Skip to main content

A Xero study published in December 2021 found that ICT spending by New Zealand businesses has seen a significant increase from pre-pandemic levels.

The study, titled “Accelerating the Pace: Trends in Technology Adoption and Use in Small Businesses,” collected anonymized data from more than 300,000 small businesses in New Zealand, Australia and the United States. UK and took into account statistics involving aspects such as digitization practices, app usage, economic growth rates and total expenditure.

New Zealand businesses have increased their ICT spending by 25%. In contrast, the UK grew by 20% and Australia by 13%. Although the UK and Australia both recorded higher spending rates in individual data categories, New Zealand came out on top overall.

New Zealand small businesses have reported higher total sales levels, leading to better sales and payment results and fewer job losses throughout the pandemic. As a result, the report recognizes that significantly higher ICT spending than Australia and the UK is key to New Zealand’s success.

“It demonstrates that small businesses in New Zealand, as well as Australia and the UK, are embracing technology to adapt to a changing operating environment and realizing the benefits that cloud accounting and tools offers,” says Xero, citing the research.

“We are also seeing governments globally introduce initiatives to incentivize small businesses to move to the cloud as the technology drives greater economic productivity.” is part of the Department for Business, Innovation and Employment (MBIE) and helps small businesses ensure they comply with government standards by providing information and advice through specially adapted tools and resources. It does this by working with New Zealand government agencies and private sector businesses and organizations to determine the challenges small businesses face and how best to address them.

According to their website, small businesses, contractors, and self-employed people must all keep their tax records for at least seven years in case they are audited and required to share them with the IRS. Documents to keep include invoices, receipts, petty cash, vehicle logs, payroll books, bank statements, asset records and amortization schedules, and emails arranging meetings. business if travel expenses to another city or country are part of a claim.

This means that data at risk of being stolen need not only be recent, potentially exposing businesses to data breaches dating back years. Combining this with the increase in adoption, it begs the question how secure is accounting software data?

Philip Whitmore, partner at KPMG Cyber ​​Security Services, says there are various potential risks to private sector companies that arise from using accounting software, such as someone making unauthorized payments or disclosing customer information.

“Regardless of whether an accounting system is managed in-house or whether you use a cloud-based system, the security risks are similar,” says Whitmore.

Xero echoes this statement, saying that ultimately, access to accounting software from more devices and locations will lead to increased risks of login information being intercepted by third parties. malware.

“This risk can be mitigated by only logging in from a known device and implementing two-factor authentication across all services,” Xero explains.

According to Xero, as the company continues to grow its current three million subscribers worldwide, it must continue to educate and support its customers to ensure their data is as secure as the Xero platform itself. .

“We consider ourselves the guardians of customer data and we take this responsibility very seriously,” adds Xero.

“However, we all play a role in keeping Xero secure, including our customers. From multi-factor authentication and password hygiene checks on customer accounts to data encryption and regular security audits, these are all small but essential things that small businesses need to reduce risk.

Whitmore adds that in order to trust a cloud-based accounting system with data, whether business or personal, ensuring they have strong security should be a top priority.

“This is most often done by reviewing an independent report on their safety. This style of reporting is commonly referred to as a Service Organization Controls (SOC) report,” says Whitmore.

“Beyond that, you want to make sure you’re using all the security features available – multi-factor authentication is a must – and that you have strong internal control processes in areas like user management, authorizing payments and managing changes to vendor records.

CERT NZ supports businesses subject to or at risk of being affected by cybersecurity incidents with advice and information designed to reinforce robust enterprise-level cybersecurity practices.

The organization claims that if it had been in place, two-factor authentication could have prevented 65% of reported cybersecurity incidents.

According to CERT NZ, two-factor authentication (2FA) is a simple yet robust security step that can be used enterprise-wide to protect email accounts, bank accounts, financial systems and data. client.

2FA works by providing a user with a uniquely generated code when they attempt to log in, either sent to their phone or available through an authenticator app.

Multi-factor authentication is a variation of the same process and, in Xero’s case, “provides a second layer of security that prevents anyone else from accessing your Xero account, even if they know your password.”

The Australian Taxation Office recently made multi-factor authentication (MFA) mandatory and as a result the country has seen a substantial reduction in account takeovers.

Seeing this, Xero followed suit by requiring all of its customers worldwide to implement MFA, including New Zealand.

Additionally, the company has also released its own authenticator app, Xero Verify, to make the platform more secure and easier.

“As part of this work, we have Security Awareness and Education Managers who conduct customer webinars, write materials, and constantly talk to Xero customers,” Xero notes.

“We also have a dedicated hub in Xero Central with security resources.”

Xero says security is a crucial part of its business, and like other online services, the company continues to ensure data security on its platform.

“Our dedicated security team has critical work programs, which take a layered approach to ensure that the security of our product, and the platform it resides on, is safe to house the customer data entrusted to us. “, adds Xero.

This includes investing in areas such as using high-end industrial security tools, performing an external audit to ensure it meets international standards, and prioritizing data security.

As for the attacks, Whitmore says they typically focus on stealing passwords through acts such as phishing or trying to convince a user to change a provider’s bank account.

He adds that at the end of the day, personal responsibility is as important when using accounting software as it is with anything else.

“These [attacks] are not problems with the accounting software, but rather the way you use it and the robustness of your internal control processes.