From confidentiality-focused IT architecture and tax-software support (UltraTax CS, Thomson Reuters GoSystem Tax RS, Lacerte, CCH ProSystem fx, Drake, ProSeries, TaxSlayer Pro, QuickBooks Enterprise) to email and BEC defense, tax-season resilience, and phishing simulations built around tax-pro-specific scams — we run the day-to-day IT and security program your firm needs. We work alongside your firm's compliance advisor — they own the IRS Pub 4557 and FTC Safeguards interpretation; we own the technical safeguards behind it. CISSP-led. Arkansas-based.
Three things. We work alongside your firm's compliance advisor on the IT and security side — they own the IRS Pub 4557 and FTC Safeguards interpretation, we own the technical safeguards (encryption, MFA, access controls, monitoring, backup). We deploy email security and BEC defenses tuned for the phishing campaigns tax preparers actually see (fake IRS notices, fake client urgency, fake bank transfer requests). And the founder is CISSP-credentialed and the author of Cyber Fortresses (published on Amazon), with Beyond the Prompt: The Business Owner's Guide to Understanding AI as his second book and more titles in the pipeline.
If any of these describe your firm's current situation, the gap isn't generic IT capability — it's accounting-specific depth. We close that gap.
The average cost of a data breach in the financial services sector reached $6.08 million — the second-highest of any industry tracked, and well above the global cross-industry average of $4.88M. Tax preparers and accounting firms are inside that target set because client data includes Social Security numbers, dependents' identities, banking details, and full financial pictures. Source: IBM Cost of a Data Breach Report.
IRS Pub 4557 has required every tax preparer to have a Written Information Security Plan for years. The FTC Safeguards Rule made the requirement sharper for any preparer handling non-public personal information. You asked your IT vendor if your current setup actually satisfies what those rules expect. You got a shrug. Your compliance advisor asked for the technical-safeguards documentation. Nobody had it.
April 8th. Your tax software won't open. Workstations are encrypted. Your backup vendor's restore process takes 48 hours per server. Your filing-deadline clients are calling every hour. You can't see returns in progress. You can't pull last year's documents. You don't know if PII was exfiltrated. Your insurance carrier wants a forensic firm involved before you touch anything. The deadline doesn't move.
An email arrives — looks like an IRS notice, looks like a CP-2000, looks like a client urgently asking you to authorize a wire on their behalf. Your operations team is about to act. Somebody catches it just in time. Or somebody doesn't, and now you're working with the FBI on a six-figure loss, explaining to your insurance carrier why you didn't have a callback-verification protocol on wire instructions.
The FTC's updated Safeguards Rule pulled tax preparers and accountants under explicit "financial institution" cybersecurity obligations: written information security program, designated qualified individual, risk assessment, access controls, encryption, MFA, monitoring, vendor management, incident response, and annual board (or owner) reporting. Enforcement has been escalating against firms that can't produce the documentation. Cyber-insurance carriers are reading the same playbook and asking the same questions on renewal.
Built around what your cyber-insurance underwriter and your firm's compliance advisor actually look for on the IT side — not generic "cybersecurity" deliverables.
Network, server, endpoint, and cloud setup designed around protecting taxpayer and client financial data. Encrypted email and storage, role-based access controls, audit logging, MFA on every account with PII access, network segmentation between client-data systems and general business systems, and documented configurations your compliance advisor can point to during your WISP review.
Encrypted off-site backups with documented restore testing (so you actually know your data comes back when you need it). Redundant internet paths so a single ISP outage doesn't take you down during a filing deadline. Endpoint detection and response on every workstation. Documented incident-response runbook so the first four hours of a ransomware event are decisive rather than chaotic.
IT-side support for UltraTax CS, Thomson Reuters (GoSystem Tax RS, Onvio), Lacerte, CCH ProSystem fx, Drake Tax, ProSeries, TaxSlayer Pro, QuickBooks Enterprise, QuickBooks Online Accountant, Xero, Sage, and others. Bandwidth sizing for cloud tax software during peak filing season, firewall rules, MFA enrollment, single sign-on, certificate management, off-site backup integration, endpoint security on workstations that touch return data.
Email is the #1 attack vector against accounting firms — fake IRS notices, fake CP-2000s, fake e-file rejection notices, fake client urgency right before a filing deadline, and fake bank transfer-request emails from clients. We deploy advanced threat protection, BEC detection, callback verification protocols for wire-instruction changes, dual-control approval workflows for outgoing wires, and the layered defenses that match the actual threat profile of a tax preparer's inbox.
