Tag: bookkeeping

using xero on an iphone

Changes to multi-factor authentication coming for Xero customers

Posted on | by Allan Hall

Over the last few years, our lives – and businesses across the world – have moved online at a rapid pace.

Unfortunately, cybercriminals have followed and are using new, digital methods to target Australians. As custodians of your data, Xero does all they can to protect the information held in your account.

One of the ways is through multi-factor authentication (MFA), a process designed to secure how you log in to Xero and verify it’s really you. An upcoming Australian Tax Office (ATO) update to MFA regulations means anyone that accesses an Australian organisation globally needs to re-authenticate their device every 24 hours when logging in to Xero.

What’s changing with MFA?

Many of Xero’s Australian customers would have started using MFA back in 2018 when it was first introduced by the ATO. Throughout 2021, Xero rolled out mandatory MFA for users in all other countries. Today, every Xero customer must use MFA when they log in.

Recently, in response to growing cybersecurity threats, the ATO updated its regulations around MFA for software providers like Xero. This means that the length of time a device is trusted for must be limited to 24 hours for cloud-based business applications, such as Xero. 

From early October, ‘remember me on this device’ will change. Currently, you can skip authentication for 30 days when signing in to Xero via MFA (such as through the Xero Verify, Google Authenticator or Authy apps), which remembers the unique device you’ve logged in with. With this update, you will need to re-authenticate your trusted device (such as a laptop, tablet or phone) every 24 hours.

When will this happen?

The 24 hour change to Xero’s MFA trust device frequency will start from early-October. From then, you’ll need to authenticate daily when you log in to your account.

Why is this being changed for Australian customers?

This is a regulatory change from the ATO and is to support cybersecurity measures to protect users’ valuable data – just think of all the critical information stored within your Xero account. It’s important to keep this safe.

You’ll likely remember when MFA was first mandated by the ATO. Just like last time, Xero is updating its platform to comply with this change and make it a smooth transition.

What if I’m in another country, like New Zealand, but access an Australian organisation in Xero?

This change doesn’t just apply to Australia but to anyone globally that accesses an Australian organisation – even if it’s just one account in Australia that you log in to. This is because you are accessing information (including personally identifiable information) that falls under the ATO’s remit.

Do I need to make any updates myself?

No – rest assured that the Xero platform will update automatically in early October. Since all Australian customers already use MFA, you won’t have to change anything about how you log in to Xero – except for daily authentication. This means you can continue to use your usual verification tool, whether it’s Xero Verify or a third-party app like Google Authenticator.

Why is cybersecurity so important and should I be worried?

Security has always been important at Xero and we want to keep your valuable business data safe. Since the start of the pandemic, activity by cybercriminals has been on the rise in Australia. As our lives have moved more and more online, so too have the approaches of cyber criminals.

They’ve continued to evolve and use increasingly sophisticated ways to entrap victims online. One of the most common types of cybercrime is phishing, which tricks you into clicking on a fraudulent email, text message or web link to then access your online accounts and steal your personal and business information.

How does MFA help protect me against cybersecurity threats?

MFA is one of many important tools used to safeguard against cybersecurity threats. It’s a security process which uses at least two different factors, something you know (your password) and something you have (mobile device), before you can enter your account.

This second layer of security is designed to prevent anyone else from accessing your account, even if they know your password. In fact, research shows that MFA can prevent up to 80% of data breaches.

What does this mean for Xero’s mobile apps?

Xero’s suite of mobile apps, such as the Xero Accounting App, Xero Expenses and Xero Projects, will also be impacted by these new regulations. When the new versions are introduced, you will no longer be able to choose the lock device option ‘Don’t lock it’. You will either need to use a security code, which will be available on Android for the first time and is currently available on iOS, or use Face ID.

What if I normally share my login with members of my team?

Shared logins reduce the security of your Xero account. The more people who have access to a login, the more likely it is to be compromised. Everyone who accesses an organisation in Xero should have their own login details (as per Xero’s terms and conditions).

If they don’t already, now is the time to make sure everyone is set up with what they need to securely use Xero. 

