{"id":5194,"date":"2026-01-20T09:45:37","date_gmt":"2026-01-20T14:45:37","guid":{"rendered":"https:\/\/verito.com\/blog\/?p=5194"},"modified":"2026-01-19T09:46:22","modified_gmt":"2026-01-19T14:46:22","slug":"managed-it-for-accounting-firms-it-guy-quits","status":"publish","type":"post","link":"https:\/\/verito.com\/blog\/managed-it-for-accounting-firms-it-guy-quits\/","title":{"rendered":"Managed IT For Accounting Firms: What Happens To Security, Uptime, And Compliance When Your IT Guy Quits"},"content":{"rendered":"\n<p>Your only IT person quits. No successor, limited documentation, and they are the only ones who really understands your tax software hosting, remote access, backups, and passwords.<\/p>\n\n\n\n<p>For most small businesses that is disruptive. For an accounting firm, it directly hits three areas that keep the firm alive:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Security: <\/strong>You hold Social Security numbers, bank details, payroll data, and full financial histories. If the person who managed admin access, MFA, patching, and monitoring leaves, you may not know who can reach what, which tools are still working, or whether alerts are being reviewed at all.<\/li>\n\n\n\n<li><strong>Uptime: <\/strong>Almost every billable task depends on stable systems: tax software, bookkeeping platforms, document management, portals, and remote desktops. When there is no clear owner for \u201ckeep this system running,\u201d small issues stack into outages and missed deadlines.<\/li>\n\n\n\n<li><strong>Compliance: IRS Publication 4557<\/strong>, the <strong>FTC Safeguards Rule<\/strong>, and your <strong>Written Information Security Plan (<a class=\"wpil_keyword_link\" href=\"http:\/\/verito.com\/written-information-security-plan\" target=\"_blank\"  rel=\"dofollow noopener\" title=\"WISP\" data-wpil-keyword-link=\"linked\"  data-wpil-monitor-id=\"1111\">WISP<\/a>)<\/strong> all assume someone is implementing and maintaining controls. If policies, risk assessments, and logs live in your IT person\u2019s inbox or head, their departure leaves you with tools but no proof and no clear owner.<\/li>\n<\/ul>\n\n\n\n<p>This article is written for partners and firm administrators in that situation, or close to it. You will get a clear picture of what actually breaks when your internal IT person walks out, a practical 24 to 72 hour checklist that focuses on security, uptime, and compliance, a comparison of your real options of either hiring another IT generalist, rely on a generic MSP, or move to managed IT built specifically for accounting firms, and finally, a realistic view of how a specialized managed IT partner can take over without repeating the same single point of failure.<\/p>\n\n\n\n<p>If your IT person has already resigned or you suspect they might, this is the time to baseline where you stand. If you are looking to conduct a focused cybersecurity and IT assessment, you can opt for <strong>Verito\u2019s free <\/strong><a href=\"https:\/\/verito.com\/security-assessment\" target=\"_blank\" rel=\"dofollow\" ><strong>IT security assessment<\/strong><\/a> to get an idea of where your internal systems stand and what can be done to further optimize them.<\/p>\n\n\n\n<div class=\"cnvs-block-toc cnvs-block-toc-1768833042335\" >\n\t<\/div>\n\n\n\n<div style=\"height:15px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-why-losing-an-it-person-hits-accounting-firms-hard\"><span id=\"why-losing-an-it-person-hits-accounting-firms-hard\"><strong>Why Losing an IT Person Hits Accounting Firms Hard<\/strong><\/span><\/h2>\n\n\n\n<p>Most small businesses feel the repercussions when IT fails. Accounting firms feel it faster and more severely because almost everything they do touches three sensitive areas at once:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Client financial and tax data<\/li>\n\n\n\n<li>Fixed, unforgiving deadlines<\/li>\n\n\n\n<li>Regulatory expectations around data security<\/li>\n<\/ul>\n\n\n\n<p>Day-to-day work depends on a tight set of systems: <strong>tax software<\/strong>, <strong>bookkeeping and GL<\/strong>, <strong>engagement and workpaper tools<\/strong>, portals, email, and <strong>remote access<\/strong>. If any of these stalls, billable work usually stops.<\/p>\n\n\n\n<p>You are also holding the kind of data attackers actively target: Social Security numbers, bank details, payroll, ownership structures, and client financials. From the IRS and FTC perspective, you are closer to a <strong>financial institution<\/strong> than a typical small business. That is why frameworks like <a href=\"https:\/\/support.taxslayerpro.com\/hc\/en-us\/articles\/360009305313-IRS-Publication-4557-Safeguarding-Taxpayer-Data\" target=\"_blank\" rel=\"nofollow\" ><strong>IRS Publication 4557<\/strong><\/a>, the FTC Safeguards Rule, and WISP requirements exist in the first place.