Whether you run SmartVault, ShareFile, Canopy, Liscio, Suralink, or a vendor-provided portal, we secure the IT side: TLS in transit, encryption at rest, MFA on every login, audit logging on every document access, and integration with your firm's identity provider. Plus the documentation your compliance advisor needs to show portal security meets your WISP's "transmission and storage of PII" requirements.
Generic phishing-simulation content catches some attacks but misses the tax-pro-specific ones: fake IRS notices, fake client urgency right before a filing deadline, fake e-file rejection notices, fake bank transfer-request emails. We build phishing simulations around the scenarios your firm actually sees, document training records (so they're available for your annual compliance review), and report measurable improvement in your team's detection rate over time.
These are the four bodies of guidance Arkansas CPA and accounting firms answer to. Your compliance advisor, your firm's professional-responsibility lead, and your AICPA / state-board-recommended IT consultant own the interpretation of these rules. We work alongside them to keep the IT and security side of the program lined up with what those professionals expect to see.
Generic MSPs do the IT work but haven't read IRS Pub 4557. Accounting-IT consultancies write the assessment and disappear. Mansour's is the middle path — and the only one of the three that's locally based in Arkansas.
| Mansour's | Generic MSP | Accounting-IT Consultancy | |
|---|---|---|---|
| Familiar with IRS Pub 4557 + FTC Safeguards Rule | Familiar at a working level · works alongside your compliance advisor | Has heard of it | Yes — but only the paperwork |
| Configures tax-pro phishing and BEC defenses | Standard practice | Generic phishing defense only | Advises · doesn't implement |
| CISSP on staff | Founder-held | Rare | Yes — at consulting rates |
| Supports tax software (UltraTax, Lacerte, Drake, TaxSlayer Pro, ProSystem fx + more) | Yes — IT side alongside the software vendor | Limited | Advises only |
| Implements technical safeguards alongside your compliance advisor | Yes · documented configurations | Generic dashboard exports | Yes — at $300+/hr |
| Tracks cyber-insurance underwriting requirements for accounting firms | Yes · questionnaire-ready | Reactive | Sometimes |
| Delivers tax-pro-specific phishing simulations | Yes · fake IRS notices, fake client urgency, fake e-file rejection scenarios | Generic phishing content | One-time training only |
| Single Arkansas phone number for IT + security operations | Yes | IT only | Assessment only |
| Local Arkansas presence · same-day on-site response | Little Rock · 10 counties | Varies | Out-of-state · remote-only |
| Founder is an Amazon-published cybersecurity author | Yes · Cyber Fortresses on Amazon · Beyond the Prompt second book published | No | Sometimes |
No 90-day discovery decks. No five-figure retainer before we'll take your call.
A quick conversation to understand your current state — what tax software you run, what your filing-season exposure looks like, where your WISP is today, whether your cyber-insurance renewal is coming up, and what's keeping you up at night. You leave with a clear sense of whether a deeper conversation makes sense. No pressure if it's not a fit.
If we're a fit, we run a high-level assessment of your current IT and security posture against the kinds of technical safeguards your cyber-insurance underwriter and your firm's compliance advisor typically look for. Output is a prioritized plan with the work scoped, the fee fixed, and the rollout timed to your firm's calendar (we know not to launch a big project the week before April 15). You see the math before you commit.
We implement the plan and stay on as your ongoing IT and security partner — with continuous monitoring, encrypted off-site backups, tax-pro-specific staff training and phishing simulations, email and BEC defenses, tax-software integration, and the documented configurations your compliance advisor needs to show your WISP is real. One team. Institutional knowledge stays in one place.
Three Google reviews — led by an actual Little Rock accounting-firm client.
"Our accounting firm in Little Rock chose Mansour's Computer Solutions to handle our cybersecurity onboarding, and the experience was outstanding. They took the time to understand how we store and access sensitive client tax data, then implemented multiple layers of protection to keep our systems safe from hackers."
"We had a serious issue at our office (Jurist Law Group in Little Rock, Arkansas) when someone accidentally clicked a bad link in an email. It caused all kinds of problems with our Outlook and we were worried it might have let hackers in.
We called Mansour's Computer Solutions and they were amazing. They showed up fast, found the issue right away, and got everything cleaned up and back to normal. They removed the infection from our email system and made sure there was nothing left behind that could harm us later.