Read more about MFA here and troubleshoot any possible issues here »

CONTACT ALLAN HALL

July

Superannuation Guarantee changes

Posted on | by Allan Hall

Is your system updated for the latest SG changes?

From July 2022, the $450-per-month super guarantee (SG) eligibility threshold was removed.

This means that if an employee meets the other SG eligibility requirements, you must pay them SG, regardless of how much they earn. However, employees under 18 must still work more than 30 hours in a week to be eligible.

It’s important to make sure your payroll and accounting systems have been updated for salary and wages paid from 1 July 2022. This will ensure you correctly calculate your employee’s SG entitlement.

An employee’s eligibility for SG is determined when they are paid, not when they earn the income.

This means if you pay an eligible employee on or after 1 July 2022, you need to pay their super regardless of how much they have earned – even if all or part of the relevant pay period is before 1 July.

The ATO’s Superannuation guarantee eligibility decision tool can help you determine if your employees, including any contractors treated as employees for super purposes, are eligible for super.

You can also check out the Super guarantee contributions calculator to help you work out how much super you need to pay.

CONTACT ALLAN HALL

, , , , , , ,
person writing and typing on laptop

Single Touch Payroll Phase 2

Posted on | by Allan Hall

What every small business needs to know

Single Touch Payroll (STP) Phase 2 means every business that employs staff will be required to get on board with the expanded program.

STP Phase 2 requires additional information to be reported to the ATO, enabling other government agencies to leverage the STP infrastructure to receive information and support the administration of the social security system.

Single Touch Payroll Phase 2 in a nutshell

With STP Phase 2 reporting live from 1 January 2022, there’s expanded capturing and sharing of payroll and employee data as compared to the original rollout of Phase 1.

This extended capturing by the ATO is shared more widely with relevant government bodies – such as social services – and fills certain gaps in payroll information sharing that wasn’t previously being transmitted. This new data remit remains an automated process, handled through STP-compliant payroll software such as cloud accounting apps and payroll systems.

What the new is data being shared?

The ATO is looking to patch knowledge gaps in the payroll submission process to support social security purposes and get a better understanding of employee payment details.

So, in addition to the payroll and employee information you’re already sharing through STP Phase 1 (salaries, PAYG, superannuation), Phase 2 involves capturing the following pay items, employee records and new fields:

  • employment basis
  • paid leave
  • allowances
  • overtime
  • cessation details and termination reasons
  • child support deductions
  • salary sacrifice
  • lump sum payments
  • country codes

Under STP phase 2 reporting employers are also required to separately itemise the components which make up the gross earnings amount by reporting all allowances separately, not just expense allowances that may have been deductible on an employee’s individual income tax return.

Digital Service Providers (DSPs)

STP Phase 2 requires employers to fill out employees’ payroll data correctly in your chosen software solution. Be sure to use a DSP that can roll out compliance updates to their software.

Updates to STP will be made by DSPs on users’ behalf and they are working with the ATO to ensure timely and competent compliance and delivery. Employers are already filling out this payroll information, so there are no new fields to capture on your end. In this sense and the automated nature of STP, employers are not required to do anything further than what is already being done under Phase 1.

What it will do is decrease the compliance burden upon businesses in terms of reporting. For example, under Phase 2 employers are no longer required to submit TFN declaration forms.

What will not be changing

The rollout of STP Phase 2 following does not change:

  • the way Single Touch Payroll is reported
  • Single Touch Payroll reporting dates (on or before payday)
  • the types of employee payments required for Single Touch Payroll reporting
  • employers’ current tax and super obligations
  • end of year finalisation requirements and submission responsibilities

The next stage of the Single Touch Payroll (STP) journey is underway

STP Phase 2 will see businesses build on their existing payroll reporting to share more information each pay run.

Most employers are now reporting through STP. You will need to start reporting if you have not yet transitioned, unless you have an exemption or a deferral.

What do business owners need to do?

If you’re currently STP compliant with payroll software that’s enabled, you should be running your payroll as usual. If you’re a Xero or MYOB user, your DSP will confirm when your solution is ready for STP Phase 2 reporting.

If you have any queries or concerns over your payroll solution or if you need reassurance, please consult your Allan Hall bookkeeper or accountant.

