With today’s increasing cyber security risks, it’s tough for small business to stay protected in keeping Xero information secure.

Xero has made further enhancements to their online software to help keep your data safe. Ensure you have implemented these simple measures to keep your data is as secure as possible.

  1. Change your password regularly, and ensure it’s not something that’s easily guessed. Include a mix of upper and lowercase, digits and symbols to make them hard to crack.  For help on changing your login password click here.
  2. Enable two step authorisation, by enabling this with your Xero file, you’ll need to enter a code from your mobile phone to access your Xero file on a desktop or tablet, but you can save it for up to 30 days so a small inconvenience is worth the extra security. For more information on how to set this up click here.
  3. Check your login history – if you see anything unusual you can log this with Xero straight from the login history screen. For more information about how to check your login history click here.

How else can you keep your business safe from online threats?

  • Ensure your software patches and updates are run weekly will make it more difficult for malware to exploit system vulnerabilities.
  • Install good quality Malware and Anti Virus software and ensure this is kept up to date (and automatically updates).
  • Scan any USB devices for infection prior to opening.
  • Lock down computer systems so only IT administrators can install software, will help prevent unwanted executable files from installing.
  • Keep on top of the latest online hacks and scams, and communicating these to your team. Scams are becoming increasingly clever, and it can often be too late by the time you’ve clicked on that link.
  • Here are our top sites to monitor scams and cyber security issues:

ACCC Scamwatch gives information on local scams of all types affecting Australians.

Check the blogs of reputable web security and email professionals such as




There will always be threats online which make systems vulnerable, and it’s only possible to protect against the threats we know about.