If you're looking for reliable IT support or cybersecurity help in Little Rock, I highly recommend Mansour's. They were professional, quick, and gave us peace of mind during a really stressful time."
"When we experienced an email breach, their team responded the same day, resolved the issue promptly, and gave us the confidence to entrust them with all our IT needs. We had never worked with an IT firm before, and now we can't imagine needing anyone else."
We're familiar with the basics — IRS Publication 4557 (Safeguarding Taxpayer Data) requires every tax preparer to have a Written Information Security Plan (WISP) and to implement certain technical safeguards. The FTC Safeguards Rule under Gramm-Leach-Bliley applies to tax preparers and CPAs because they handle non-public personal information. We're not your compliance advisor or IRS Pub 4557 specialist. What we are is the IT and security team that works alongside your firm's compliance advisor — we own the technical safeguards (encryption, MFA, access controls, audit logging, off-site backup, endpoint protection, anti-phishing email defenses) those professionals need to be in place; they own the WISP documentation and the regulatory interpretation.
UltraTax CS, Thomson Reuters (GoSystem Tax RS, Onvio), Lacerte, CCH ProSystem fx, Drake Tax, ProSeries, TaxSlayer Pro, QuickBooks Enterprise, QuickBooks Online Accountant, Xero, Sage, and a handful of others. We don't replace your tax-software vendor's implementation team — we work alongside them on the IT plumbing: bandwidth sizing for cloud tax software during peak filing season, firewall rules, MFA enrollment, single sign-on, certificate management, off-site backup integration, endpoint security on the workstations that touch return data, and the documentation your compliance advisor needs to demonstrate the technical safeguards your WISP describes.
Tax season is the worst possible time for a ransomware incident — filing deadlines don't move, clients are anxious, and your firm's revenue concentration in 60-90 days means downtime is enormously costly. Our defenses are layered: encrypted off-site backups with documented restore testing (so you actually know your data comes back when you need it), endpoint detection and response on every workstation and server, email advanced threat protection, MFA on every account, network segmentation between client-data systems and general business systems, and a documented incident-response runbook so the first four hours of an event are decisive rather than chaotic.
Portals: TLS in transit, encryption at rest, MFA on every login, audit logging on every document access. Backups: encrypted in transit and at rest, stored off-site with documented retention that meets your record-keeping obligations. Email: TLS in transit, advanced threat protection on inbound (tax preparers are heavily targeted by phishing — fake IRS notices, fake client urgency, fake bank notifications), encrypted-email enforcement for outbound messages containing sensitive PII. Every configuration is documented so it shows up on your WISP and your annual compliance review.
We're the technical first-responders. On suspected breach: contain the scope (isolate affected systems, preserve forensic evidence, change credentials), identify what client data was accessed and by whom, document the timeline, and provide the technical record your firm's compliance advisor and outside breach counsel need. We don't make the IRS, FTC, or state notification call — that's your compliance advisor and breach counsel — but we make sure they have what they need to make those calls correctly within the IRS Pub 4557 and state-law notification windows.
Yes. Generic phishing-simulation content (fake Microsoft password resets, fake DocuSign requests) catches some attacks but misses the tax-pro-specific ones: fake IRS notices, fake client urgency right before a filing deadline, fake bank transfer-request emails from a client, fake e-file rejection notices. We build phishing simulations around the scenarios your firm actually sees, document training records (so they're available for your annual compliance review), and report measurable improvement in your team's detection rate over time.
Many of our accounting clients have layered compliance obligations. A firm doing medical-billing work picks up HIPAA Business Associate obligations on any matter involving PHI. A firm preparing returns for a community bank picks up GLBA-adjacent expectations from the bank's vendor management program. A firm doing audit work for federal contractors may inherit DFARS-flavored expectations. We build the security program around the strictest applicable framework, then map it down to satisfy the others — so you're not stacking three contradictory compliance programs.
Most accounting-IT consultancies deliver a written assessment and an invoice, then leave you to find an MSP to actually implement and operate the controls. We're the operator — we do the IT and security work day-to-day, alongside whatever accounting-IT consultancy or compliance advisor your firm uses for IRS Pub 4557 and FTC Safeguards interpretation. Plus we're locally based in Arkansas with same-day on-site response across 10 counties, not a national consultancy billing $300+/hour out of a different time zone.
In one quick call you'll walk away with: (1) where your current IT is leaking time, money, or risk, (2) what a fix looks like for a firm your size, and (3) whether Mansour's is the right fit. Real Arkansas technician on the call — not a salesperson.
