In today’s digital landscape, cyber security is no longer just an IT concern - it is the foundation of operational resilience and client trust. With cyber threats becoming increasingly sophisticated, relying on a traditional password alone leaves the door open to data breaches.
To safeguard our firm's sensitive information and protect client confidentiality, we are actively transitioning all users to Multi-Factor Authentication (MFA).
The Power of a Second Layer
Passwords can be compromised through phishing, credential stuffing, or simple human error. MFA mitigates this risk by requiring two independent forms of verification before granting system access: something you know (your password) and something you have (a unique, time-sensitive code generated on your mobile device). This simple additional step blocks the vast majority of automated cyber attacks and unauthorised login attempts.
Meeting Global Compliance and Integration Standards
Implementing MFA is about more than just best practice; it is a strict requirement for the compliance and integration frameworks that keep LEAP running smoothly:
- SOC2 Compliance: As part of maintaining the gold standard for security compliance, rigorous identity verification controls must be enforced. This independent framework ensures the highest level of overall security, data confidentiality, and privacy safeguards.
- Xero Partner Requirements: To maintain seamless, secure integration with Xero's financial ecosystem, mandatory security standards must be met. Enforcing MFA ensures our ecosystem remains compliant and uninterrupted.
Getting Started and Useful Resources
Setting up MFA is a quick process that provides immediate peace of mind. Users can choose to utilise the built-in LEAP Authenticator within the LEAP Mobile app, or leverage a trusted third-party tool like Google or Microsoft Authenticator.
For comprehensive guidance on setting up, managing, or troubleshooting your security settings, please review the following official LEAP Community articles:
- Step-by-Step Setup: For detailed instructions on enrolling your desktop, web, or mobile applications, read the Multi-Factor Authentication (MFA) Guide.
- Device Flexibility: Learn how firm administrators can configure settings so staff can use their smartphones strictly for security verification without full access to firm matters by reading the LEAP Mobile Authenticator Guide.
- Third-Party Authentication: If your firm prefers not to use the native LEAP app, you can easily pair alternative platforms (such as Microsoft Authenticator or Google Authenticator) by following the "Other Authenticator" steps outlined in the main LEAP MFA Setup Guide.
- Troubleshooting Support: If you encounter issues receiving verification codes during login, consult the guide on What to do if you are not receiving your MFA code.
- Broader Firm Security: Security doesn't stop at MFA. For a comprehensive overview of managing staff departures, resetting Windows/Microsoft 365 credentials, and clearing cached data via device management, review Securing Access to Your LEAP Data.
By adopting these advanced security measures, we continue to build a resilient environment capable of defending against modern digital threats.
