Optimizing Security Settings in Your Tax Preparation Software

Tax preparation software contains some of the most sensitive information in your practice. While software vendors implement security features, these features often need to be properly configured to be fully effective. Taking time to review and optimize your security settings pays dividends in protection.

Start with Access Controls

Review who has access to your tax software and what they can do. Most professional tax software allows you to set different permission levels for different users. Limit access based on job responsibilities—not everyone needs access to every client file or every program function.

Remove or disable accounts for anyone who no longer needs access. Former employees, temporary staff from past tax seasons, and other inactive accounts represent potential security vulnerabilities.

Authentication Settings

Enable the strongest authentication options your software offers. If multi-factor authentication is available, require it for all users. Set password policies that require sufficient length and complexity. Configure automatic lockout after failed login attempts.

Session timeout settings determine how long a user can be inactive before being logged out. Shorter timeouts reduce the window of opportunity if someone walks away from an unlocked computer, but too aggressive may frustrate users during normal work. Find a balance appropriate for your environment.

Audit Trails and Logging

Enable comprehensive logging of user activity within the software. These logs create a record of who accessed what, when, and what changes were made. If something goes wrong, logs help you understand what happened and who was involved.

Review logs periodically for unusual activity. Someone accessing files at odd hours, viewing clients they don't normally work with, or making unexpected changes might indicate a compromised account or insider threat.

Data Transmission Security

When your software transmits data—to the IRS, state agencies, or other locations—that transmission should be encrypted. Verify that your software uses secure connections for all data transmissions. This is typically standard but worth confirming.

If your software has a client portal or collaboration features, ensure those are configured for maximum security. Require strong authentication for portal access and enforce encryption for uploaded documents.

Cloud vs. Desktop Considerations

Cloud-based tax software centralizes security management but requires trusting your vendor's security. Review your vendor's security documentation and certifications. Understand where data is stored, how it's protected, and what happens if the vendor experiences a breach.

Desktop software puts more security responsibility on you. Ensure the computers running the software are properly protected—updated, patched, encrypted, and physically secure. Back up the software's data following proper procedures for your specific application.

E-filing Security

E-filing credentials are particularly sensitive because they enable submission of tax returns. Protect e-filing passwords with the same care as any other critical credential. If your software offers enhanced security for e-filing, such as additional authentication or IP restrictions, consider enabling these features.

The IRS requires EROs to implement security measures including written information security plans. Ensure your e-filing practices meet IRS requirements and are documented in your security plan.

Regular Reviews

Security settings shouldn't be set once and forgotten. Review them periodically, especially after software updates that might add new features or change default settings. Stay informed about security advisories from your software vendor and implement recommended changes promptly.

Consider conducting or commissioning a security review of your tax software configuration as part of your broader security assessments. External perspective can identify issues you might overlook.