By Harness — Building a tax business — October 23, 2025

What Advisors Need to Know About IRS Cybersecurity Guidelines

Learn how IRS cybersecurity guidelines help tax advisors safeguard client data, meet compliance, and strengthen trust.

Cybersecurity isn’t a side project for tax advisors anymore, it’s become one of the most important parts of running a trustworthy practice. The IRS has been clear: every firm, whether a solo shop or a large partnership, is expected to follow specific safeguards to protect taxpayer data. These IRS cybersecurity guidelines aren’t only there to reduce risk, they shape how clients view your professionalism and reliability.

But here’s the challenge—cyber threats in 2025 look very different from decades ago. AI-powered phishing scams, faster ransomware attacks, and cloud misconfigurations have raised the stakes entirely. And now, tax professionals can’t afford to treat cybersecurity as something to revisit once a year.

That’s why the IRS, state tax agencies, and industry partners created the Taxes-Security-Together Checklist. It lays out the essentials, from deploying antivirus and firewalls to training teams on how to spot fraud.

In this guide, we’ll break down what advisors need to know about the guidelines, explore practical steps to strengthen your cybersecurity processes, and show how firms can build lasting cybersecurity awareness. We’ll also look at how Harness supports advisors with the tools and human support to meet these standards while running a more efficient practice.

Table of Contents

Why IRS cybersecurity guidelines matter in 2025
Breaking down the IRS “Security Six”
Building cybersecurity processes that last
Raising cybersecurity awareness across your team
Spotting phishing and ransomware before damage is done
Cybersecurity governance and the data security plan requirement
Learning from USA cybersecurity and global best practices
Harness support for advisors with tech and human solutions
Securing your practice for the future

Why IRS cybersecurity guidelines matter in 2025

Every tax professional already knows the value of client trust. In 2025, that trust depends as much on digital safeguards as it does on accurate filings. Cybercriminals aren’t only chasing Fortune 500 companies anymore, they’re actively targeting tax firms of every size because of the rich troves of personal and financial data stored inside.

The IRS recognized this reality when it developed the Taxes-Security-Together Checklist. These IRS cybersecurity guidelines give advisors—if you’re running a solo practice or managing multiple offices, a framework to strengthen data protection and reduce risk.

The urgency comes from how fast threats are changing. Phishing campaigns powered by AI can mimic clients with alarming accuracy. Ransomware can lock down entire systems in hours. And even a small oversight, like skipping a software update, can open the door to serious breaches.

Adopting the IRS framework is now a signal to your clients that you treat their financial details with the same level of protection as you treat their returns—something that matters deeply in a trust-driven profession.

Breaking down the IRS “Security Six”

At the core of the IRS cybersecurity guidelines is the “Security Six.” These are your starting lineup:

Anti-virus software – Installed and set to update automatically across every device.
Firewalls – Network barriers that block unauthorized access before attackers reach your systems.
Multi-factor authentication (MFA) – A second verification step that prevents most automated attacks.
Backups – Secure, encrypted, and stored offline to protect against ransomware.
Drive encryption – Ensures stolen hardware doesn’t become a data leak.
Virtual Private Networks (VPNs) – Critical when staff are working remotely or on public Wi-Fi.

These six defenses form the backbone of modern tax firm security. The IRS treats them as table stakes, and your clients increasingly do too.

Building cybersecurity processes that last

Technology alone doesn’t guarantee protection. The IRS emphasizes the importance of repeatable, consistent cybersecurity processes that keep your firm operating safely every day.

That means:

Setting clear access controls so only the right people see the right data.
Establishing an offboarding procedure that cuts off departing staff immediately.
Scheduling regular patch cycles so software vulnerabilities don’t go unaddressed.
Testing your backups, not assuming they’ll work when disaster strikes.

The IRS also requires professional tax preparers to maintain a written data security plan (Publication 4557). Even small firms must document how they protect taxpayer data, covering employee training, IT systems, and response plans for failures.

With Harness, processes don’t have to add extra paperwork. Our time-saving tax prep tools include a secure client portal and automated workflows that reduce risky email exchanges while giving you a documented trail of activity for compliance.

Raising cybersecurity awareness across your team

Cybersecurity failures often start with human error. A single click on a phishing link or a reused password can undo even the most advanced systems. That’s why cybersecurity awareness is at the heart of the IRS guidelines.

Advisors should invest in:

Regular staff training on how to spot suspicious emails.
Password hygiene policies requiring unique, strong credentials.
Mandatory MFA across all software and logins.
Annual refresher sessions—often easiest to schedule around tax season deadlines.

Culture matters here. When everyone feels responsible for protecting client data, mistakes happen less often.

Harness supports firms with concierge services that handle client onboarding, document collection, and communication. By reducing the number of emails and manual tasks your team has to juggle, we lower the risk of errors that can lead to breaches.

Spotting phishing and ransomware before damage is done

The IRS warns regularly about phishing emails and ransomware attacks. Scam messages often claim to be from the IRS, tax software providers, or even cloud storage services.

