Stereotypical hacker trying to break into a system

Protecting Your Business Against Cyber Attacks

Why Be Vigilant Against Cyber Threats

In today's digital landscape, cyber threats such as phishing (fishing)  pose a significant risk to businesses of all sizes. For any business, big or small, the potential financial and reputational damage from a successful scam or phishing attack can be devastating. At Shelly's Bookkeeping, we want to ensure our clients are equipped with the knowledge to protect their valuable business assets and data.

Understanding The Threat

Scams and phishing attacks are often sophisticated and designed to trick you or your employees into revealing sensitive information, transferring money, or installing malicious software.

According to Statista, Phishing attacks grew approximately 49% between  2021  and  2024

What is Phishing ?

Phishing is a type of scam where an attacker disguises themselves as a trustworthy entity in an electronic communication. This could be an email that looks exactly like it's from your bank, a supplier, or even a service like Xero. The goal is to trick the recipient into clicking a malicious link or opening an attachment. These attacks can lead to:

  • Financial Loss: Direct transfer of funds or unauthorized purchases.
  • Data Breach: Compromise of client details, employee records, or intellectual property.
  • System Disruption: Loss of access to critical business systems and data.

Common Scam Warnings To Look Out For

Being vigilant means knowing what to look for. Always be suspicious of:
  • Urgency or Threats: Messages that pressure you to act immediately to avoid a penalty (e.g., "Your account will be suspended in 24 hours").
  • Requests for Sensitive Information: Reputable companies, especially financial services and software providers, will never ask you to send passwords, credit card numbers, or your Two-Factor Authentication (2FA) code via email.
  • Unusual Sender Addresses: Look closely at the "From" email address. Scammers often use addresses that are just slightly different from the legitimate one (e.g., shellysbookkeepiing.com instead of shellysbookkeeping.com.au). Sometimes particular font types can be selected to substitute similar looking  number for letters. ie (O 0), These can be particularly difficult to spot.
  • Poor Grammar and Spelling: While not always present, errors can be a strong indicator of a scam.
  • Fake Links That Look Legitimate. Hover over any links and check to see if they resolve into an address you are expecting, links that are shortened or have lots of numbers should be treated suspiciously (ie http://bit.ly/2LOiM8V)

The Critical Role of Xero's Two-Factor Authentication

As bookkeepers, we rely heavily on Xero for managing your finances. Your Xero account contains sensitive financial records that, if compromised, could be used to transfer money, manipulate invoices, or even steal your business's identity.

This is why Xero’s Two-Factor Authentication (2FA) is not optional—it is a critical layer of defence.

2FA requires two forms of verification before access is granted:

  1. Something you know (your password).
  2. Something you have (a one-time code generated by an app on your mobile phone).

In the scenario where  a scammer manages to steal your password through a phishing email, they cannot access your account without your physical mobile device to generate the 2FA code. We strongly urge every business owner and employee with Xero access to enable and enforce 2FA immediately. If you need assistance setting this up for your team, please contact  Shelly's Bookkeeping, and we will be happy to guide you.

Best Practices for Business Security

Proactive steps are the best defense against cyber threats:
  • Train Your Team: Regular training on identifying phishing emails is essential. A single click from one employee can put the entire business at risk.
  • Verify Requests: If you receive an unexpected invoice or a request to change payment details from a supplier or client, do not use the phone number or email in the suspicious message. Instead, call them on a trusted, pre-existing number to verify the request.
  • Use Strong, Unique Passwords: Use a password manager and ensure every system has a complex, unique password.
  • Keep Software Updated: Regularly update all operating systems and software to patch security vulnerabilities.
  • Secure Your Devices: Ensure all company-owned devices, including phones and laptops, are protected with passwords/biometrics and kept in a secure location like Place.

Stay safe in your business by being vigilant. For more information or assistance with securing your financial systems, reach out to us 

Shellys bookkeeping Xero gold partner logo

SHARE THIS ARTICLE

Ready To Get Started ?