Data security for tax and accounting firms

Protect your clients and your practice

Take action to help you keep your clients safe

Cybercriminals are specifically targeting tax and accounting firms at increasing rates. It's not just the big firms being targeted, but firms of all sizes.

At Thomson Reuters, the security of your data and your clients' data is a top priority. We're continuing to take steps to strengthen data security, help you protect your practice, and comply with IRS security requirements. Working together, we can put safeguards in place to help you protect your clients and your firm.

Check out our fact sheet for important information about data security, and keep reading for actions you can take to help you stay safe against security threats.

Security requirements

IRS requirements for tax software
Beginning with tax year 2016, the IRS — working in partnership with tax software vendors and practitioners in the profession — put security requirements in place for all tax-related software for professionals. At Thomson Reuters, we believe that all data is important, so these changes were applied to all our software.

Here is a summary of the IRS requirements:

  1. Login requirements: Tax-related software for professionals needs to be protected by a login with certain password requirements.
  2. Password strength: As defined by the IRS, a strong password contains a minimum of eight characters with at least one uppercase letter, one lowercase letter, one number and one special character. The IRS also requires that preparers reset their passwords every 90 days.
  3. Timeout period: Applications must time out after 30 minutes of user inactivity and requires users to log back in using their credentials. However, while your access is suspended, the operation of the software is not, so the processes within the software will continue during the timeout.
For full details, see the CS Professional Suite application security overview topic in the Help & How-To Center.
Multi-factor authentication
As a leader in data security, Thomson Reuters can offer even more advanced security options for any firm that wants multi-factor authentication (additional identity verification for extra security) for CS Professional Suite (desktop), Virtual Office CS® and Software as a Service (SaaS).
We're pleased to introduce Thomson Reuters Authenticator, our new multi-factor mobile app, which provides industry standard authentication factors. We strongly advise that you enable multi-factor authentication to strengthen the security of both your firm and your clients' data. For details about implementing multi-factor authentication for your firm, see the Multi-factor authentication overview in our Help & How-To Center.

5 security questions firms should ask

Save your firm's client data from cybercriminals. Prevent identity theft, prepare for data breaches, and create a safer world.

Stay safe and informed

Thomson Reuters is here to support you. In addition, you should consult with your advisors for guidance on data security practices and legal standards applicable to your practice. It is also important to check the IRS website regularly for security news and alerts.