Security Six • Protection #5

Data Backup Plan for Tax Preparers

Name: Bellator Cyber Guard
Address: US
Telephone: (800) 492-6076
Price range: $$

Security Six requirement #5: Regular backups of all client data with offsite storage. Ransomware, hardware failure, or natural disaster — backups are your recovery lifeline.

Talk With an Expert Call (800) 492-6076

60%

Of small firms close after data loss

3-2-1

The backup rule to follow

7 yrs

IRS record retention requirement

96%

Recovery rate with proper backups

The 3-2-1 backup rule

The IRS recommends the 3-2-1 backup strategy as the foundation of your data protection plan:

Copies of your data

Original + 2 backups

Different media types

Local drive + cloud or tape

Offsite copy

Cloud storage or remote location

Critical: All backups must be encrypted. An unencrypted backup is a complete copy of every client’s sensitive data sitting in one place. And test your restores regularly — a backup you can’t restore from is worthless.

Backup best practices for tax offices

Automate your backups

Manual backups get forgotten. Use automated backup software that runs daily (or more frequently during tax season) without requiring human action.

Encrypt everything

Both local and cloud backups must be encrypted. Use AES-256 encryption and store encryption keys separately from the backup data.

Test restores quarterly

Verify you can actually restore from your backups. Pick random files and restore them to confirm the process works. Document each test in your WISP.

Retain for 7 years

The IRS requires tax preparers to retain client records and related security logs for a minimum of 7 years. Plan your backup retention accordingly.

Backup FAQ for tax preparers

Daily at minimum. During tax season, consider backing up multiple times per day. The goal is that if something goes wrong, you lose no more than one day’s work. Automated backup solutions can run continuously in the background.

No. An external hard drive connected to your computer can be encrypted by ransomware along with your main drive. You need at least one offsite or disconnected backup. The 3-2-1 rule requires different media types and an offsite copy. A local drive plus encrypted cloud backup is a good minimum setup.

Tax software cloud backups cover the data within that application, but not everything else: client documents, emails, scanned forms, and your WISP/compliance documentation. You need a comprehensive backup strategy that covers all client data, not just what’s in one application.

Protect Your Tax Practice Today

Schedule a free consultation with our cybersecurity experts. We'll review your current security posture and help you achieve full IRS compliance.

Schedule Free Consultation Call Us Now

Protect your tax practice from cyber threats

Schedule a free consultation to assess your firm's security posture.

Book a Free Consultation Get Your Free WISP