Accounting With Microsoft Business Tools
Tim O’hara, Practice Manager, Oculus Financial Services Group
Tim O’hara, Practice Manager, Oculus Financial Services Group
Oculus Group is based in Tweed Heads and provides accounting and financial planning serviced to clients on Australia’s Gold Coast, Northern New South Wales, and as far afield as Karratha in Western Australia. We provide solutions for small to medium enterprises including accounting, taxation, business development and structural advice, and asset protection, and have a financial planning division. Oculus was faced with aging hardware, increased compliance demands, and a changing paradigm in the accounting field generally.
In 2016, we responded to the accounting industry shift to cloud computing. “Now, everything we do is electronic. For us, that means making our computer security the strongest it can be,” says David de Closey, Partner at Oculus. Oculus was faced with a clutch of servers about to age out, the accounting industry was shifting to a cloud-based model, and new compliance laws were coming into effect. Australia’s tough Notifiable Data Breaches (NDB) law, enacted in 2018, exacts strict penalties on businesses that expose client data to risk. Companies found to be non-compliant risk millions of dollars in fines—enough to wipe out a small company.
We are very vigilant about data security and researched our options carefully. Oculus engaged Gold Coast IT Services (GCITS) to provide a platform that ensures data security and enables efficient and timely engagement with clients. GCITS provides technical guidance and the ongoing service model tailored to the needs of a small, boutique financial services company, Oculus was set for its next and best chapter to date.
As a trusted Microsoft partner, GCITS implemented Microsoft 365 in the Oculus business which has proved to be an ideal solution for Oculus. Furthermore, David had fallen into the unofficial role of a one-man IT department. Weekend server upgrades had lost their charm for him, but more importantly, his expertise lies in the financial industry. “We wanted to focus on what we do best and bring in people who are best at managing cloud-based systems and maximizing security,” he says.
Data security
GCITS decommissioned the on-premises infrastructure, installing Windows 10 and Microsoft Azure Active Directory (Azure AD) Premium P1. Microsoft 365 and Microsoft Cloud App Security, a cloud access security broker, was rolled out for their advanced datasecurity capabilities. GCITS encrypted all devices at the company using Azure AD to validate user and device identities.
Users Are Now Blocked From Sending Personally Identifiable Information Such As Tax File Numbers And Bank Details By Insecure Methods Such As Email
All machines are BitLocker encrypted— under the Notifiable Data Breach laws, any device left on public transport, for example, must be reported, and encryption provides the first layer of protection. GCITS analyzes data from an encryption report daily and summarizes data for a monthly report for us to review .
Conditional access is configured to require Azure Multi-Factor Authentication to verify that account sign-ins are genuine. With Multi-Factor Authentication deployed on all Oculus devices, employees can sign in from anywhere, and management can more easily ensure that only authorized users are accessing data and services.
To further address the NDB requirements, GCITS deployed Azure Information Protection and Office 365 Data Loss Protection. “We use Azure Information Protection and Office 365 Data Loss Protection in concert to help protect data anytime it’s shared outside the organization,” says Blair Munro, Partner at GCITS. “We place restrictions on the data depending on the characteristics of the data and user traits of the person receiving the data.”
Users are now blocked from sending personally identifiable information such as tax file numbers and bank details by insecure methods such as email. “We’ve turned Data Loss Protection controls to maximum,” says Blair. “It’s so easy to send data as an attachment accidentally.”
Reporting
GCITS uses Microsoft Graph to summarize and transfer site summary information, Microsoft Secure Score results, and other data to us. The managed service provider also uses Microsoft Graph to report on active users and Microsoft OneDrive usage.
The GCITS team finds that Secure Score has been critical to creating recommendations for Oculus. “We built our security strategy for this customer around the biggest point-scoring items from the Secure Score recommendations,” says Blair MunroBenefits of Life in the cloud
The advanced security and convenience of the cloud afford our employees the flexibility they crave to work more securely from any location. Yet David was surprised by the uptake. “Typically, accountants don’t like change,” he says. “But the way our team has moved from the previous on-premises system to the cloud has been excellent. They can do things with Microsoft 365 that they couldn’t before. The access is just amazing.” Apart from convenience, we can see a key strategic advantage. Now that we have the system we need to manage our data, we can use our energy to grow the business. David and I treasure that no-maintenance functionality. “The best thing for us is that we don’t see it,” says David. “GCITS manages our infrastructure in the Microsoft cloud; we manage our clients’ business. Microsoft 365 opens up so many more possibilities for us. We have confidence in its security capabilities, so we don’t have to worry about it. We’re free to do what we do best.”
