Diverse CPA firm staff working in tax software environment during filing season in South Florida office

How Should CPA Firms Secure UltraTax, Drake, and Lacerte in 2026?

Matt Kinsey — Cyber Risk, Compliance & AI Governance for Law & CPA FirmsGeneral

To secure tax software CPA firm environments depend on, you must go beyond basic antivirus and login passwords.

UltraTax, Drake, Lacerte, CCH, and QuickBooks Enterprise store highly sensitive financial data. Therefore, securing these platforms requires structured controls aligned with the Gramm-Leach-Bliley Act (GLBA) and the FTC Safeguards Rule.

In 2026, simply installing tax software on a server is not enough.

Protection must be layered.

Why Tax Software Is a Prime Target

Tax applications store:

  • Social Security numbers
  • Income documentation
  • Banking details
  • Business financial records

Because of this concentration of sensitive data, attackers frequently target accounting firms during tax season.

As a result, insurers and regulators expect stronger safeguards around these platforms.

5 Critical Controls to Secure Tax Software for CPA Firms

To properly secure tax software CPA firm teams use daily, implement the following safeguards.

1. Enforce Multi-Factor Authentication on All Access Points

First, require MFA for:

  • Remote access
  • Administrator accounts
  • Cloud-hosted tax platforms
  • Business computer logins

If MFA protects only email, your tax software remains vulnerable.

Many breaches begin with stolen credentials.

2. Use Advanced Endpoint Detection

Next, deploy advanced endpoint detection on every workstation and server running tax applications.

Basic antivirus cannot stop modern ransomware. Instead, behavioral monitoring identifies unusual activity and isolates threats quickly.

To understand how this fits into a structured security model, review our guide on the cybersecurity stack CPA firms need in 2026.

3. Implement Immutable, Tested Backups

Additionally, back up tax databases daily.

However, backups must be:

  • Encrypted
  • Stored offsite
  • Immutable
  • Tested regularly

Without tested backups, recovery remains uncertain.

4. Restrict Administrative Access

Furthermore, limit who can install, modify, or export tax software data.

Role-based access control reduces internal risk and supports compliance documentation.

If documentation alignment is unclear, review how to prepare for an FTC Safeguards audit.

5. Monitor Activity During Tax Season

Finally, increase monitoring during peak filing months.

Because tax season creates urgency, attackers exploit distraction. Therefore, centralized log review and alert response become even more critical.

Real Example: Performance and Protection Upgrade

A mid-sized CPA firm in South Florida struggled with slow tax software performance and limited security controls.

Their prior setup included:

  • Basic antivirus
  • Shared administrator credentials
  • No formal risk assessment
  • Backups that were rarely tested

After implementing a structured security program aligned with GLBA requirements, we:

  • Deployed endpoint detection
  • Enforced MFA across all systems
  • Hardened tax software servers
  • Validated encrypted backups
  • Formalized compliance documentation

As a result, the firm improved both performance and security posture. They also strengthened their position during cyber insurance renewal.

Cloud vs. On-Premise Tax Software Security

Some CPA firms host tax software locally. Others use private cloud environments.

Regardless of hosting model, you must still secure tax software CPA firm systems rely on through:

  • Identity controls
  • Endpoint monitoring
  • Backup validation
  • Documentation alignment

Hosting location does not eliminate responsibility.

Budget Considerations

Properly securing tax software forms part of a broader compliance-aligned IT strategy.

For most CPA firms in South Florida, investment ranges between $200–$400 per user per month, depending on infrastructure complexity.

For a broader financial overview, review our guide on managed IT cost for CPA firms in South Florida.

Lower-cost environments often lack full enforcement.

The Bottom Line

To secure tax software CPA firm professionals depend on, you must implement layered, documented safeguards.

Specifically, you need:

  • Universal MFA
  • Advanced endpoint detection
  • Immutable backups
  • Restricted access controls
  • Continuous monitoring

In accounting, precision matters.

Your tax software security should reflect that.