Blog

Do you use Xero or MYOB? Protect yourself by using Two Step Authentication

What is Two Step Authentication?

Two Step Authentication (or 2SA) is an extra level of security when you log on to your cloud software, adding an authentication code as well as your username or password.  It is typically generated by an app on your mobile device or computer.  MYOB call it Two Factor Authentication.

Why do I need to use it?

Small businesses are often targeted by those involved in cyber crime because of lower levels of security and often poor IT processes.  Here are a couple of examples that have been seen recently:

Intercepted invoices – the hacker intercepts your invoice from your accounting software, updates the bank account to their bank account, and then sends on the invoice as if it came from you.  The customer pays into the incorrect bank account and you are none the wiser until you chase payment.

False supplier invoice – you receive an invoice from a common supplier for goods or services you have not bought.  You process and pay the invoice as usual.  Another variation is that clicking on the link to import into Xero takes you to a false webpage so that the hacker gets your username and password.

How do I set it up?

Follow the instructions from your software provider.  Here are a couple of links:

Xero – https://central.xero.com/s/article/Set-up-or-disable-two-step-authentication#Abouttwostepauthentication

MYOB – http://help.myob.com/wiki/display/sec/Two-factor+authentication

What else do I need to do?

Ensure all your staff that have access to your software have set up 2SA.  You can usually see from the user roles page who has done this.