Mon–Fri 8am–5pm CT · Remote-first IT, nationwide270.816.5726 · support@micro-it.net
Micro-IT

Home/Industries/Accounting & CPA

The firm that needs March 15 to feel like any other day.

Lacerte, ProSeries, UltraTax, Drake, or QuickBooks moves the entire season. When the server hiccups on March 14, a partner is on the phone with a client at the worst possible time. IT designed for the season, not just the off-season.

·· 01 ·· Where firms get hit

The risks we see at small accounting and CPA firms

Tax-software server slowdown in March

Lacerte and UltraTax workloads triple in February and March. A server that worked fine in October starts swapping when six preparers are filing simultaneously.

Wire-fraud targeting controllers

Bookkeeping and controller-services firms are a top FBI target. Vendor-banking-change emails are the most common attack vector. A one-page rule prevents almost all of them.

IRS WISP gap

The IRS requires every tax preparer to have a written Information Security Plan (Pub. 4557, Rev. Proc. 2007-40). Most small firms we meet have it on paper but no evidence the controls are actually deployed.

Client portal sprawl

Clients send 1040 documents three different ways — email, ShareFile, "drop them in my Dropbox." Tightening this is a small policy change with a large risk reduction.

·· 02 ·· The managed stack

The Micro-IT accounting-firm stack

A small or mid-sized accounting practice on our managed stack gets the same defense-in-depth we deploy at law firms, with tax-software vendor coordination and the IRS WISP control list mapped to the stack.

  • Managed Endpoint on every workstation and laptop
  • Managed Inbox with advanced anti-phishing & impersonation rules
  • Managed Site sized for tax-season load
  • Image-level backup including the tax-software server
  • Wire-verification playbook for AP and bookkeeping clients
  • IRS WISP control mapping with evidence files
·· 03 ·· Software we speak

Tax and accounting software we've worked with

Software we've supported in client environments: Lacerte, ProSeries, UltraTax CS, Drake Tax, ATX, TaxAct Professional, plus the workpaper and document tools that pair with them (FileCabinet CS, GoFileRoom, SmartVault). On the bookkeeping side: QuickBooks Desktop, QuickBooks Online, Sage 50, and the payroll platforms (Gusto, ADP, Paychex).

·· 04 ·· WISP, in plain terms

IRS WISP, in practical terms

The IRS-required Written Information Security Plan maps to twelve controls — risk assessment, MFA on every PHI-or-tax-data-accessing account, encryption at rest and in transit, secure-disposal procedures, vendor management, training, incident-response plan, and the rest. The Micro-IT managed stack ships with eleven of those twelve already deployed. The twelfth (the documented annual training event for every preparer) is a 30-minute calendar item we help schedule. See the cyber-insurance article for the control list cyber carriers ask about — the same control list applies here.

·· 05 ·· The first 90 days

What changes in the first 90 days

Most firms we onboard arrive with a workhorse server that worked fine in October and panicked in March, and a partner who's been the de facto IT person at 9 PM on tax-deadline weekends. By day 90, the tax server is monitored 24/7, the workpaper backup runs to immutable storage every night, the WISP has the evidence files behind it, and the wire-change-confirmation rule is on every AP staff's desk in a one-pager.

Available across the region: Paducah, KY · Murray, KY · Mayfield, KY · Cape Girardeau, MO · Owensboro, KY · Evansville, IN — full service-area list at Western Kentucky & the region.

Related guides

Plain-English resources for owners — the threats and decisions that matter most.

IT support for accounting firms

What CPA & tax firms need — plus the IRS written-security-plan rule.

The wire-fraud playbook

How business email compromise works — and the check that stops it.

What MFA actually buys you

The single highest-impact security control, explained.

Common questions

What does IT support for accounting firms include?
IT support for accounting firms includes managed endpoints on every workstation and laptop, email security with anti-phishing and impersonation rules, a network sized for tax-season load, image-level backups of the tax-software server to immutable storage, a wire-verification playbook for AP and bookkeeping clients, and IRS WISP control mapping with evidence files. We support the platforms firms actually run — Lacerte, ProSeries, UltraTax CS, Drake, QuickBooks — rather than asking you to change them.
What does the IRS WISP requirement actually involve?
Every tax preparer is required to have a written Information Security Plan (IRS Pub. 4557). It maps to twelve controls — risk assessment, MFA on every account that touches tax data, encryption at rest and in transit, secure disposal, vendor management, training, and an incident-response plan among them. Our managed stack ships with eleven of the twelve already deployed; the twelfth, a documented annual training event, is a 30-minute calendar item we help schedule. More in our guide for accounting firms.
How much does managed IT cost for a CPA firm?
$79 per device per month, $20 per mailbox per month, and from $149 per location per month for the managed network. A typical 3–20-preparer firm runs Endpoint + Inbox + Site + Backup. Every plan includes EDR with 24/7 SOC monitoring, MFA enforcement, DNS filtering, and immutable, restore-tested backups — security isn’t a separate line item. Build an estimate on the pricing page.
Can the systems keep up in March?
That’s the design constraint. Lacerte and UltraTax workloads triple in February and March, so we size the network and server for the season rather than the off-season, monitor the tax server 24/7, and run the workpaper backup to immutable storage nightly. The point is for March 15 to feel like any other day.

Want a tax-season-ready quote? We're not learning on you.

Book a 20-min call →270.816.5726