Prueba Gratis
Guía de Riesgos del Hosting de Software de Impuestos

The Cybersecurity Risk of Running CCH ATX on a Local Network

Software: CCH ATX  |  Proveedor: Wolters Kluwer / CCH

Idea clave

When ATX data lives on a shared office path that any workstation can reach, taxpayer files inherit the security weaknesses of every endpoint — every weak password, every unpatched browser, and every remote support tool in the office.

A quién aplica esto

Tax preparation firms, CPA firms, EAs, bookkeepers, EROs, and accounting offices that run CCH ATX on local PCs, mapped network drives, peer-to-peer shares, or an in-office file server.

CCH ATX is commonly used by tax professionals, and many firms run it as a desktop or local-network install because it is familiar, fast, and convenient. The tradeoff is that local convenience can create serious cybersecurity exposure when sensitive taxpayer data lives on office PCs, shared drives, mapped network paths, or an in-office file server.

What CCH ATX is

CCH ATX, from Wolters Kluwer / CCH, is widely used by small-to-mid-sized tax preparation firms, EAs, and seasonal practices that prepare a high volume of 1040 and small-business returns. ATX is primarily distributed as a Windows desktop product with optional network deployment, and although Wolters Kluwer offers cloud-oriented tax products elsewhere in their portfolio, this article focuses on firms running ATX in a traditional desktop or LAN-shared configuration.

How local CCH ATX setups usually work

A typical ATX office installs the program on each preparer's workstation and points everyone at a shared "ATX" data location on a local server or designated host PC, often through a mapped drive or UNC path. Multiple users open returns concurrently from the same dataset over the office LAN. Access is controlled mostly through Windows file permissions and the ATX user list. Backups may be handled by ATX itself, by a third-party utility, or by an external drive that lives in the same office.

Definiciones rápidas

  • Mapped drive — a Windows drive letter (like T:\ or Z:\) that points to a shared folder on another computer or server.
  • Local server / file server — a computer in the office that hosts shared files for other workstations.
  • Hosted server — a server in a controlled hosting environment (cloud or properly hardened internal) that users reach through controlled remote sessions.
  • MFA — multi-factor authentication; requires a second factor (app code, hardware key) in addition to a password.
  • WISP — Written Information Security Plan, expected of tax professionals under IRS Publication 4557 and FTC Safeguards Rule expectations.
  • Ransomware — malware that encrypts files and demands payment for a decryption key.

Why taxpayer data inside CCH ATX is so valuable

Return data inside professional tax software typically includes:

  • Names, addresses, and dates of birth
  • Social Security numbers and dependent information
  • Employer information and W-2, 1099, and K-1 details
  • Bank account and routing numbers used for refunds and payments
  • Prior-year return data and carryforwards
  • Tax credits, deductions, and filing status
  • Identity verification information
  • E-file submission data

That combination is exactly what attackers need for identity theft, refund fraud, business email compromise, extortion, and ransomware. It is a major reason tax offices are repeatedly targeted, particularly during filing season.

Risk summary

Local setup elementWhy it creates riskBetter hosted-server control
Shared / mapped tax data folderMalware on one workstation may reach all shared filesKeep tax data inside a controlled hosted session
Shared Windows credentialsHard to prove individual accountabilityRequire unique user accounts with MFA
Local workstation storageData may remain on laptops and desktopsCentralize data on a secured, segmented server
Local backupsBackups may be reachable by ransomwareUse protected, segmented, monitored backups
Uncontrolled remote accessAttackers may abuse exposed RDP / remote toolsUse MFA-protected remote sessions only

The inherent problem with local network sharing

When CCH ATX data is shared over the office LAN, the security of the tax database effectively depends on the weakest workstation, weakest password, weakest Windows account, weakest remote access tool, weakest backup process, and weakest shared-folder permission in the office. Common risks include:

  • Compromised Windows logins and phishing attacks on staff
  • Malware on a single workstation that reaches all shared data
  • Ransomware encrypting mapped drives and reachable backups
  • Weak, reused, or shared passwords; no individual MFA on app access
  • Local admin rights granted too broadly
  • Exposed RDP or poorly secured third-party remote access tools
  • Unencrypted or co-located backups
  • Old workstations and missing patches during busy season
  • Inconsistent endpoint protection across the office
  • Over-permissive file shares with no centralized audit trail
  • No clear evidence of access controls or written security plan

Escenarios de ataque realistas

  • A staff member opens a malicious attachment, malware lands on their workstation, and the shared ATX data folder is encrypted within minutes.
  • A weak Windows password on a reception PC is brute-forced over an exposed remote tool, exposing the same shared ATX data the preparers use.
  • A seasonal preparer reuses a password that has appeared in a public breach, allowing an attacker to log in and exfiltrate prior-year returns.
  • Local antivirus is disabled on a single workstation; that workstation becomes the entry point for credential theft.
  • Backups stored on a USB drive plugged into the host PC are encrypted in the same incident as the live data.

