Sucuri WebSite Firewall Access Denied

In Security we have made good use of both of these by taking in a large number of grads every year, converting at least half of them to become permanent employees in Security and then committing to helping them grow their careers with us. If you don’t have a Xero login, you can request the latest available ISO certificate or SOC 2 report by completing a request form.

Is Xero ask secure?

Xero HQ Ask is a secure way for you to request information or documents from clients. Keep track of client replies and see queries which are outstanding. Whether they're a Xero user or not, clients use a secure login to access your questions and submit replies.

Practices can choose how long a password can be active, with a forced expiry date and password reuse settings available. Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Finally, of course, I report on our diversity stats regularly and share that with the team following the old Peter Drucker advice – “What gets measured gets managed”. Recently, my team at Xero won the Best Place for Women to Work in Security Award at the inaugural NZ Women in Security Awards. In our submission we highlighted that 33% of the Xero Security team were female at the time, and that our junior team members in Security were 57% non-male – a feat that stands in contrast to the industry average of less than 20%.

Security and Policy Procedures

When I joined Xero 3.5 years ago in 2019, the Security team was significantly smaller and our gender diversity stats were around 20% – a number in line with the industry average. It’s supported by the fact that the Xero Board at the time of our nomination was 43% female and our executive leadership team was 40% female – a number that has since risen further with the announcement of Xero’s first female CEO. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data. We are currently testing additional Two-Step Authentication (2SA) and will release that as soon as we can. Under 2SA you will need to enter a Time-based One-time Password (TOTP), which will be generated by an authenticator app you’ve installed on your phone or other smart device, and you would need both your password and the TOTP to gain access to Xero. ’ we introduced the topic of data breeches worldwide, and the fact that Australian data laws are particularly stringent.

  • Maintaining and increasing diversity is not a once and done thing – it needs constant, ongoing laser focus.
  • Xero produces Service Organization Control (SOC 2) reports based on independent audits of Xero’s cloud-based accounting system.
  • Psychological safety is another fundamental part of the Xero culture, and everyone is supported to reach their full potential knowing they can be exactly who they are and get the roles they deserve.
  • This clearly could help someone notice that their account might have been accessed by an unauthorised user.
  • Rather than being narrowly focused on requiring specific Security experience or certifications, we looked for candidates who could bring curiosity, culture fit and a ‘hacker mindset’ to their roles.

We’re here and ready to answer all of your questions about Spotlight Reporting security. Be cryptic or use multi-word pass phrases; these are easy to remember and hard to crack. Spotlight Reporting Limited engages independent security specialists to review and audit our security. This includes penetration testing, source code reviews and automated server port security scanning. If you believe your password has been compromised – perhaps because you shared it with someone else. Xero provides more information on the 2SA change on their dedicated website page.

Step Authentication in Xero

This included the Xero Board setting an ambitious gender diversity target of 45% of employees at all levels of Xero identifying as female by 2025 (increased from 40% in 2020). The customer’s subscription may allow them or an invited user within this subscription to transfer data, including their personal information, electronically to and from third-party applications. Spotlight Reporting Limited has no control over, and takes no responsibility or liability for, the security practices or content of these applications.

While it feels strange to type this, having reached an award-winning level of diversity is not the end goal for us at Xero. Maintaining and increasing diversity is not a once and done thing – it needs constant, ongoing laser focus. At first I was hesitant to answer publicly about our approach because from my perspective, there is still more we need to do. I didn’t want to hold us up as having ‘solved’ the diversity problem, because that’s not true.


Customers are responsible for checking the security policy of any such applications. Indeed, when users are told to change their passwords frequently (I’m thinking in particular of some corporate environments where staff are forced to change their passwords every X weeks) that they often will choose poor passwords. Rather than being narrowly focused on requiring specific Security experience or certifications, we looked for candidates who could bring curiosity, culture fit and a ‘hacker mindset’ to their roles. That included us hiring many new team members from adjacent roles within Xero, including from our Customer Experience (CX) team. At the time we made our award submission, the wider Security leadership team reporting to me was predominantly female.

Xero Security Report And Data Breaches

Transmission of personal information over the Internet is at the customer’s own risk. Afterwards a few people asked me how we had created such a gender diverse global team. Gender is just one facet of the diversity and inclusion effort, but it is such an essential one in this space. Security, like so much of the tech industry, is traditionally male-dominated, so providing opportunities at every experience level to all genders (and in particular cis-women, trans and/or non-binary individuals) is critical to us in our work.

We are particularly fortunate at Xero to have an environment and culture that supports diversity and inclusion in multiple ways. Fundamentally, Xero champions diversity and inclusion to create better outcomes for our people and our customers, and these system level factors start right at the top. Within each account, customers can provide user permission to others at a level of access they select. Administrators or Partners can invite or remove individual users from their account at any time.Selected Spotlight Reporting Limited staff can also access a customer’s data for support purposes only, and only when provided permission by that customer. Spotlight Reporting Limited adheres to best practice policies and procedures to prevent data loss but does not make any guarantees that there won’t be loss of data.

Nice spin for what was clearly an error that would have given some users the jitters (especially when the version of the Xero website local to their territory shared no further information and their Twitter account was silent), but I’m not sure it’s entirely sensible. Yes, some accounts were compromised – but Xero meant to send the alert only to active users in Australia, rather than around the world. Another big move we took in 2021, under the leadership of Charlotte Wylie and Kandice McLean, was to introduce a Product Management function within Security to effectively “productise” how we work on the Security Engineering side. One of the first things I did was tell people that I wanted to see more diversity in the Security function.