While it feels strange to type this, having reached an award-winning level of diversity is not the end goal for us at Xero. Maintaining and increasing diversity is not a once and done thing – it needs constant, ongoing laser focus. https://bookkeeping-reviews.com/ At first I was hesitant to answer publicly about our approach because from my perspective, there is still more we need to do. I didn’t want to hold us up as having ‘solved’ the diversity problem, because that’s not true.
How long will Xero keep data?
Once a subscription has been cancelled in Xero, you will still be able to get access to the data in the future for up to seven years, unless you request it to be deleted.
It might seem obvious – but often we do overlook the obvious, simple things that can have a big impact. If you want to read more about a specific example, check out this post about one of our Security Analysts Ana Ramirez who started with us as a grad. Or read about how one of our existing Security grads Caitlin Mojica (pictured with me above) won Best Security Student at the NZ Women in Security Awards.
How can the Energy industry be better at gender balance and diversity? 9 tips to consider.
Once I had hired two GMs, the amazing Mark Knowles in NZ and the awesome Charlotte Wylie who was then in AU, I set them the task of increasing female diversity within our leadership team. Having worked in Security for over 20 years myself I had seen first-hand the power of bringing more diverse people into the team. I know the lived experience of being the only female for years at a time, so I felt the obligation to improve things for the better. Also, as a gay woman, I know the difference between having a diverse team and truly having inclusion. In the Technology function specifically, we have a comprehensive grad program and a focus on “growing, retaining and hiring diverse engineering talent”, including increasing female engineering promotions by 10%. We provide multiple layers of protection for the information you trust to Xero, including encryption when it’s transferred and stored.
- Afterwards a few people asked me how we had created such a gender diverse global team.
- The customer’s subscription may allow them or an invited user within this subscription to transfer data, including their personal information, electronically to and from third-party applications.
- We are particularly fortunate at Xero to have an environment and culture that supports diversity and inclusion in multiple ways.
- This means they keep redundant servers active in case of a single failure.We have an incident response plan in place and test it on a regular basis to ensure we are ready to act.
- Spotlight Reporting Limited expressly excludes liability for any loss of data no matter how caused.We retain an encrypted copy of a backup that is taken hourly, using fault-tolerant clusters of servers as storage.
- Indeed, when users are told to change their passwords frequently (I’m thinking in particular of some corporate environments where staff are forced to change their passwords every X weeks) that they often will choose poor passwords.
The ATO is responding to increased cyber breeches and attacks (particularly to Australian businesses), and introducing 2SA is just one measure. That journey is a whole other article in its own right but what it effectively enabled us to do was advertise more roles, such as People Leads and Product Owners, where security-specific experience was not required. One of our core values at Xero is #human and we have a number of initiatives to support that being a reality every day. Most important to our drive for greater diversity is our Ally Skills training which creates ownership in all our team members to understand what it means to be an ally for our diverse communities across the organization.
Why have I been blocked?
Xero is among those businesses making the switch to 2SA, as a way of improving their login process to further protect their users from cyber attacks. However, I don’t think it’s enough, and I don’t want to just wait around for that to happen. I am also deeply aware that gender diversity is only one lens of many in the spectrum of diversity. Spotlight Reporting Limited uses best practice in the transmission and storage of passwords. An automatic lockout is enforced when incorrect passwords are entered repeatedly. If customers are inactive for an extended period while still logged in to Spotlight Reporting Limited, they will be automatically logged out.
- We offer a generous Primary Carer parental leave package to all Xeros, regardless of gender, as well as a referral programme where existing employees of Xero can refer their friends to open roles with us for a cash bonus.
- 2SA, 2FA, MFA (two-factor or multi-factor authentication) or 2SV (two-step verification) all add another layer of security that makes it significantly harder for someone to get access to your account, even if they have somehow managed to get hold of your password.
- I know the lived experience of being the only female for years at a time, so I felt the obligation to improve things for the better.
- Another big move we took in 2021, under the leadership of Charlotte Wylie and Kandice McLean, was to introduce a Product Management function within Security to effectively “productise” how we work on the Security Engineering side.
- This included the Xero Board setting an ambitious gender diversity target of 45% of employees at all levels of Xero identifying as female by 2025 (increased from 40% in 2020).
When I joined Xero 3.5 years ago in 2019, the Security team was significantly smaller and our gender diversity stats were around 20% – a number in line with the industry average. It’s supported by the fact that the Xero Board at the time of our nomination was 43% female and our executive leadership team was 40% female – a number that has since risen further with the announcement of Xero’s first female CEO. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data. We are currently testing additional Two-Step Authentication (2SA) and will release that as soon as we can. Under 2SA you will need to enter a Time-based One-time Password (TOTP), which will be generated by an authenticator app you’ve installed on your phone or other smart device, and you would need both your password and the TOTP to gain access to Xero. ’ we introduced the topic of data breeches worldwide, and the fact that Australian data laws are particularly stringent.
Multi-factor authentication for access
We’re here and ready to answer all of your questions about Spotlight Reporting security. Be cryptic or use multi-word pass phrases; these are easy to remember and hard to crack. Spotlight Reporting Limited engages independent security specialists to review and audit our security. This includes penetration testing, source code reviews and automated server port security scanning. If you believe your password has been compromised – perhaps because you shared it with someone else. Xero provides more information on the 2SA change on their dedicated website page.
