Can Xero Be Hacked? 8 Ways in Which You Can Be More Secure

By Jon Jenkins

As one of the UK’s leading Xero migration experts we are often asked by clients whether Xero can be hacked. This is a valid concern, after all, your financial details and accounts are very sensitive, so should you be trusting them to be kept secure by a cloud-based accountancy program?

Thankfully Xero is very secure, and there are no current reports of it being hacked at the server level, but of course, if your logins are compromised then your own personal data could be.

Data is encrypted using industry-standard data encryption, multiple layers of firewalls are in place, all access to Xero data centres and servers is controlled and monitored 24/7, and Xero perform regular security audits.

8 Ways to Keep Xero More Secure from Being Hacked

#1: Two-Step Authentication

Ensure every member of staff that accesses Xero has Two-Step Authentication turned on.  When you have Two-Step Authentication enabled you need to use a second method to login to Xero. In addition to your standard Xero username and password, you also have to enter a six-digit code provided by a separate app on your smartphone, Google Authenticator.

Watch the Xero video below to see how to setup and use two-step authentication.

#2: Restricted User Access 

We know it might be easier to give access of Xero to everyone as it stops people from being unproductive, you might even dabble in sharing single user logins to make life easier.  Whilst this is the quick option have you ever stopped to consider exactly who has access to what?

Preventing Xero data breaches, data corruption or data losses could be as simple as not allowing access to Xero that people do not need.  Stop the problem at source.  Review which users have access to Xero and what their access rights are.  Only people who need access have it.

Yes this causes a bit of pain when someone needs a one off piece of information but this is much less painful than the clean-up operation.  You also need to consider your staff leaving process to ensure that any leavers access to Xero is turned off as soon as is practical.

#3: Login History

Within Xero you can easily review the login history for that user.  We recommend that you do this on a regular basis to check where there is am suspicious activity on your account.

On your Xero dashboard you can check when you last logged in, and the location of those logins, including IP address. If you don’t recognize the location or date of the last login, please contact customer support: phishing@xero.com.

#4: Assurance Dashboard

Xero users with Adviser access level rights can access the Assurance Dashboard.  This dashboard displays a heatmap of user activity and easily highlights any anomalies such as a spike in user access or access to areas of Xero that you would not expect the user to see. 

#5: Security Noticeboard

The Xero Security Noticeboard is a useful tool to check for any suspicious activity.  Any reported instances are logged on the noticeboard so you can keep an eye on any reported suspicious activity and see how to potentially avoid some of the common instances.

Check out the Xero Security Noticeboard for more details.  Remember to check it out regularly. 

#6: Encrypted Password Manager 

If you are consistently using the same password, leaving login details on post it notes or worse creating a spreadsheet of logins please stop it now.  Use an encrypted password manager such as LastPass.  If you have multiple staff then using the Enterprise level will allow you to disable access centrally should someone leave.  You can run security challenges to test how secure their passwords are and whether they are using the same password multiple times.

We know it is impossible to generate and remember tens if not hundreds of logins but with LastPass you don’t need to.  It will do the hard work for you. 

#7: Laptop Security

Each of your laptops needs up to date anti-virus software.  Password resets should be forced every 42 days.  Make it company policy to not have any documents stored on your desktop.  All records should be accessed via shared cloud solutions there is also no reason for any member of staff to use an external hard drive or USB device to transport or work on client records.

#8: VPN

Remote working now plays a huge part of the work that you do.  That being said you want to remain safe whilst out and about and lets face you don’t know who is sat with you in the local coffee shop intercepting and using your data.

As such implement a VPN (Virtual Private Network) which extends your private network across a public network, and enables users to send and receive data across shared or public networks as if our computing devices were directly connected to your private network.

Final Thoughts

If you are ready to make the switch to Xero and need help and support with a Xero migration product then call us today.  A lot of the suggestions mentioned here also go a long way to making sure you are GDPR compliant.

We are one of the UK’s leading Xero migration experts and help businesses every year make a seamless transition.

Click here to find out more.

Subscribe to our mailing list!

The truth is there are still quite a few unknowns about Making Tax Digital, digital disruption and the wider accounting landscape in the future.

This is something we spend a lot of time researching and thinking about.  If you would rather spend your time doing something more interesting sign up to our newsletter and we’ll let you know what you need to.

Start typing and press Enter to search

reasons to use xero accounting software
Xero accounting software – why you should use itArticles
Receipt Bank FetchArticles