New announcement. Learn more



As reliance on cloud based technology has grown, so inevitably has criminal activity. The economic impact of cybercrime is massive and can destroy a business. Whilst no business can be 100% safe you can take steps to increase your resilience.

Failure to adequately protect your data can not only lead to breaches of GDPR regulations and possible subsequent financial penalties but also the costs of downtime, people time, device costs and lost opportunities.

One of the commonest types of cybercrime is Phishing - an email purporting to be from a reputable source but which includes links designed to either capture your information or allow the scammer to download Malware. Be alert for any emails claiming to be from a bank of other institution which contain basic errors such as spelling mistakes or poor grammar. They are unlikely to be genuine. If the email contains a link, hover over it with the mouse to check the URL address. Make sure it matches the URL of the email. If not the scammer is trying to redirect you.

A strong password is the most effective protection. A password manager such as Last Pass will generate strong passwords and store them for you. Best practice is to never share a password with a colleague or use a work email address for anything non work related. 

Xero has a range of measures to help guard against cybercrime. Two step authentication is mandatory so even if a password is compromised the scammer will not be able to gain access. The Assurance Dashboard shows who is accessing which accounts and will show if anyone is making changes they shouldn't be such as replacing bank details with their own. In the History section Xero automatically records the name of the person making changes plus the time and date. The History & Notes Report shows a summary of all changes across your organisation. Search for activities by period then filter results to narrow the search further. Xero also features email verification. If you log in from a different location or device Xero will restrict activity and send an email requesting verification of the log in.

Cybercrime is huge and threats are constantly evolving. Be vigilant, make sure your software is kept updated and raise awareness through your entire team.