Firewall Protection for Tax Offices
Security Six requirement #2: Both hardware and software firewalls are required to protect your network and devices. Here’s how to set them up correctly.
What the IRS requires for firewall protection
IRS Publication 4557 requires two layers of firewall protection: a hardware firewall (typically built into your router or a dedicated appliance) that protects your entire office network, and software firewalls on each individual device that accesses client data.
Your firewall is the first line of defense against unauthorized access. It monitors incoming and outgoing network traffic and blocks connections that don’t meet your security rules. Without it, every device on your network is directly exposed to the internet.
Hardware vs. software firewalls
Hardware firewalls sit between your internet connection and your network. Most business routers include one, but dedicated firewall appliances (like Fortinet or SonicWall) offer deeper inspection and better logging. Software firewalls run on each device — Windows Firewall and macOS Firewall are built-in options. Both layers are required because they protect against different threat vectors.
Firewall best practices for tax offices
Separate your networks
Keep client-data systems on a separate network segment from guest Wi-Fi and personal devices. This limits exposure if one segment is compromised.
Enable logging
The FTC Safeguards Rule requires activity logging. Your firewall should log all blocked connections and suspicious traffic for review.
Update firmware regularly
Router and firewall firmware updates patch security vulnerabilities. Enable auto-updates or check monthly at minimum.
Review rules annually
Firewall rules should be reviewed at least annually as part of your WISP update. Remove outdated rules and verify nothing is left open unnecessarily.
Firewall FAQ for tax offices
For a solo practitioner, a modern business-grade router with SPI (Stateful Packet Inspection) firewall may suffice, combined with software firewalls on each device. For multi-user offices or firms handling high volumes of client data, a dedicated firewall appliance with deeper inspection capabilities is strongly recommended.
Yes. Your home network needs the same firewall protection as a traditional office. At minimum, ensure your home router’s firewall is enabled and properly configured, software firewalls are active on your work devices, and your work network is segmented from household devices.
Check your firewall logs regularly for blocked connection attempts — that’s your firewall doing its job. You can also use online port-scanning tools to verify no unnecessary ports are open. For business-grade firewalls, review the dashboard for traffic patterns and blocked threats. Document these checks as part of your WISP.
Protect Your Tax Practice Today
Schedule a free consultation with our cybersecurity experts. We'll review your current security posture and help you achieve full IRS compliance.
Protect your tax practice from cyber threats
Schedule a free consultation to assess your firm's security posture.