Why "we have antivirus" is not enough

Antivirus, endpoint protection, firewall appliances, spam filtering, and backups are useful — but they are not the same thing as a secure architecture. A CCH ATX office can still be exposed if a user is phished, a workstation is compromised, a mapped drive is reachable, a backup share lives on the same network, an attacker gains local admin rights, users share credentials, the tax app does not require individual MFA on every access, or the firm cannot prove who accessed which client file and when.

IRS, WISP, and the compliance angle

Tax professionals are expected to protect taxpayer data and to maintain a Written Information Security Plan (WISP). IRS Publication 4557 and the FTC Safeguards Rule frame this expectation in general terms: a firm needs more than good intentions. It needs documented controls, access management, incident response planning, employee training, backup and recovery planning, and security monitoring. This article is not legal advice — it describes architectural patterns that are easier or harder to defend during a review.

Why hackers target tax offices

Small and mid-sized tax firms are attractive targets because they:

  • Hold uniquely valuable identity and financial data
  • Often do not have full-time IT or security staff
  • Frequently rely on older local-network software workflows
  • Use seasonal preparers and rush operations during tax season
  • Sometimes delay patches and upgrades until "after April"
  • Commonly use multiple remote access tools
  • Allow a single compromised workstation to expose all shared tax data

A more defensible architecture: hosted server model

A more defensible setup for CCH ATX is to run the application inside a hosted-server environment where each preparer signs in with a unique account, MFA is enforced for every session, the ATX data path is not exposed as an open network share to ordinary office desktops, and backups live in a separate, monitored location designed to survive a ransomware event.

In a properly designed hosted-server model: CCH ATX runs on a controlled server, users access it through secure remote sessions, each user has an individual account, MFA is required, local desktops do not directly store or freely browse the tax database, access is logged, backups are centralized and segmented, permissions are enforced, security updates are managed centrally, and the environment is segmented from the rest of the office network. That is materially easier to document for WISP and compliance purposes than a peer-to-peer or mapped-drive LAN.

Matiz importante

A "hosted server" can be either a reputable remote tax software hosting provider or a properly secured local server environment that is designed to behave like a hosted system — users authenticate individually with MFA and access the tax software through controlled sessions, instead of opening raw shared data from ordinary office desktops. The architecture matters more than the address.

Schedule a CCH ATX security review

If your firm runs CCH ATX from local desktops, mapped drives, peer-to-peer shares, or an office file server, EasyWISP can help you understand the risk, document your WISP, and plan a safer hosted-server model with individual access controls and MFA.

Agenda una Revisión de Seguridad de Software de Impuestos Cómo EasyWISP Ayuda a Firmas de Impuestos

Preguntas frecuentes

ATX functions on peer-to-peer networks, but that architecture is one of the harder configurations to defend. Anyone who compromises one workstation typically gets access to the same shared tax data the preparers use, with limited logging.

In a network install, ATX is generally pointed at a shared data folder on a host PC or server (for example, a mapped drive like T:\ATX or a UNC path). The exact path varies by firm, but the security implication is the same: it is shared data on the office LAN.

ATX itself has user controls, but enforcing MFA on every access to taxpayer data is far easier when the application runs inside a hosted-server environment where the gateway, not just the application, requires multi-factor authentication.

Yes. Because ATX return data lives in standard files on a Windows file system, any ransomware running with permissions to the shared folder can encrypt it. Reachable backups in the same office often go down with the live data.

Antivirus and endpoint protection are important baseline controls, but they do not address phished credentials, over-permissive shares, exposed remote tools, or shared logins — all of which are common in small tax offices.

For most firms, hosting ATX in a controlled environment with individual MFA-protected access, centralized backups, and segmented infrastructure is materially easier to defend under IRS Publication 4557 and the FTC Safeguards Rule than a peer-to-peer LAN setup.

EasyWISP helps firms document their WISP, evaluate whether their ATX environment is unnecessarily exposed, and plan a safer hosted-server architecture with documented access controls.

Conclusión

CCH ATX is not automatically unsafe, and many firms have used it for years. The issue is that the local-network architecture gives attackers too many paths to taxpayer data when a single workstation, password, remote access tool, or mapped drive is compromised. For firms handling sensitive taxpayer information, the more defensible model is to move CCH ATX access into a controlled hosted-server environment with MFA, centralized backups, logging, segmentation, and documented WISP controls.

Artículos relacionados de hosting de software de impuestos

CCH ProSystem fx Tax

Wolters Kluwer / CCH

CCH TaxWise Desktop

Wolters Kluwer / CCH

UltraTax CS

Thomson Reuters

Lacerte Tax

Intuit

Índice de Hosting de Software de ImpuestosWISP para Preparadores de ImpuestosCumplimiento de Seguridad Fiscal del IRSAgenda una Consulta

Aviso: Este artículo es para educación general en ciberseguridad y cumplimiento. No es asesoría legal, fiscal ni regulatoria. Las firmas deben consultar a profesionales calificados para orientación específica a su entorno.

Prueba Gratis