CONTACT ALLAN HALL

Related reading

Expansion of STP (Phase 2)
November

JobSaver Payments End 30 November 2021

Posted on | by Allan Hall

JobSaver payments to end 30 November, coinciding with further relaxation of COVID-19 restrictions.

When NSW reaches the 80% double vaccination rate, the joint Commonwealth and NSW Government JobSaver payments will cease and the Commonwealth will end its contributions.

NSW businesses will continue to have access to the JobSaver program at a reduced rate until the end of November even after the Commonwealth withdraws its support.

The NSW Government will continue to fund its 50 % contribution to JobSaver payments, tapering JobSaver payments from 30% to 15% of weekly payroll.

Details of the JobSaver tapering are set as follows:

JobSaver 
(excluding extension 
program)		Share of 
weekly payroll		Weekly payment range  
(paid fortnightly)		Weekly payments to non-employing business 
(paid fortnightly)
Current40%$1,500 to $100,000$1,000
10 October30%$1,125 to $75,000$750
80% double dose15%$562.50 to $37,500$375
30 November___

The extension of JobSaver will work alongside the NSW Government’s Roadmap and the easing of restrictions.

After NSW reaches the 80% double vaccination target the Micro-business grant will continue to be available at a rate of $750 a fortnight, before ceasing on 30 November.  

The NSW Government will announce its Economic Recovery Plan in early October, designed to boost business confidence and jobs growth and inject stimulus as restrictions ease across the state. 

CONTACT US

HomeBuilder Package

Be your best tradie with the right tech

Posted on | by Allan Hall

How can tradespeople go about streamlining their business and help set themselves up for success?

Reduce admin with the right tech

For trade business owners wanting to get more control and grow their business, reducing time spent on admin can have a huge impact. 

Worldwide, 39% of tradespeople spend more than 12 hours per week on paperwork – that’s more than one working week every month. Using specialised trade business management software can drastically reduce this.

For example, one area that’s a time blackhole for tradespeople is quoting. A fast and efficient quoting system not only saves admin time, but can also have a positive impact on how many jobs a tradesperson is likely to win.

Managing staff and communicating with customers is another area where the right software can come to the rescue for tradespeople. It’s easy to see how this time can add up if operators are spending a lot of the time on the phone, booking jobs, giving customers updates and liaising with staff.

Whereas using a cloud-based job management app like Tradify can ensure that your staff know exactly what they need, where to go and what to do just by checking the app. The Tradify app also features live job-tracking which can help communicate to each customer exactly what’s happening.

Using software to set up efficient admin processes builds a solid foundation for a trades business.

The amount of time saved compounds over time, potentially saving hundreds of hours a year. And the flow-on effects can be huge. Not only does it mean time saved, it can also help tradespeople feel less stressed, more in control and give them time back to spend on higher value activities, helping their trade business grow as a result.

We know that better efficiency gets you more family time and the ability to take the time off you want to have!

Got a question about making the most of technology in your trade business? Get in touch with our Bookkeeping team who will be able to assist you with all your cloud bookkeeping queries on 02 9981 2300.

Allan Hall Business Advisers are Platinum Xero Partners.

CONTACT US

xero verify app

Xero Multi-Factor Authentication

Posted on | by Allan Hall

Introducing the new Xero Verify app

To give you fast, easy and secure access to your Xero account using MFA, Xero has created their own authenticator app called Xero Verify.

It’s built using the highest security standards to give you confidence that your account access is in safe hands.

Xero Verify is now available free of charge in the Apple and Google app stores. It only takes a few minutes to set up and sends a push notification to your phone when you log in, so you can just tap and go.

How we’ll help you prepare for MFA

While we encourage you to download Xero Verify and opt-in to MFA when it’s available, Xero will give plenty of notice before it becomes mandatory. As always, our team is here to support you, to make it as easy as possible for you to stay safe and secure.

Got a question on Multi-Factor Authentication on your Xero business account? Get in touch with our Bookkeeping team 02 9981 2300 for cloud bookkeeping assistance.

Allan Hall Business Advisers are Platinum Xero Partners.

CONTACT US