will be able to answer if you don’t have access to the trusted smart phone.

Use a strong password

Strong security depends on strong passwords.

When you are setting a password, your enemy isn’t a cyber hacker entering combinations of ‘password123’ over and over - it’s a computer entering thousands of commonly passwords per minute.

Xero helps protect against this by temporarily locking your account if you get a password wrong more than five times, but it is better to be safe than sorry.

Use a password generator to create a strong string of random letters, numbers and symbols and a password manager to keep all of your passwords in one place.

Remember not to reuse passwords. If one password gets compromised, hackers could get access to multiple accounts.

Ensure that all users follow these practices

It only takes one user to cause a data breach. If you have multiple users set up on your Xero account, make sure they all follow the security practices set up above.

Xero allows you to see which users have enabled two factor authentication. This is a good starting point for security management. 

If you would like to know more about security on Xero, speak to a member of our cloud accountancy team today. Call: 01625 300 300 or email team@cloudaccountant.co.uk