Practical cybersecurity guidance written specifically for tax preparers and CPAs in Northeast Alabama.
Required by the IRS: The Written Information Security Plan (WISP) is mandatory for all tax preparers under the Gramm-Leach-Bliley Act. The IRS actively enforces this requirement and includes WISP checks in preparer audits. If you don't have one, you're out of compliance.
A WISP documents how your firm protects client data. It covers who has access to sensitive information, how devices are secured, what happens if there's a breach, and how employees are trained.
MMIT helps tax firms create and maintain a compliant WISP as part of our managed services. We'll draft it, keep it updated, and make sure your whole team understands it.
📅 Get Help With Your WISPTax preparers are one of the most targeted groups for cybercrime. Here's what you need to know.
Attackers impersonate the IRS, clients, or software vendors to trick your staff into revealing credentials or wiring money. These emails look convincing and arrive year-round, but spike during tax season.
Protect yourself: Employee training + email filtering + multi-factor authentication
Ransomware infiltrates your network and encrypts every file — client returns, financial records, everything. The attackers demand payment to restore access. Average ransom demand for small businesses: $50,000+.
Protect yourself: Endpoint protection + cloud backup + network segmentation
Your employees' email and software passwords may already be for sale on the dark web from previous breaches. Attackers use these to log directly into your tax software or email accounts.
Protect yourself: Dark web monitoring + password manager + MFA enforcement
Most breaches at small firms aren't malicious — they're accidents. An employee emails a file to the wrong person, uses a personal device on public Wi-Fi, or stores client data in an unsecured folder.
Protect yourself: Security training + device management + access controls
Outdated software — including tax prep applications, operating systems, and browsers — contains known security holes that attackers actively exploit. Unpatched systems are one of the top attack vectors.
Protect yourself: Automated patch management + vulnerability scanning
A stolen laptop or unlocked workstation can expose thousands of client records. Physical security is often overlooked but required under the IRS WISP guidelines.
Protect yourself: Full-disk encryption + screen locks + device tracking
Run through this checklist before January each year to make sure your firm is ready for the surge in activity — and the surge in cyberattacks that comes with it.
MMIT offers an annual Tax Season IT Readiness Review for clients. We run through this checklist and more — so you go into busy season knowing your systems are solid.
📅 Schedule a Readiness ReviewThese are the authoritative sources for IRS cybersecurity guidance and requirements.
The IRS provides a free WISP template and implementation guide specifically for tax professionals. A good starting point before working with MMIT to customize it for your firm.
Visit IRS.gov →The IRS Security Summit is a coalition of the IRS, state tax agencies, and tax industry that shares cybersecurity guidance and alerts specifically for tax professionals.
Visit IRS.gov →IRS awareness campaign with practical steps tax professionals can take to secure client data and reduce identity theft risk.
Visit IRS.gov →The FTC's Safeguards Rule requires financial institutions — including tax preparers — to develop, implement, and maintain a comprehensive data security program.
Visit FTC.gov →Schedule a free security review. We'll assess your current setup and show you exactly what MMIT can do for your firm.