Hackers are everywhere, waiting to pounce, so keep yourself, your business, and your clients safe online, writes Paul Macpherson, Xero’s Head of Security.

At Xero, we’re aware of the growing amount of email and invoice fraud, and account compromises that affect small businesses and the accounting and bookkeeping industry.

As more and more businesses manage their operations and do business online, it’s important for firms to keep their data safe.

Statistics from security software vendor Norton show that cyber crime costs more than US$126 billion a year globally. More than 680 million people worldwide have been victims of online crime.

A large proportion of these cyber-attacks originate from email, including phishing, ransomware, and malware delivery. And these figures are on the rise.

Because of this, it’s never been more important for all businesses to raise the priority of cybersecurity and safety, and to ensure everyone in their organisation is aware of best-practice guidelines and adheres to them.

Be aware

Cybersecurity isn’t a nice-to-have any more, it’s a basic necessity of running a business – whether you’re working on a desktop computer or using cloud technology.

Businesses need to take practical steps now to minimise the risks of being hacked. In the same way that a hospital is charged with protecting patient security, businesses need to keep their data, and their customers’ and clients’ data, safe.

Whether you’re a chief executive, a chief information officer, a tech company, or a small-business owner, cybersecurity is everyone’s responsibility.

To avoid becoming a target, you have to understand what to do to avoid an attack.

How you could be attacked

There are a number of ways business may be targeted.

Some have their email accounts hacked. These are then used to send out fake invoices that look just like the real thing, but with a fraudulent payment bank account number.

Bogus invoice emails can also contain links or attachments that deliver malicious software to your personal computer, such as ransomware or password-stealers.

Phishing emails steal information such as your usernames and passwords, credit-card details, and bank account numbers.

Steps to take

Here are some simple, easy-to-implement steps to share with your team to better protect your information and that of your clients online.

Always use strong, unique passwords for each site or service you log in to. Never share passwords. Having a unique password helps prevent a compromise of one login becoming a compromise of many. Password-safe software can help you manage your multiple log-ins.

Use two-factor or multi-factor authentication (2FA/MFA) wherever this is available. This is particularly important for your email account, which is usually the route hackers use to reset your passwords for other sites.

Install anti-malware (anti-virus, anti-spyware) software and keep it updated. It is one of the easiest and most effective things you can do to protect yourself.

Keep all of your software up-to-date with security patches.

Communicate often with your team about the importance of password security. In particular, discuss the fact that it’s not acceptable to use passwords for business that they use anywhere else (in particular for personal purposes, such as social media sites).

Continuous monitoring

At Xero, we consider protecting and defending our online environment against today’s sophisticated cyber attacks is of critical importance. Our security team works around the clock looking for patterns of unusual activity.

If a team member spots something suspicious, they’ll notify users of the steps to take to protect their account. In some cases accounts are disabled as a precautionary measure and the user asked to scan for malware and change their passwords.

At the heart of these concerns is that security is everyone’s responsibility. Business advisers need to educate themselves on the best ways to keep themselves and their clients’ information safe, and start making changes to strengthen their online practices as soon as they can.

For more information, visit Xero’s Security page, get updates on the latest security issues on Xero’s security noticeboard, and forward any suspicious Xero-branded emails to phishing@xero.com

By Paul Macpherson

First published 1 February 2018

The editorial below reflects the views of the editorial contributor only and content may be out of date. This article is sourced from a previous JUNO issue. JUNO’s content comes from sources that it considers accurate, but we do not guarantee that the content is accurate. Charts are visually indicative only. JUNO does not contain financial advice as defined by the Financial Advisers Act 2008. Consult a suitably qualified financial adviser before making investment decisions.