<\/p>\n\n\n\n<p>In many firms with 5 to 50 staff, one internal IT person ends up quietly running most of this stack.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-what-level-of-firm-level-knowledge-your-it-person-actually-holds\"><span id=\"what-level-of-firm-level-knowledge-your-it-person-actually-holds\"><strong>What Level of Firm-level Knowledge Your IT Person Actually Holds<\/strong><\/span><\/h3>\n\n\n\n<p>On an organisation chart, the IT role may look simple: <strong>&#8220;manage servers and support IT-related requirements.&#8221;<\/strong> In reality, they also hold institutional knowledge the firm depends on.<\/p>\n\n\n\n<p>Here is a concise view of what your IT person actually holds:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th><strong>What your IT Person Holds<\/strong><\/th><th><strong>How it usually exists<\/strong><\/th><th><strong>What happens when they leave<\/strong><\/th><\/tr><\/thead><tbody><tr><td>Admin passwords<\/td><td>Personal password manager or private notes<\/td><td>No one can safely change configurations or cut off access<\/td><\/tr><tr><td>Email, domain, remote access<\/td><td>Old tickets, their memory, scattered screenshots<\/td><td>DNS, VPN, RDS changes become risky guesswork<\/td><\/tr><tr><td>Application knowledge and shortcuts<\/td><td>Hands-on knowledge, hallway conversations<\/td><td>Staff waste hours or create unsafe workarounds<\/td><\/tr><tr><td>Vendor relationships<\/td><td>Direct contact numbers and personal email threads<\/td><td>You are stuck in generic support queues during issues<\/td><\/tr><tr><td>Backup and DR assumptions<\/td><td>&#8220;IT will check it&#8221;<\/td><td>Partners cannot confirm if data is recoverable<\/td><\/tr><tr><td>Compliance evidence<\/td><td>Reports and exports on their laptop<\/td><td>You cannot easily prove what controls exist<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Add accounting specifics on top of this:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Which tax and accounting applications are hosted where<\/li>\n\n\n\n<li>How seasonal staff are onboarded and then removed<\/li>\n\n\n\n<li>Which legacy systems cannot be rebooted at 4 p.m. on a filing deadline<\/li>\n<\/ul>\n\n\n\n<p>If this information is not written down and owned by the firm, it walks out with the IT person.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-the-single-point-of-failure\"><span id=\"the-single-point-of-failure\"><strong>The Single Point of Failure<\/strong><\/span><\/h3>\n\n\n\n<p>The core issue is not that just another employee left the organisation. It is that your whole IT function depended on one human being.<\/p>\n\n\n\n<p>Typical patterns in accounting firms:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Every technical question flows to the same person, so nothing gets standardized or documented.<\/li>\n\n\n\n<li>Partners assume <em>&#8220;IT has it covered&#8221;<\/em> for backups, MFA, patching, logging, and compliance.<\/li>\n\n\n\n<li>No one else has enough context to challenge tradeoffs like skipping updates or deferring hardware refreshes.<\/li>\n<\/ul>\n\n\n\n<p><strong>The result:<\/strong> On a good day, the environment feels stable, but it has low resilience. If the IT person quits, takes leave, or simply disengages, your risk across security, uptime, and compliance jumps at once.<\/p>\n\n\n\n<p>The goal is not to swap one name for another in the same fragile model. It is to <strong>remove the single point of failure completely<\/strong> and treat IT as a <strong>managed function with shared knowledge<\/strong>, documented processes, and coverage that does not depend on one employee.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-immediate-risk-to-security-when-your-it-person-quits\"><span id=\"immediate-risk-to-security-when-your-it-person-quits\"><strong>Immediate Risk to Security When Your IT Person Quits<\/strong><\/span><\/h2>\n\n\n\n<p>When the employee who runs your IT and security leaves, you should assume control gaps, not brush past the void and expect smooth continuity. In most firms, the IT person owns:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Admin rights in Microsoft 365 or Google Workspace<\/li>\n\n\n\n<li>MFA setup and reset<\/li>\n\n\n\n<li>Antivirus or EDR, patching, and firewall rules<\/li>\n<\/ul>\n\n\n\n<p>This combination creates attractive conditions for attackers. Recent data points are blunt:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Stolen or weak passwords are involved in a large share of breaches, with <strong>credentials still one of the top initial access methods<\/strong> reported in the Verizon Data Breach Investigations Report.