Tax Software Hosting Risk Guide

The Cybersecurity Risk of Running CCH ProSystem fx Tax on a Local Network

Software: CCH ProSystem fx Tax | Vendor: Wolters Kluwer / CCH

Key takeaway

Because ProSystem fx Tax return data is essentially a shared dataset on the office LAN, the security of every taxpayer file effectively depends on the weakest workstation, the weakest Windows password, the most exposed remote access tool, and the least patched endpoint in the office.

Who this applies to

Tax preparation firms, CPA firms, EAs, bookkeepers, EROs, and accounting offices that run CCH ProSystem fx Tax on local PCs, mapped network drives, peer-to-peer shares, or an in-office file server.

CCH ProSystem fx Tax is commonly used by tax professionals, and many firms run it as a desktop or local-network install because it is familiar, fast, and convenient. The tradeoff is that local convenience can create serious cybersecurity exposure when sensitive taxpayer data lives on office PCs, shared drives, mapped network paths, or an in-office file server.

What CCH ProSystem fx Tax is

CCH ProSystem fx Tax is a long-standing professional tax preparation suite from Wolters Kluwer / CCH, used by mid-sized and large CPA firms, multi-office tax practices, and complex business return preparers. Wolters Kluwer also offers CCH Axcess Tax as a cloud-native sister product, but this article focuses specifically on firms running ProSystem fx Tax in a desktop or local-network configuration where return data and the application live inside the firm's own office environment.

How local CCH ProSystem fx Tax setups usually work

In a typical local-network ProSystem fx Tax setup, the application is installed on one or more office workstations, while a shared data folder lives on a local file server, NAS device, or peer-to-peer share. Staff usually map a network drive (for example, a path like \\SERVER\TaxData or T:\) so each workstation can open the same return database. Multiple preparers, reviewers, and admins access the same files concurrently using their Windows accounts. Backups are commonly handled by a separate utility, sometimes inconsistently, and remote staff frequently reach the data through a VPN, RDP session, or third-party remote access tool.

Quick definitions

Mapped drive — a Windows drive letter (like T:\ or Z:\) that points to a shared folder on another computer or server.
Local server / file server — a computer in the office that hosts shared files for other workstations.
Hosted server — a server in a controlled hosting environment (cloud or properly hardened internal) that users reach through controlled remote sessions.
MFA — multi-factor authentication; requires a second factor (app code, hardware key) in addition to a password.
WISP — Written Information Security Plan, expected of tax professionals under IRS Publication 4557 and FTC Safeguards Rule expectations.
Ransomware — malware that encrypts files and demands payment for a decryption key.

Why taxpayer data inside CCH ProSystem fx Tax is so valuable

Return data inside professional tax software typically includes:

Names, addresses, and dates of birth
Social Security numbers and dependent information
Employer information and W-2, 1099, and K-1 details
Bank account and routing numbers used for refunds and payments
Prior-year return data and carryforwards
Tax credits, deductions, and filing status
Identity verification information
E-file submission data

That combination is exactly what attackers need for identity theft, refund fraud, business email compromise, extortion, and ransomware. It is a major reason tax offices are repeatedly targeted, particularly during filing season.

Risk summary

Local setup element	Why it creates risk	Better hosted-server control
Shared / mapped tax data folder	Malware on one workstation may reach all shared files	Keep tax data inside a controlled hosted session
Shared Windows credentials	Hard to prove individual accountability	Require unique user accounts with MFA
Local workstation storage	Data may remain on laptops and desktops	Centralize data on a secured, segmented server
Local backups	Backups may be reachable by ransomware	Use protected, segmented, monitored backups
Uncontrolled remote access	Attackers may abuse exposed RDP / remote tools	Use MFA-protected remote sessions only

The inherent problem with local network sharing

When CCH ProSystem fx Tax data is shared over the office LAN, the security of the tax database effectively depends on the weakest workstation, weakest password, weakest Windows account, weakest remote access tool, weakest backup process, and weakest shared-folder permission in the office. Common risks include:

Compromised Windows logins and phishing attacks on staff
Malware on a single workstation that reaches all shared data
Ransomware encrypting mapped drives and reachable backups
Weak, reused, or shared passwords; no individual MFA on app access
Local admin rights granted too broadly
Exposed RDP or poorly secured third-party remote access tools
Unencrypted or co-located backups
Old workstations and missing patches during busy season
Inconsistent endpoint protection across the office
Over-permissive file shares with no centralized audit trail
No clear evidence of access controls or written security plan

Realistic attack scenarios

A preparer's workstation is compromised through a phishing email; the attacker pivots to the mapped tax data drive and exfiltrates returns.
Ransomware encrypts the shared ProSystem fx Tax data folder mid-season because every workstation has read/write access to it.
An exposed RDP or remote support tool is brute-forced, giving the attacker the same access to tax data as a legitimate preparer.
A former staff member's Windows account is never disabled and continues to access taxpayer files.
Local backups sit on the same network and are encrypted along with the live data during a ransomware event.

