Tax-Season-Ready IT.WISP. MFA. Backup. Done.
Veteran-owned managed IT built for Oregon accounting firms. FTC Safeguards Rule alignment, IRS Pub 4557 controls, and the operational discipline to keep your firm running through e-file deadline week.
No commitment. No upsell. Month-to-month if we work together.
Aligned with the frameworks your industry expects
In Plain English
Most of the names and acronyms above point to a single outcome. Your firm has to know what data you hold about clients, who has access to it, and what happens if something goes wrong. Federal rules ask for a written plan and the technical controls that back it up. That is the whole game, in one sentence.
We have built that plan and those controls for accounting firms before. We know the tax software, the practice-management platforms, and the rhythm of tax season. We bring a 60-minute call, a one-page report on where you stand, and a recommendation that names the next three things to do in priority order. There is no obligation after the call. If we are the right fit for your firm, we tell you what it would cost in writing the same week. If we are not, we tell you that too.
The point of working with us is that you stop having to think about this. You hire one team to handle the IT, the security, the written plan, the cyber-insurance renewal, and the tax-season operational discipline. You spend your time on returns and on clients. We handle the rest.
What We Cover for CPAs, EAs, and Tax Preparers
The vertical-specific work, included by default, not as upsells.
FTC Safeguards Rule (16 CFR 314)
Tax preparers and CPAs are covered. We build the WISP, the qualified-individual designation, the risk assessment, and the technical controls (MFA, encryption, training, IR plan).
IRS Publication 4557
The working standard for tax-preparer cybersecurity. We map your environment to it: tax-software MFA, encrypted client portals, breach-reporting procedure to the IRS Stakeholder Liaison.
Tax-Software Hardening
MFA enforced on every account in Drake, ProSeries, Lacerte, UltraTax, ATX, TaxAct, ProConnect, or CCH Axcess. The shared-login pattern stops here.
Tax-Season Operational Calendar
Pre-season hardening (Oct-Dec). Change freeze in the e-file deadline window. Restore drills before crunch, never during. Expanded after-hours coverage when it matters.
Cyber-Liability Attestation
We complete the carrier questionnaire because we run the controls. Cleaner renewals, fewer surprises, lower premium escalation.
Practice-Management Integration
Karbon, CCH Axcess, Thomson Reuters CS Suite, Canopy. SSO configuration, document automation flows, data-flow review across cloud services.
Common Questions
Does the FTC Safeguards Rule apply to my accounting firm?
Almost certainly yes. As of June 2023 the FTC Safeguards Rule (16 CFR Part 314) explicitly covers tax preparers, CPAs, accountants, and other "financial institutions" as defined under the Gramm-Leach-Bliley Act. The Rule requires a written information security program (WISP), a designated qualified individual responsible for it, periodic risk assessments, encryption of customer information at rest and in transit, multi-factor authentication, employee training, and an incident response plan. Firms that prepare tax returns for compensation are squarely in scope regardless of size.
What is a WISP and is it required for tax preparers?
A WISP is a Written Information Security Plan. The FTC Safeguards Rule requires every covered firm to have one, and the IRS asks paid preparers to attest to having one as part of PTIN renewal. The WISP documents your firm's administrative, technical, and physical safeguards for taxpayer data: who is responsible, what risks have been identified, what controls are in place, how employees are trained, how incidents are handled. The IRS publishes a sample WISP for small tax-preparer firms in Publication 5708, and the AICPA has templates for CPA firms. Having a written plan is mandatory; copying a template without tailoring it is not enough to meet the standard.
What does IRS Publication 4557 actually require?
IRS Publication 4557 (Safeguarding Taxpayer Data) is the IRS guide for tax professionals on protecting client information. It mirrors and expands on the FTC Safeguards Rule with tax-industry specifics: securing tax software with strong passwords and multi-factor authentication, encrypting taxpayer data, controlling access on a need-to-know basis, recognizing phishing and tax-themed scams, having an incident response and breach notification process, and reporting any data theft to the IRS Stakeholder Liaison and law enforcement immediately. It is the working document a managed IT provider should map your environment against.
What is the most common cybersecurity threat to accounting firms?
Phishing and credential-theft attacks targeting tax software credentials and email accounts. The IRS Criminal Investigation division publishes annual warnings each fall identifying tax preparers as one of the highest-rate phishing target groups, with attacks intensifying in January and February. The threat pattern: an email that looks like it is from the tax software vendor, a referral, the IRS, or a state agency; a click leads to a credential-harvesting page; the attacker uses the stolen credential to log into the tax software and either exfiltrate client data or file fraudulent returns under those clients' identities. Multi-factor authentication on every tax-software account is the single highest-leverage defense.
How does tax season change the IT requirements for an accounting firm?
Capacity, uptime, and after-hours support all matter more between January and April 15 than they do the rest of the year. A backup that has not been restore-tested in months is a real risk because that is when a ransomware event would be most catastrophic. An MSP that does not offer expanded after-hours coverage during tax season is the wrong fit. Plan for the e-file deadline week as a high-risk window: nothing should be patched, deployed, or migrated in the last 10 days of the season unless it is a security emergency.
Ready for a 60-Minute Assessment?
Bring your current setup, your concerns, and your renewal timeline. We will return a one-page gap analysis. No commitment, no upsell.
Get a Tax-Season IT Assessment