Tech Detective LLC
IT Support for Accounting Firms

IT Support for Accounting Firms in North Idaho

The IRS and FTC require your firm to have real technical controls protecting client data, not just a document that says you do. I help CPA and accounting firms in North Idaho set up and maintain those controls.

What the Safeguards Rule Actually Requires

Under the Gramm-Leach-Bliley Act, the FTC's Safeguards Rule applies to all financial service providers, including CPA firms and tax preparers. The updated rule, which took full effect in 2023, sets specific requirements for how firms must protect client financial data.

IRS Publication 4557 adds further guidance specifically for tax preparers, including a strong recommendation to create and maintain a Written Information Security Plan (WISP). But the WISP is only the beginning. The real requirement is that the technical controls described in that document are actually implemented and working.

The technical controls required include:

  • Multi-factor authentication (MFA) on all systems that access client data, including tax software, Microsoft 365, and cloud storage
  • Encryption of laptops, portable drives, and any device that stores or can access client financial data
  • Access controls limiting which employees can reach client files, with unique user accounts for every person
  • Verified, encrypted backups stored separately from your primary systems
  • Patch management keeping operating systems and software updated against known vulnerabilities
  • Vendor oversight documentation for any third-party service that touches client data
  • Incident response procedures with a designated person responsible for security

Important: I am an IT technician, not a compliance auditor or attorney. I help firms set up and maintain the technical controls their compliance documents describe. For questions about legal interpretation of the Safeguards Rule or your specific compliance obligations, work with a qualified attorney or compliance professional.

The Gap Most Firms Have

The IRS Data Security Summit, run jointly by the IRS, state tax agencies, and the tax industry, has repeatedly found that many small firms downloaded a WISP template, filled it out, and filed it away. The document might say "we use multi-factor authentication" but MFA was never actually turned on. It might say "data is encrypted" but the laptops were never configured with encryption.

That gap matters. If your firm experiences a data breach and regulators find that your WISP described controls you never implemented, the liability exposure is significant. The IRS now requires tax professionals to report data thefts, and state attorneys general enforce the Safeguards Rule with real penalties.

The good news: most of the required technical controls are not complicated to set up. The problem is almost always that nobody got around to it, or the firm doesn't have an IT person who knew what to configure.

What I Set Up and Maintain for Accounting Firms

I work with CPA firms and tax preparation offices across Bonner County and North Idaho to get the technical side of their security program actually working:

MFA Configuration

Turn on and test multi-factor authentication for Microsoft 365, QuickBooks, Drake, Lacerte, UltraTax, and any cloud portal your staff uses.

Device Encryption

Enable BitLocker or FileVault on every laptop and workstation, so a lost or stolen device does not become a reportable breach.

Verified Backups

Set up encrypted, automated backups with monthly restore tests, so you have proof the backup actually works, not just that the job ran.

Access Controls

Set up individual user accounts and permission levels so each employee only reaches what they need, and former employees are removed immediately.

Endpoint Security

Deploy and manage business-grade antivirus and endpoint detection on every device, with alerts when something needs attention.

Patch Management

Automated patch management for Windows, macOS, and third-party software, with monthly reports showing what was updated and when.

I also maintain documentation you can point to during a review: patch logs, backup verification records, and a list of what controls are in place and when they were last checked. This is the kind of evidence that shows a regulator or auditor that your WISP isn't just a document.

Why Local IT Matters for Your Firm

Most IT services for small businesses are remote-only. That's fine for basic support, but when you need to physically configure a server, encrypt a device, or set up a new workstation for tax season, remote-only doesn't cut it.

I'm based in Sagle and cover Sandpoint, Ponderay, Dover, and surrounding Bonner County. When you need something done in person, I'm there the same day. When something breaks during tax season, you call my cell, not a help desk.

Talk to Sean About Your Firm
Get Started

Let's talk about your firm's IT security.

Free 30-minute consultation. No pressure, no jargon, just an honest look at where things stand and what it would take to get your technical controls in place.