<\/li>\n\n\n\n<li><a href=\"https:\/\/www.ibm.com\/reports\/data-breach\" target=\"_blank\" rel=\"nofollow\" ><strong>IBM\u2019s Cost of a Data Breach reports<\/strong><\/a> consistently put average <strong>breach costs in the millions of dollars<\/strong>, with higher averages in the United States and for regulated sectors like financial services.<\/li>\n<\/ul>\n\n\n\n<p>You cannot control global trends, but you do control how exposed your firm is while IT ownership is in flux. Treat the resignation as a trigger for a <strong>short, focused security review<\/strong>, not just an exit interview.<\/p>\n\n\n\n<p><strong>In practical terms:<\/strong> Assume access and monitoring are untrusted until you validate them.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-the-access-control-problem\"><span id=\"the-access-control-problem\"><strong>The Access Control Problem<\/strong><\/span><\/h3>\n\n\n\n<p>The fastest way firms get hurt after an IT departure is <strong>poor access control<\/strong>. Many accounting firms still rely on a <strong>patchwork of shared admin logins<\/strong> and accounts tied to the IT person\u2019s email.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th><strong>Area<\/strong><\/th><th><strong>Typical reality when IT leaves<\/strong><\/th><th><strong>Risk<\/strong><\/th><th><strong>Minimum action in first week<\/strong><\/th><\/tr><\/thead><tbody><tr><td><strong>Email and identity<\/strong><\/td><td>One or two global admins, often just IT<\/td><td>Cannot lock or reset accounts quickly<\/td><td>Add a partner as global admin, rotate admin creds<\/td><\/tr><tr><td><strong>Tax and accounting apps<\/strong><\/td><td>Admin tied to IT person\u2019s email or shared login<\/td><td>Blocked from changing users or permissions<\/td><td>Move admin to shared firm email, change passwords<\/td><\/tr><tr><td><strong>Remote access (VPN, RDS)<\/strong><\/td><td>Old configs, limited documentation<\/td><td>Hard to cut off ex-staff or spot suspicious use<\/td><td>Review users, disable stale accounts, enable MFA<\/td><\/tr><tr><td><strong>Servers, firewalls, switches<\/strong><\/td><td>Credentials in IT\u2019s password vault or personal notes<\/td><td>No safe way to change configs or respond to issues<\/td><td>Centralize in-firm-owned password manager<\/td><\/tr><tr><td><strong>Third-party vendors<\/strong><\/td><td>Invoices and alerts go only to IT<\/td><td>Missed security notices, unpaid renewals<\/td><td>Add finance and a partner as contacts for each vendor<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>If you cannot answer <em>\u201cwho has admin rights and how do we change them today\u201d<\/em> for email, remote access, and tax systems, you have an immediate security problem.<\/p>\n\n\n\n<p>In the first 24 to 72 hours:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Identify all admin accounts in <a href=\"https:\/\/verito.com\/office-365-hosting\" target=\"_blank\" rel=\"dofollow\" ><strong>Microsoft 365<\/strong><\/a> or Google Workspace and remote access platforms.<\/li>\n\n\n\n<li>Ensure at least one partner has working global admin access and MFA.<\/li>\n\n\n\n<li>Rotate credentials and MFA tokens that were controlled solely by the departing IT person.<\/li>\n\n\n\n<li>Move critical accounts away from personal email addresses to shared addresses like <em>it@firmname<\/em>.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-gaps-in-cybersecurity-controls\"><span id=\"gaps-in-cybersecurity-controls\"><strong>Gaps in Cybersecurity Controls<\/strong><\/span><\/h3>\n\n\n\n<p>Even if passwords are under control, many firm-level protections depend on someone actively watching them. When that person disappears, tools keep running until they fail silently.<\/p>\n\n\n\n<p>Typical weak points:<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-1-endpoint-protection\"><span id=\"1-endpoint-protection\">1. <strong>Endpoint protection<\/strong><\/span><\/h4>\n\n\n\n<ul class=\"wp-block-list\"><\/ul>\n\n\n\n<p>Agents fall behind on updates, or remote staff devices have not checked in for months. No one is reviewing central dashboards.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-2-patching\"><span id=\"2-patching\">2. <strong>Patching<\/strong><\/span><\/h4>\n\n\n\n<ul class=\"wp-block-list\"><\/ul>\n\n\n\n<p>Servers, remote desktop hosts, and workstations stop receiving regular security updates because patching was never fully automated or governed.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-3-email-and-phishing-protection\"><span id=\"3-email-and-phishing-protection\">3. <strong>Email and phishing protection<\/strong><\/span><\/h4>\n\n\n\n<ul class=\"wp-block-list\"><\/ul>\n\n\n\n<p>Filtering rules are not tuned to avoid phishing emails leading to targeted phishing at partners.