What the 2026 ‘Protect Your Clients; Protect Yourself’ Campaign Means for Your Firm this Summer

Taxes | July 12, 2026

What the 2026 ‘Protect Your Clients; Protect Yourself’ Campaign Means for Your Firm this Summer

Get ready for next tax season with a real security program instead of a folder that only gets opened when an audit demands it.

Scott Carr

Every July, while clients are enjoying their tax refunds and preparers are finally catching their breath after filing season, the IRS and its Security Summit partners kick off something worth every firm’s attention: a five-week campaign called Protect Your Clients; Protect Yourself. Now in its 11th year, this Security Summit effort brings together the IRS, state tax agencies, and the tax industry with one goal — helping preparers close the security gaps that criminals are actively exploiting.

This year’s series covers new scams targeting tax professionals, core safeguards known as the “Security Six,” the Written Information Security Plan (WISP) required under the Gramm-Leach-Bliley Act, and tools like multi-factor authentication and IRS Online Accounts. For small and mid-sized firms, this isn’t background noise. Under GLBA, tax and accounting professionals are legally classified as financial institutions and are required to maintain a data security plan. Summer, not tax season, is when firms actually have the bandwidth to fix what’s missing.

Why This Campaign Deserves a Firm’s Full Attention

Criminals aren’t just targeting individual taxpayers anymore. A single compromised preparer can hand an identity theft ring the raw material to file fraudulent returns in hundreds of clients’ names — each one a months-long recovery process for the victim and a reputational hit for the firm that lost the data. Smaller firms face structural exposure that larger practices often don’t: fewer dedicated IT resources, no formal incident response plan, client documents moving over email instead of a secure portal, and seasonal staff whose access is never fully revoked once filing season ends.

Week one of this year’s campaign focused on emerging scams: impersonation of the IRS by email, text, direct message, spoofed caller ID, and automated calls, all designed to push preparers into clicking malicious links or revealing financial details. Other schemes include “new client” spear-phishing emails carrying malware disguised as prior-year tax documents, along with attempts to steal identifiers like EFINs, PTINs, and CAF numbers. Later weeks addressed the WISP requirement, MFA, and how to recognize and report identity theft when it occurs.

Action Steps for Firms and Their IT Teams

  1. Confirm a WISP exists and is current. A firm without a documented Written Information Security Plan is out of compliance with GLBA today, not eventually.
  2. Turn on multi-factor authentication everywhere. Tax software, email, remote access, and any client portal should require MFA, with no exceptions made for convenience.
  3. Audit who still has access. Seasonal preparers who left in April should have had credentials revoked in April, not still be active logins in July.
  4. Train staff to verify unusual requests. New-client emails with attached “prior returns,” spoofed IRS calls, and urgent password-reset texts are all active tactics this year.
  5. Review the incident response plan. Know exactly who to call and what to report to the IRS Stakeholder Liaison if a breach happened tomorrow.
  6. Encourage IP PIN enrollment for staff and clients where appropriate, and make sure the team understands how a Tax Pro Account and IRS Online Account fit into daily workflow.

Questions Clients Often Ask

“Is my information safe with your firm?”
A firm can point to its Written Information Security Plan, MFA on every system, and regular access reviews as concrete proof, not just reassurance.

“What happens if your firm gets hacked?”
A documented incident response plan means a firm knows exactly which regulators and clients to notify, and how quickly.

“Why do you need me to use a portal instead of email?”
Email isn’t secure for W-2s, Social Security numbers, or bank details, and a portal protects both the firm and the client from exposure.

Closing the Gap Before Next Season

The IRS has effectively handed the profession a five-week roadmap. The firms that use the slower summer months to act on it — documenting a WISP, enforcing MFA, cleaning up stale access, and testing an incident response plan — will walk into next tax season with a real security program instead of a folder that only gets opened when an audit demands it.


Scott Carr, owner of Farmhouse Networking in Grants Pass, Oregon, is a veteran Network & Computer Systems Architect with over 30 years of IT experience. For over a decade, he’s led his team in delivering proactive, secure, and fully managed IT services to more than 80 businesses—including accounting and finance firms that rely on data security, compliance, and efficiency. Scott’s hands-on, jargon-free approach ensures every client understands their technology and gains confidence in their systems. His firm is known for fast, responsive support—most issues are resolved within 15 minutes—and deep expertise in cybersecurity, network design, and IT compliance. Learn more about how Farmhouse Networking supports the accounting industry at https://www.farmhousenetworking.com/finance-it-support/.

Sign in to get access to this free resource, and all of our whitepapers and reports.

Download this content today!

Register to get free access to this content, as well as newsletters, continuing education, podcasts, and more…

Leave a Reply

Scott Carr

Scott Carr

Scott Carr, owner of Farmhouse Networking in Grants Pass, Oregon, is a veteran Network & Computer Systems Architect with over 30 years of IT experience. For over a decade, he’s led his team in delivering proactive, secure, and fully managed IT services to more than 80 businesses—including accounting and finance firms that rely on data security, compliance, and efficiency. Scott’s hands on, jargon free approach ensures every client understands their technology and gains confidence in their systems. His firm is known for fast, responsive support—most issues are resolved within 15 minutes—and deep expertise in cybersecurity, network design, and IT compliance. Learn more about how Farmhouse Networking supports the accounting industry at https://www.farmhousenetworking.com/finance-it-support/.