Why "we have antivirus" is not enough

Antivirus, endpoint protection, firewall appliances, spam filtering, and backups are useful — but they are not the same thing as a secure architecture. A CCH ProSystem fx Tax office can still be exposed if a user is phished, a workstation is compromised, a mapped drive is reachable, a backup share lives on the same network, an attacker gains local admin rights, users share credentials, the tax app does not require individual MFA on every access, or the firm cannot prove who accessed which client file and when.

IRS, WISP, and the compliance angle

Tax professionals are expected to protect taxpayer data and to maintain a Written Information Security Plan (WISP). IRS Publication 4557 and the FTC Safeguards Rule frame this expectation in general terms: a firm needs more than good intentions. It needs documented controls, access management, incident response planning, employee training, backup and recovery planning, and security monitoring. This article is not legal advice — it describes architectural patterns that are easier or harder to defend during a review.

Why hackers target tax offices

Small and mid-sized tax firms are attractive targets because they:

Hold uniquely valuable identity and financial data
Often do not have full-time IT or security staff
Frequently rely on older local-network software workflows
Use seasonal preparers and rush operations during tax season
Sometimes delay patches and upgrades until "after April"
Commonly use multiple remote access tools
Allow a single compromised workstation to expose all shared tax data

A more defensible architecture: hosted server model

A more defensible architecture for CCH ProSystem fx Tax is to run the application inside a controlled hosted-server environment — either a reputable tax software hosting provider or a properly hardened internal server — where every preparer authenticates with a unique account, MFA is required on every session, the tax database is never exposed as a raw network share, backups are segmented from production, and access is logged in a way the firm can show during a WISP review.

In a properly designed hosted-server model: CCH ProSystem fx Tax runs on a controlled server, users access it through secure remote sessions, each user has an individual account, MFA is required, local desktops do not directly store or freely browse the tax database, access is logged, backups are centralized and segmented, permissions are enforced, security updates are managed centrally, and the environment is segmented from the rest of the office network. That is materially easier to document for WISP and compliance purposes than a peer-to-peer or mapped-drive LAN.

Important nuance

A "hosted server" can be either a reputable remote tax software hosting provider or a properly secured local server environment that is designed to behave like a hosted system — users authenticate individually with MFA and access the tax software through controlled sessions, instead of opening raw shared data from ordinary office desktops. The architecture matters more than the address.

Schedule a CCH ProSystem fx Tax security review

If your firm runs CCH ProSystem fx Tax from local desktops, mapped drives, peer-to-peer shares, or an office file server, EasyWISP can help you understand the risk, document your WISP, and plan a safer hosted-server model with individual access controls and MFA.

Schedule a Tax Software Security Review See How EasyWISP Helps Tax Firms

Frequently asked questions

CCH ProSystem fx Tax itself is a mature, professional product, but a local-network deployment concentrates risk: the security of every return file depends on the weakest workstation, password, and remote access tool in the office. Many firms operate this way for years without incident, but the architecture leaves few defensible controls if a single endpoint is compromised.

In a desktop / network install, return data and supporting files generally live in a shared folder on a local server, NAS, or workstation. That folder typically contains names, Social Security numbers, dates of birth, dependent information, employer data, bank routing details, and prior-year return data — exactly the data attackers want.

A mapped drive is a convenience, but it is also a direct path from any compromised workstation to the entire shared tax dataset. Ransomware and credential-theft attacks specifically look for mapped drives and reachable SMB shares, which is why a hosted-server model that does not expose raw shares is a stronger control.

Yes. Any data the user account can write to can usually be encrypted by ransomware running under that account. If the shared tax data folder and the local backup share are both reachable from the same workstation, a single infection during tax season can take both down at once.

Antivirus, firewalls, and endpoint protection are necessary but not sufficient. They do not stop a phished credential, a misconfigured share, an over-permissive Windows account, or an attacker who logs in through an exposed remote tool. A defensible posture combines those tools with individual access, MFA, segmentation, and documented controls.

For most firms handling federal returns, moving ProSystem fx Tax into a controlled hosted-server environment with individual MFA-protected user access and centralized backups is significantly easier to defend under IRS Publication 4557 / FTC Safeguards expectations than a peer-to-peer or mapped-drive setup.

EasyWISP helps tax firms document their Written Information Security Plan, assess whether their current ProSystem fx Tax architecture creates unnecessary exposure, evaluate access controls and MFA, and plan a transition to a more defensible hosted-server model where appropriate.

Conclusion

CCH ProSystem fx Tax is not automatically unsafe, and many firms have used it for years. The issue is that the local-network architecture gives attackers too many paths to taxpayer data when a single workstation, password, remote access tool, or mapped drive is compromised. For firms handling sensitive taxpayer information, the more defensible model is to move CCH ProSystem fx Tax access into a controlled hosted-server environment with MFA, centralized backups, logging, segmentation, and documented WISP controls.