Key warning signs include:

Clients receiving IRS letters about suspicious returns they didn’t file.
Rejections of e-filed returns because a Social Security number was already used.
Unexpected IRS account notices or authentication requests.

Ransomware is equally dangerous. One wrong click can encrypt your entire system, leaving you locked out until a ransom is paid. That’s why secure backups and MFA are so heavily stressed in the IRS cybersecurity guidelines.

When in doubt, report suspicious messages through the IRS phishing reporting page. Quick action helps prevent larger breaches.

Cybersecurity governance and the data security plan requirement

Another critical part of IRS expectations is cybersecurity governance—the accountability structures that ensure someone is responsible for protecting data.

Governance means:

Assigning leadership roles for monitoring and enforcing security.
Vetting vendors carefully, especially cloud services and tax software.
Documenting response steps in the event of data theft.

The Gramm-Leach-Bliley Act legally requires tax preparers to maintain a written security plan. This isn’t optional, and enforcement has become stricter in recent years.

For advisors, governance can sound heavy, but with the right systems, it becomes part of daily operations. Our modern practice solutions combine software and human support so you can meet compliance standards while still focusing on advising clients.

Learning from USA cybersecurity and global best practices

While the IRS guidelines focus on tax, they overlap with broader USA cybersecurity frameworks like the NIST Cybersecurity Framework. The NIST model emphasizes five functions: identify, protect, detect, respond, and recover—principles that fit neatly into the IRS checklist.

Looking abroad, global rules such as GDPR have shown how rigorous standards can drive better practices across industries. For U.S. tax professionals, these frameworks are helpful benchmarks to evaluate whether your firm is staying ahead of both compliance and client expectations.

By aligning with the IRS guidelines and recognized global best practices, advisors demonstrate to clients that their data is being handled with the same care as financial institutions.

Harness support for advisors with tech and human solutions

The IRS provides the framework, but implementation falls on your shoulders. That’s where Harness helps.

Harness Client Portal – Secure document exchange, automated reminders, and audit-ready recordkeeping.
Harness TaxAssist – Verified tax data imported directly into your software, reducing manual entry risks.
Concierge services – Engagement letters, onboarding, billing, e-filing, and client questions handled by trained staff under a <1 hour response SLA.

Together, these tools combine efficiency and protection. By minimizing back-and-forth, reducing reliance on email, and automating routine steps, your firm lowers exposure while freeing time for advisory work.

Securing your practice for the future

Cybersecurity is now central to a tax advisor’s role. The IRS cybersecurity guidelines lay out a roadmap, but turning them into everyday habits is what protects your firm’s reputation and keeps clients confident.

By reinforcing your cybersecurity processes, investing in cybersecurity awareness, and adopting effective cybersecurity governance, you can transform compliance from a chore into a competitive advantage.

Harness is here to help you do it. With secure technology, human support, and tools tailored for advisors, we make protecting client data and modernizing your practice achievable—without the extra workload.

Get started with a Harness Tax Advisor today and build a secure, efficient practice ready for 2025 and beyond.

Disclaimer:
Tax related products and services provided through Harness Tax LLC. Harness Tax LLC is affiliated with Harness Wealth Advisers LLC, collectively referred to as “Harness Wealth”. Harness Wealth Advisers LLC is a paid promoter, internet registered investment adviser. Registration does not imply a certain level of skill or training. This article should not be considered tax or legal advice and is provided for informational purposes only. Please consult a tax and/or legal professional for advice specific to your individual circumstances. This article is a product of Harness Tax LLC.

Content was prepared by a third-party provider and not the adviser. Content should not be regarded as a complete analysis of the subjects discussed. Although we believe the content is reliable, it is not guaranteed as to accuracy and does not purport to be complete nor is it intended to be the primary basis for financial or tax decisions.

TAX SERVICES

Get expert tax help at every level

Explore our services below or take the quiz to get started. Pricing is listed for each service, and your first call is always on the house.

1-Hour Equity Tax Planning Session

Exercising Options IPO Acquisition Changing jobs Secondary market sale Selling startup equity

A virtual one-time, one hour tax planning session with a tax advisor experienced in equity. You will review tax projections of potential equity scenarios (like exercising or selling) modeled from your specific equity grants.

1 hour session $500

Learn more

Tax Preparation

Tax Filing Exercising Options Selling startup shares W2 Income New home New dependents Recently married

Get a dedicated accountant and tax team to prepare and file your household’s taxes for you to ensure your taxes are filed accurately and on time.

Starts at $1,500/yr

Learn more

Comprehensive Tax Planning

Tax Filing Quarterly estimates Selling startup shares IPO Acquisition VC Fund distributions Founding company

Work with an experienced accountant to get ongoing tax-optimization guidance on your income, investments, deductions, major purchases, relocations, estate, and gifts. Includes quarterly estimated tax payments.

Packages start at $1,500/yr

Learn more

Crypto Tax Preparation

Tax filing Trading crypto DeFi Collecting NFTs Mining Staking Digital assets

Speak with an accountant with experience filing taxes for crypto, NFTs, and DeFi to help answer your crypto tax questions and ensure your taxes are filed accurately and on time.

Starts at $1,500/yr

Learn more