Trent Innes of Xero Australia talks cybersecurity

Xero has already transformed Australia’s digital landscape, but it is their belief in total user security that keeps them ahead of the pack.



Mr Innes, Xero has truly changed the landscape for accounting and technology. With your recent Annual Partner awards, what has been the biggest find in regards to how companies are truly innovating when it comes to accounting?

Our awards acknowledge and celebrate the leadership that is being shown by Xero partners who are making tremendous strides to shape the future of accounting.

The digital landscape in Australia is evolving from “nice to have” to a “must have” as new government legislation is making it mandatory for small businesses to use digital systems of record. So it’s important for our Xero partners to be at the forefront of these changes, as they’re the ones on the frontline helping small businesses transform the way they do business.

Each year we witness the innovation step up a level, evidenced by the success stories of each of our state finalists and annual winners. This past year, both annual winners have proven innovation through the integration of “app stacks” in our ecosystem to help small businesses in different industry segments to create truly innovative businesses.

Those honoured in the awards are well and truly leading the pack and we’re proud to have them as part of our network.


Can you give us insights into the culture at Xero, which has excelled at ensuring bookkeeping becomes an easy to integrate aspects of any businesses activities?

Xero has fast evolved from a small agile startup to a global small business platform. Throughout our journey, our purpose has remained: “To have a positive impact on the world by growing small business”. To do that we use technology to connect small businesses to their banks, advisors and each other. We have focused on solving big problems for small businesses—with the three key ones being financial visibility, cash flow and access to lending.

Bookkeeping and keeping good data is critical to good business importance but it doesn’t mean it has to take hours. Xero has always been unique in our focus on creating a beautiful experience for the user that uses technology to turn critical business tasks into an easy short activity that gives business owners comfort in knowing that they are compliant and understand their business situation so they can make an informed decision.


For many, there is a legitimate fear around the security and privacy of the data that they release online. What has been Xero’s leadership’s role in combating cyber risks?

At Xero, loving and protecting our customers is one of our strategic business priorities and one we take very seriously.

One of the key initiatives we’ve championed this year is the rollout of two-step authentication (2SA) to our network. 2SA creates an extra layer of security by requiring customers to verify their identity using a separate device, decreasing the likelihood of unauthorised activity and significantly reducing the risk of account takeovers from stolen passwords. 2SA is increasingly seen as the standard for web-based applications, from online banking to communications apps.

Defining the security of customers as a matter of critical importance, Xero launched 2SA as an optional feature back in 2015 as a means to protect small businesses, accountants and bookkeepers. Now all accountants, bookkeepers, small businesses in Australia and those internationally with access to an Australian user are required to use 2SA to log into the platform. This means we have now transitioned hundreds of thousands of customers onto 2SA.

Additionally, as part of our commitment to protecting our customers’ data and information, we achieved formal ISO 27001 certification this year. This is the international standard that specifies the requirements for implementing, maintaining and continually improving an information security management system. We are taking all reasonable steps to protect the confidentiality, integrity and availability of the data and information we hold.

Our customers are at the heart of everything we do and we’ll do everything in our power to keep them safe online.


In your opinion, what role do you think the government should play in helping organisations combat cybercrime?

Security needs to be strong on all fronts and it’s important that government, corporates, technology companies, small businesses and advisors work together to safeguard information.

We have seen the government increasingly recognising this importance. The Australian Tax Authority finalised its Operational Framework in February 2018. Among its requirements, digital software providers such as Xero were required to implement mandatory 2SA across the entire platform last year. We fully supported this requirement as we believe it’s the right thing to do to help protect client data.

Additionally, the government launched the Australian Cyber Security Centre which spearheads a number of initiatives.

As an online community we need to work together to make sure we’re all protecting one another and keeping our data safe from cybercriminals.


In your view, what should Australian businesses be doing to ensure that they are not only protecting the security of their customers and clients, but are also secure against a cyber breach?

For many of us, the Internet is not just an intrinsic part of our lives, it’s integral to how we do business. It enables businesses to connect to global markets and complete transactions in minutes.

As we take advantage of the opportunities the Internet has to offer, online security becomes a priority. For Xero partners and customers, and anyone who operates online, this means being vigilant about keeping sensitive data and information secure from hackers and cybercriminals—just as you’d keep your home or your car safe by locking it.

The widespread adoption of 2SA is helping ensure business owners, financial controllers and payroll administrators play their part to keep data safe and secure, and in line with best-practice advice from the ATO.

Additionally, one of the most important things they can do is to create strong passwords. Over 80% of breaches occur due to stolen or weak passwords. Small businesses can use password manager software to help you use your multiple logins, and to generate strong passwords.


How can CEOs and Directors feel reassured that their personal reputation can survive serious cyber breaches?

Download the free e-book today!


Share via