Cyber-crime is an issue globally, and scams are increasingly becoming more sophisticated. We each have a responsibility to be vigilant and can follow some simple steps to protect our online safety.

How to protect your online security

As a Xero user we strongly advise you to take the following steps to help minimise the chances of your online safety being compromised – this includes making it a priority to reset your password.

1. Check for malware. Firstly, you should check that malware has not been installed on our computer. You can do this by ensuring you have the latest security software. Update your anti-malware (anti-virus, anti-spyware) and run a full scan on your computer. Make sure you get your anti-malware from a reputable source. Sometimes what can look like genuine software is actually malware in disguise. If in doubt, run virustotal.com as a preliminary check. Malware is one of the easiest ways for hackers to get access to your device, so it’s important to take this seriously.
2. Reset your password. We strongly encourage you to change your password regularly. The best way to reset your password is to follow the My Xero Password instructions in the Xero Business Help Centre. We recommend using a different password for Xero than for other applications you access and turning off your password auto save.
3. Do not share your password. To keep yourself safe online, do not share your password with anyone. There is no need to share login details within Xero. You can easily add new users to your account and provide them with their own login access rights.
4. Check your login page is safe. Always login through the login.xero.com page. Check for the padlock safely symbol in the URL bar.
5. Be wary of suspicious emails. If you receive a Xero-branded email that is unusual or doesn’t look quite right, make sure you:
   • Do not click on any link or attachment contained in the email
   • Do not reply to the email
   • Report the email by forwarding it to [email protected]
   • Delete the email

Xero’s Security

We would like to assure you that Xero systems have not been compromised. Investigation by KPMG’s Cyber Security Practice has confirmed that there is no evidence that this activity is a direct attack on Xero or its security services, or that Xero systems have been compromised in any way.

Xero takes security very seriously. If malicious activity was ever to be identified in relation to your account, Xero would take the precautionary step of disabling your account temporarily, and would notify you immediately.