Best Payroll Software for Accountants (2023) U.S. News – U.S. News & World Report
Best Payroll Software for Accountants ( U.S. News.
Posted: Thu, 25 May 2023 18:25:30 GMT [source]
Practices can choose how long a password can be active, with a forced expiry date and password reuse settings available. Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Finally, of course, I report on our diversity stats regularly and share that with the team following the old Peter Drucker advice – “What gets measured gets managed”. Recently, my team at Xero won the Best Place for Women to Work in Security Award at the inaugural NZ Women in Security Awards. In our submission we highlighted that 33% of the Xero Security team were female at the time, and that our junior team members in Security were 57% non-male – a feat that stands in contrast to the industry average of less than 20%.
Multiple layers of protection for data
Spotlight Reporting Limited expressly excludes liability for any loss of data no matter how caused.We retain an encrypted copy of a backup that is taken hourly, using fault-tolerant clusters of servers as storage. Company-specific data is kept separate through logical separation at the data tier, based on application-level access permission and roles. Daily backups are kept for a fortnight.Spotlight Reporting Limited servers and databases are High-Availability. This means they keep redundant servers active in case of a single failure.We have an incident response plan in place and test it on a regular basis to ensure we are ready to act. Customers can export their reports to Excel or PDF at any time, to get their data out of Spotlight Reporting.
- Rather than being narrowly focused on requiring specific Security experience or certifications, we looked for candidates who could bring curiosity, culture fit and a ‘hacker mindset’ to their roles.
- This clearly could help someone notice that their account might have been accessed by an unauthorised user.
- That included us hiring many new team members from adjacent roles within Xero, including from our Customer Experience (CX) team.
- That journey is a whole other article in its own right but what it effectively enabled us to do was advertise more roles, such as People Leads and Product Owners, where security-specific experience was not required.
- Transmission of personal information over the Internet is at the customer’s own risk.
- Xero produces Service Organization Control (SOC 2) reports based on independent audits of Xero’s cloud-based accounting system.
However, when I re-framed it as simply sowing the seeds for a discussion on how we can improve diversity in Security across the industry – and how I can personally contribute to moving that forward – I was more motivated to write down my approach. Customer trust and data security is at the centre of what we do at Spotlight Reporting. While the introduction of 2SA can feel like an unnecessary change for some, keeping up with best-practice security is a vital part of staying safe and responsible in business – and 2SA is a mandatory requirement from the ATO. Many small companies use Xero to manage their finances, so it’s good to see the service strengthening its security. It goes without saying that none of this obviates the need for close attention to the websites you visit (especially when you might be asked to enter your password) and strong, up-to-date anti-virus protection on computers. It’s all too easy to imagine users, who find it tricky to remember passwords, choosing dumb passwords like “XeroJanuary”, “XeroFebruary”, “XeroMarch” or some similar sequence which is all too predictable.
How To Avoid Overwhelm With Your Online Marketing Strategy
This included the Xero Board setting an ambitious gender diversity target of 45% of employees at all levels of Xero identifying as female by 2025 (increased from 40% in 2020). The customer’s subscription may allow them or an invited user within this subscription https://bookkeeping-reviews.com/xero-security-report-and-data-breaches/ to transfer data, including their personal information, electronically to and from third-party applications. Spotlight Reporting Limited has no control over, and takes no responsibility or liability for, the security practices or content of these applications.
Spotlight Reporting Limited is committed to protecting customers’ data from unauthorised access, modification or disclosure. We continuously review and reinforce our security policy and procedures.Here are some steps we take to protect customers’ information against unauthorized access and system failures. Additionally, when we have open roles at any level within Security, I ask our Talent team for diversity stats on the candidate pipeline. When it came time to hiring a new GM layer to report to me, I worked closely with our Talent team to proactively identify and approach female Security leaders. Given Xero’s global presence, we had the advantage of being able to hire in multiple markets.
Everything, everyone, whenever they like. Why data breaches keep happening.
Customers are responsible for checking the security policy of any such applications. Indeed, when users are told to change their passwords frequently (I’m thinking in particular of some corporate environments where staff are forced to change their passwords every X weeks) that they often will choose poor passwords. Rather than being narrowly focused on requiring specific Security experience or certifications, we looked for candidates who could bring curiosity, culture fit and a ‘hacker mindset’ to their roles. That included us hiring many new team members from adjacent roles within Xero, including from our Customer Experience (CX) team. At the time we made our award submission, the wider Security leadership team reporting to me was predominantly female.
Who can access Xero files?
** Read only users can only view or download files attached to spend or receive money transaction in the account transactions tab, not in the individual transaction.
Spotlight Reporting Limited performs background checks before hiring workers and removes their access to systems and facilities when they leave our employment. Only authorized individuals have access to a customer’s information when it is critical to complete tasks for them, and they allow it.We provide privacy and security training to all employees when hiring. Employees also take security training annually and the privacy training bi-annually thereafter. External access to our servers is restricted to only a small number of Spotlight Reporting staff, by the use of Multi- Factor Authentication, IP Restriction and username/key pairs. These systems and processes are configured and monitored according to industry best practice. 2SA, 2FA, MFA (two-factor or multi-factor authentication) or 2SV (two-step verification) all add another layer of security that makes it significantly harder for someone to get access to your account, even if they have somehow managed to get hold of your password.