AccountRight company files can contain lots of private and sensitive information. Ensure that you take the following precautions to secure your information:
Restrict access with company file user accounts
Create a username and password for each person who will work on your company file. This set of credentials is called a company file user account. For help setting up an account, see Invite a user to an online file if your file is online, otherwise see Add a user to an offline file.
Ensure each company file user account has a strong password, especially the Administrator system account, and any other accounts that have been given the Administrator role. See Changing and resetting user passwords.
Assign appropriate roles to each company file user account, so that they can get access to the information they need for their day-to-day work. Use roles to restrict access to sensitive information, like bank account details or payroll information. See Default user roles.
Review the security audit reports to check for unauthorised access attempts or transactions.
Use best practice security when transferring files
When transferring an AccountRight company file between computers (such as via email or USB) we recommend using a password protected zip file to secure the company file (ensure that the password is robust and not easily guessed).
If you are transferring the file to another person, such as your accountant, send the password separately using another communication method. For example, if you email your accountant the company file, send them the password via text message.
Are all MYOB accounts set up and used correctly?
If your company file is online, all users who will access your file need their own MYOB account. A user will be prompted to create an account when you invite them to access your online file. See Managing your MYOB account and Accept an invitation to work online.
Turn on two-factor authentication. This is a secure sign-in process that combines a password with your mobile phone. See Two-factor authentication.
When accessing an online file, each user should sign in with their own MYOB account.
Ensure each user of your file has secured their MYOB account with a strong password.
When inviting a new user to access your online file, assign them the correct access level. For example, most users should be set up as Online File Users. When they sign on with their MYOB account, they will only have access to files they've been invited to. See Set a user's online access level.
Only people you trust to have full access to all your online files should be set up as Online Administrators. You can see which MYOB accounts have online administrator access on the my.MYOB website. See Set a user's online access level.
If more than one person shares a computer, don't choose the Stay signed in for 12 hours option when entering your MYOB account details.
If someone leaves your business, make sure you remove their user access too. See Remove user access.
Make sure your devices are secure and up to date
Each user of a computer should have their own password-protected Windows user account and sign into Windows using their own account. See the Microsoft Support Centre for help setting up Windows user accounts.
If someone else needs to use the computer, the current user should sign out from Windows, or use Windows' "Switch account" feature to give the other person access.
Lock your computer when you take a break or leave for the day.
All users should be set up as standard users, unless they require administrator privileges, such as the ability to install applications on the computer.
Ensure that you have installed all Microsoft Windows updates on all computers.
Whether you use Windows' built-in anti-virus features, or have a third-party anti-virus application, ensure that the virus definitions are updated frequently, and that your PC is scanned regularly.
If you're using AccountRight Server Edition, don't override the firewall settings that AccountRight configures on installation. Remote access to your file is not supported, and can lead to security issues. If you need remote access to a file, put it online. See Set up a network.
Learn more about user accounts
See the following table to learn more about MYOB accounts, company file user accounts and Windows user accounts:
Company file user account
Windows user account
What is it?
Your login details for all MYOB online services.
Your sign-on details for a specific AccountRight company file (online or desktop).
Your computer sign-on details for Microsoft Windows.
You can choose to sign on with a local account, or your Microsoft account details.
What do the login credentials look like?
User ID (for example, your name)
If you've linked your Microsoft account:
When do I need to enter these credentials?
When signing into MYOB online services, including online AccountRight company files, bank feeds, Pay Super (AU), online GST returns (NZ), MYOB Essentials, MYOB Business, MYOB Community Forum, my.MYOB website, My Account website
When opening an AccountRight company file.
When starting Microsoft Windows.
Do I need to enter these details every time?
You can choose to stay signed in for 12 hours. You won’t need to enter your details each time you start AccountRight over the 12-hour period, but for some actions, such as refreshing bank feeds or making a superannuation payment, you will need to enter your credentials again.
For online company files, you can choose to link your company file user account and MYOB account. If you choose this option, you won’t need to enter your company file user account credentials when opening the file.
You need to enter your password each time you lock or restart your computer.
How do I get an account?
A company file administrator can set up user accounts. See Invite a user to an online file.
How many of these accounts do I need?
1 per person
1 per company file
1 per person
Can multiple people share the account?
No. For security reasons, everyone should have their own MYOB account.
No. For security reasons, everyone should have their own company file user accounts.
No. For security reasons, everyone should have their own Windows account.
Is a password mandatory?
Yes. Ensure you choose a strong, unique password.
While a password is optional, we recommend that each user account has a unique password, especially administrator accounts.
While a password is optional, it's recommended that you password-protect each Windows account, especially administrator accounts.
What should I do if I forget my password?
Click the "Forgot your password?" link in My Account.
See the Changing and resetting user passwords help topic.
Contact your Windows or network administrator.
Protect against chargebacks and fraud
Whether you trade online or offline, your business is always at risk of fraudulent transactions resulting from stolen credit cards or other buyer scams.
Here's a few suggestions to help prevent credit card fraud:
But don’t worry - here are a few things to look out for to protect your business and minimise the risk of customer disputes and chargebacks.
Is the customer placing an unusually large order, or large quantities of orders in a short period of time?
Is the order being paid for using multiple cards? This could suggest the buyer is trying to avoid card limits.
Do you have an order where the shipping address is different to the billing address?
Are you receiving multiple orders to different customers at the same address, or is the address from an unusual location?
Is it a large order or expensive goods where the customer requests next-day or expedited shipping?
Can't contact the customer via phone or email?
Has the customer asked you to pay for freight which they'll reimburse later?
While these activities won’t always be fraudulent, if it seems suspicious it’s worth taking the time to check.
What you can do if you think there's fraud
If you're suspicious of fraud, here's a few things you can do:
Call the buyer and verify the order
Search the internet for the buyer's name, shipping address, email address and phone number - keeping an eye on consistency between the information
If you can’t verify a customer’s details, or you’re still suspicious - cancel the order.