IT Services for Accounting and Financial Services Firms

Here’s something that should get the attention of every CPA firm, tax preparer, financial advisor, and bookkeeping firm in the Inland Empire: the FTC Safeguards Rule has specific, mandatory IT security requirements for any business that handles customer financial information. It’s not a suggestion. It’s federal law. And the penalties for non-compliance are steep.

Most IT companies in the IE aren’t even talking about this. We are. Because eTop Technology has spent real time understanding the FTC Safeguards Rule, the IRS WISP requirements, and the specific compliance landscape that accounting and financial services firms operate in. This isn’t a marketing angle for us. It’s something we genuinely believe these firms need and aren’t getting from their current IT providers.

The FTC Safeguards Rule Changed Everything

The updated FTC Safeguards Rule that took effect in June 2023 isn’t the vague “have reasonable security” standard that existed before. It now requires specific technical controls:

• A designated qualified individual responsible for overseeing your information security program
• Risk assessment documented and regularly updated
• Access controls limiting who can access customer financial information
• Encryption of customer information both in transit and at rest
• Multi-factor authentication (MFA, meaning two forms of verification to log in) for anyone accessing customer data
• Continuous monitoring or periodic penetration testing and vulnerability assessments
• Incident response plan that’s documented and tested
• Vendor management ensuring your service providers maintain appropriate safeguards

If you’re reading that list and thinking “we don’t have half of this,” you’re not alone. The majority of small to mid-size accounting firms we talk to are significantly short of compliance. And that’s exactly the gap we fill.

Your WISP Needs to Be More Than a Document

The IRS requires tax preparers to maintain a WISP (Written Information Security Plan). A lot of firms downloaded a template, filled in the blanks, and stuck it in a drawer. That’s not compliance. That’s theater.

A real WISP needs to reflect your actual security controls, your actual procedures, and your actual risk environment. It needs to be reviewed and updated regularly. And most importantly, the controls described in your WISP need to actually exist in your IT environment.

We help firms build WISPs that are living documents tied to real, implemented security controls. When your WISP says you encrypt client data, we make sure your systems actually encrypt client data. When it says you have an incident response procedure, we make sure there’s a tested, documented process ready to go.

Tax Season Is Not the Time for IT Problems

We’ve been doing this long enough to understand the rhythm of an accounting firm. January through April is go-time. October extension deadlines add another peak. During those windows, every minute of downtime costs billable hours that you can never recover.

Our approach to tax season preparedness:

Pre-season infrastructure review. Before busy season, we audit your hardware, verify backups, check storage capacity, update software, and identify anything that might cause a problem when you can least afford it.

Change freeze during peak periods. We don’t push Windows updates or make infrastructure changes during tax season unless something is critical. Your systems stay stable when stability matters most.

Priority support. Your team gets escalated response times during busy season because we understand that a down workstation on March 15th isn’t the same as a down workstation in June.

Performance optimization. Tax software and accounting platforms like QuickBooks, Drake, Lacerte, and ProSeries can be resource-intensive. We make sure your infrastructure can handle the load when every user is running at full speed.

Secure Client Data Exchange

Let’s talk about how your clients send you their W-2s, bank statements, and tax documents. If the answer is “they email them to us,” that’s a problem. Unencrypted email is about as secure as a postcard. Anyone handling it along the way can read it.

We help firms implement secure client portals where clients can upload sensitive documents through an encrypted connection. No more tax returns sitting in someone’s Gmail inbox. No more bank statements attached to unencrypted emails bouncing across the internet. Your clients get a professional, easy-to-use upload experience and you get the peace of mind that their data is protected from the moment they send it.

The Security Stack Your Firm Actually Needs

Financial services firms are high-value targets. Attackers know you have Social Security numbers, bank account details, income information, and everything else needed for identity theft. We protect your firm with the same tools and monitoring that protect much larger organizations:

Huntress EDR on every endpoint, monitored 24/7 by a Security Operations Center. Advanced email security that catches the phishing attempts that specifically target accounting firms (and there are a lot of them, especially during tax season). Microsoft Intune managing every device, including the laptops your team uses to work from home during crunch time. DLP policies (Data Loss Prevention, rules that prevent sensitive data from being shared improperly) that stop accidental data exposure before it happens.

Why IE Financial Firms Choose eTop

Most MSPs (Managed Service Providers) in the Inland Empire will keep your computers running and your email working. That’s table stakes. What they won’t do is sit down with you, walk through the FTC Safeguards Rule requirements line by line, and build a compliance roadmap specific to your firm.

We will. Because we’ve been doing this for over 12 years in the Inland Empire, and we’ve seen what happens when financial firms don’t take compliance seriously. The fines, the client notification letters, the reputational damage. It’s not worth it. Not when the solution is straightforward, affordable, and exactly what we do every day.

If you’re a CPA firm, tax preparer, financial advisor, or bookkeeper in the IE and you’re not sure where you stand on FTC Safeguards compliance, that’s the first conversation we should have.