It was the place to be for industry updates, product developments and rollout reviews for 3,702 accountants and bookkeepers, which made Xerocon Brisbane the perfect time for Xero Head of Security Paul Macpherson to talk advisors through the latest threats that could impact small business – and the lines of defence they can champion with their clients.
In today’s economy over 80% of breaches occur via stolen or weak passwords, with email as the primary method of attack, said Macpherson. Keeping sensitive employee and customer data safe is paramount to running a sustainable and trusted modern business.
Steps to protect your data
Brushing up on security awareness is one key way small businesses can protect their data, and there are important and simple steps that can reduce the risks:
- Choose strong, unique passwords for each service
- Protect your devices, including smartphones and tablets
- Use additional authentication – 2SA / 2FA / MFA / 2SV
Spotlight on two-step authentication
Macpherson also walked advisors from Australia, New Zealand and Asia through our current two-step authentication (2SA) rollout in Australia, where 2SA is already mandatory for all advisors and will soon be mandatory for anyone with access to an Australian organisation through Xero.
2SA works by having two layers of security: first you enter your existing password, then another verification code is generated by an app on your smart device. Having 2SA enabled significantly reduces the risk of account takeover, because stealing your password isn’t enough to get access. New updates mean you can also specify an alternate email address when you set up 2SA to provide a fallback option if your authenticator app isn’t available.
Wherever you do business, we encourage you to promote two-step authentication with your team and your clients. Set up is simple and the upsides are intrinsic to a thriving, connected business.
To learn more about security best practices, and how 2SA can help you, read Paul Macpherson’s latest articles:
- 2SA and the authentication process: It’s fundamental to good security
- The weakest link: Why security is everyone’s responsibility