I seem to be on a bit of a speaking tour at present with the CIO Summit in Auckland being my most recent event. I was there to talk about our security work with Aura Software Security and how they’ve been critical to the success of our security story.

Our reputation depends on providing airtight security and from the early days of Xero we have been working with the experts at Aura to continually audit our security and provide us independent expertise on how to integrate secure practices throughout our organisation. Aura have been highly impressed by Xero because “the security of Xero was embedded in the company’s mindset and filtered down from the CEO right through to the admin team”. It is this “holistic” view of security throughout Xero that has been the driving force behind this success.

Below are some of the security precautions we take. There are many more that we won’t publish because, as you might expect, that wouldn’t be good security policy:

• We model our security on the policies and measures taken by banks. To be as “secure as a bank” is an aspirational goal for us and one we continually strive for.
• We use 128 bit SSL encryption, the same used for internet banking.
• Our servers are hosted with a world leading hosting provider, delivering the highest levels of availability, performance and security.
• Only a select few authorised personnel at Xero have access to the Xero production environment and all access is actively monitored and logged.
• No one has access to your organisation unless you’ve invited them. You can remove any invited users whenever you want. You have the option to invite Customer Care, but it’s for support purposes only and completely at your discretion.
• There is an audit trail of everything a user has done in Xero and you can monitor the activity of all your invited users.
• Users must choose a strong password and we enforce automatic lockouts when incorrect usernames and passwords are entered, alerting us to any attempts to hack in.
• We don’t allow the browser to save your login information which mitigates unauthorised access from a stolen or compromised computer.
• If you are logged in and don’t use Xero for an extended period you will be automatically logged out in case you’ve left your computer unattended.
• Security is an ongoing process, not a singular event – we continuously reinforce our defences.

How is Xero more secure than desktop software?

• Unlike desktop applications your data isn’t stored on your computer, so if your laptop is lost or stolen no one can access your data without a login.
• Providing access to your data by inviting specific users into your organisation and controlling their access is much more secure than emailing your data around or giving out discs with your data on it.

While we continually work very hard to keep Xero and your data secure there are some simple steps you can take to stay protected as well:

• Create a password nobody can guess, so no dictionary words or family names. Be cryptic or use multi-word pass phrases - easy to remember, hard to crack.
• Don’t write your password on a sticky note and attach it to your computer.
• Don’t share your email address and password with anyone else. Xero allows for unlimited users for each organisation: that feature is there for your security - use it!
• Keep your browser software up to date. For enhanced security we recommend Internet Explorer 7 (download here) or Firefox 3 (download here)
• Make sure you have anti-virus software installed and kept up to date.
• Make sure you only login at https://go.xero.com/.

As it’s the middle of winter in New Zealand a few of the team have the flu and generally feeling poorly.  A good time to revise our sick leave procedures.

To: All Xero Staff (and Shareholders)

From: Rod

Re: What do do when you’re sick

If you feel like you need to be off work you will require a medical certificate.  This will mean a trip to your doctor.

In New Zealand a doctors consultation for 15 minutes will cost you around $49. The same as a whole month of Xero.

As the doctor is completing your prescription, this is a good time to enquire about what accounting system they use. Advanced Xero’s will actually be able to do a live demo right there on the doctors computer.

Medical centres are mainly cash based with most receipts coming through the bank account each day and processing of supplier invoices. Use this information to show you understand their business. 

As you’ve paid for the consultation, don’t feel bad about using a few minutes to show the benefits of Xero.  It will make you feel a lot better if you can get them to sign up for a free demo. 

Accordingly medical certificates will now only be accepted with a matching demo sign up.

Be well.

Rod

:)

Sometimes it’s hard to try out an accounting system, so we’ve developed an excercise of 10 things you can try on the Xero demo site to learn how things work and help you evaluate Xero.

10 suggestions for trying Xero using the Demo Company

They are

1. Adding a sales invoice
2. Emailing yourself the invoice
3. Adding a bank account
4. Importing a bank statement
5. Reconciling you bank account
6. Reviewing aged receivables
7. Printing a statement for a customer
8. Viewing a Profit & Loss report
9. Exporting a report to Excel, a pdf or GoogleDocs
10. Inviting another user into your organisations

These are common things that people do every day with Xero so a great way to give us a run through.

You can sign up for the free demo here. http://www.xero.com/signup

Last week Apple announced the new version of the iPhone and also a range of new services that will be interesting to small businesses. This is a good sign that the big technology providers are starting to invest in solutions that will make it easier for small businesses to use technology.

MobileMe is a new email service that has some features you would normally only expect if you were part of a larger enterprise and had an IT department.

MobileMe stores a copy of your email and contacts on the internet so you can get to them from anywhere, as well as have email and contacts shared across the computers and your phone.

iPhone users will get alerted immediately when an email is received. This is called ‘push email’ as the email server sends you a notification as soon as it receives a new email message.  This makes email a far more dependable communication tool between you, your staff and customers. You send and receive email messages immediately like you might with SMS messaging now.

Google and Microsoft have also been busy for small businesses. Both providers have hosted email services that allow you to have your own domain name and manage email for a the people in your team.  These services are standard based so can be used by your existing email software.

MobileMe takes it to the next level however and it will be interesting to see if they allow you to host your own domain name or if you have to be ‘mybusiness@mac.com’.

Google also has shared spreadsheets, documents and storage that small business owners can use for free called Google Apps. You can even change things in your documents at the same time! You will need a geek friend to set these up for you as it can be a bit complicated.  Most mobile IT support companies will be able to help you get started.

They will also be able to help you get an email domain.  Much more professional to be joe@joesplumbers.com that joetheplumber@myisp.net.

We expect that these announcements will spark more innovation from Google and Microsoft.  It’s exciting to see such useful technology being made accessible to small business owners. 

One of the cool things you can do with Xero is use multiple windows.

This is really useful for doing your first ‘catch up’ bank reconciliation. As you go through your bank rec you discover repeating transactions. Rather than navigate between bank rec and repeating transactions to set them up you can create a new browser window (under the File menu on Safari or Command-N) and have both the bank rec and repeating transactions open at the same time.

After you have set up a new repeating transaction, simply switch back to the bank rec window, refresh, and your transactions should match and you can quickly process them.

This will save a lot of time.

You can have several windows open, depending on your screen size.

Enjoy!