"It's in the cloud, so it's backed up automatically." We hear this misconception constantly. While cloud platforms like Xero offer excellent uptime and security, they are not backup solutions. Understanding this distinction could save your business from catastrophic data loss.
When you use Xero, your data is stored on secure servers maintained by Xero. The company implements robust disaster recovery systems and maintains multiple copies of your data. So why isn't this enough?
The answer lies in understanding what threats these measures actually protect against—and more importantly, what they don't.
Cloud providers operate under what's called a "shared responsibility model." Xero is responsible for the platform's availability and security. You, the user, are responsible for your data.
This means:
Most cloud accounting platforms, including Xero, explicitly state in their terms of service that you are responsible for maintaining your own backups.
Let's look at scenarios that happen more often than you might think:
A staff member is cleaning up old contacts in Xero. They accidentally select and archive (or delete) active customers, including their complete transaction history. By the time anyone notices, Xero's limited recovery window has passed.
An employee leaves the company on bad terms. Before their access is revoked, they delete or modify critical financial records. Without an independent backup, proving what the original data looked like becomes impossible.
You connect a new inventory management app to Xero. A bug in the integration overwrites hundreds of product prices or duplicates transactions. The damage is done before you realise something is wrong.
Attackers gain access to your Xero account through phishing. While they can't encrypt cloud data like traditional ransomware, they can delete everything or export and threaten to publish your financial data.
To be fair, Xero does offer some recovery options. Understanding their limitations helps illustrate why additional backup is necessary.
IT professionals have long advocated for the 3-2-1 backup rule:
With cloud accounting, your data exists in one place (Xero's servers). An independent backup adds a second location, and if that backup syncs to your local computer, you have a third location.
Boxkite provides automated, continuous backup of your Xero data to Dropbox. Here's how it addresses the backup gap:
Manual exports are better than nothing, but they're prone to human error and forgetfulness. Automated solutions ensure backups happen consistently.
Your backup should include everything: invoices, bills, contacts, bank transactions, attachments, journal entries, and reports. Partial backups leave gaps when you need to recover.
Your backup should be stored separately from your primary platform. If your Xero account is compromised, your backup shouldn't be affected.
Backups are only useful if you can actually recover from them. Files should be in accessible formats (PDF, CSV) that you can use even without the original platform.
Periodically verify that your backups are working and complete. Open some files, check that attachments are included, and ensure you could actually recover if needed.
Consider the potential costs of data loss:
Compare this to the minimal cost and effort of maintaining proper backups.
Cloud accounting platforms like Xero are excellent tools, but they are not backup solutions. The cloud protects against infrastructure failures, not user errors or malicious actions.
Taking responsibility for your data means:
The businesses that thrive are those that prepare for the unexpected. Your accounting data is the financial memory of your business—protect it accordingly.