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-4-backups\"><span id=\"4-backups\">4. <strong>Backups<\/strong><\/span><\/h4>\n\n\n\n<ul class=\"wp-block-list\"><\/ul>\n\n\n\n<p><a href=\"http:\/\/verito.com\/managed-backup-services\" target=\"_blank\" rel=\"dofollow\" >Backup jobs still run<\/a>, but no one checks success reports or performs restore tests. Failures can go unnoticed for weeks.<\/p>\n\n\n\n<p>The impact for a CPA firm is straightforward:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Higher probability of a successful <strong>ransomware<\/strong> or <strong>business email compromise attack<\/strong><\/li>\n\n\n\n<li><strong>Longer outages<\/strong> if a core server or hosted environment fails<\/li>\n\n\n\n<li>Weak footing with cyber insurers or regulators if you cannot show <strong>basic security hygiene<\/strong><\/li>\n<\/ul>\n\n\n\n<p>Your short-term objective is not to rebuild your entire security program. It is to make sure someone is actually on the hook for:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Reviewing security alerts and backup status daily<\/li>\n\n\n\n<li>Ensuring all computers and systems have working protection<\/li>\n\n\n\n<li>Coordinating patching and maintenance windows around busy season<\/li>\n<\/ul>\n\n\n\n<p>If you do not have that capability internally, this is where an interim engagement with a <a href=\"https:\/\/verito.com\/blog\/smart-it-management-what-top-tax-accounting-firms-do-differently\/\" target=\"_blank\" rel=\"dofollow\" ><strong>managed IT provider<\/strong><\/a><strong> for <\/strong><a href=\"http:\/\/verito.com\/it-support-for-accounting-firms\" target=\"_blank\" rel=\"dofollow\" ><strong>accounting firms<\/strong><\/a> can pay-off quickly. They can validate that controls are running, patch obvious holes, and provide insightful reporting to partners while you decide on a long-term model.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-operational-risk-impact-on-uptime-and-productivity-after-your-it-person-walks-out\"><span id=\"operational-risk-impact-on-uptime-and-productivity-after-your-it-person-walks-out\"><strong>Operational Risk: Impact on Uptime and Productivity After Your IT Person Walks Out<\/strong><\/span><\/h2>\n\n\n\n<p>When your IT person leaves, all the day-to-day IT maintenance work does not stop. It just stops having an owner.<\/p>\n\n\n\n<p>In a typical firm, core activities look like this:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th><strong>Firm activity<\/strong><\/th><th><strong>What systems must be active<\/strong><\/th><th><strong>Who used to own it<\/strong><\/th><\/tr><\/thead><tbody><tr><td>Preparing and filing returns<\/td><td><a href=\"http:\/\/tax-software-hosting\" target=\"_blank\" rel=\"nofollow\" >Tax software<\/a>, e filing, portals, email<\/td><td>Internal IT person<\/td><\/tr><tr><td>Client bookkeeping and write-up<\/td><td><a href=\"http:\/\/verito.com\/quickbooks-hosting\" target=\"_blank\" rel=\"dofollow\" >QuickBooks or similar<\/a>, bank feeds, file storage<\/td><td>Internal IT person<\/td><\/tr><tr><td>Audit, review, and compilation work<\/td><td>Workpaper systems, file servers, RDS<\/td><td>Internal IT person<\/td><\/tr><tr><td>Remote and hybrid work<\/td><td>VPN or RDS, cloud hosting, MFA<\/td><td>Internal IT person<\/td><\/tr><tr><td>Client communication and delivery<\/td><td>Email, DMS, e signature tools<\/td><td>Internal IT person<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Remove the last column and you have queues of issues with no clear escalation path. That shows up as:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Slower response to outages or performance issues<\/li>\n\n\n\n<li>Staff repeatedly retrying broken workflows instead of escalating<\/li>\n\n\n\n<li>Maintenance and upgrades postponed because no one wants to touch fragile systems<\/li>\n<\/ul>\n\n\n\n<p>The environment might keep running, but it becomes brittle. The first serious incident exposes that brittleness and can have a severe impact on your firm\u2019s productivity, efficiency, and reputation.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-the-real-cost-of-downtime-for-cpa-firms\"><span id=\"the-real-cost-of-downtime-for-cpa-firms\"><strong>The Real Cost of Downtime For CPA Firms<\/strong><\/span><\/h3>\n\n\n\n<p><a href=\"https:\/\/verito.com\/blog\/what-is-server-downtime-and-how-you-can-prevent-it\/\" target=\"_blank\" rel=\"dofollow\" ><strong>Downtime<\/strong><\/a> is not just an inconvenience. For firms that bill by the hour against hard deadlines, it is direct financial loss.<\/p>\n\n\n\n<p><strong>ITIC\u2019s 2024 Hourly Cost of Downtime survey<\/strong> found that over <strong>90 percent of organisations<\/strong>, including small and mid-size businesses up to 200 employees, estimate <strong>downtime at more than 300,000 dollars per hour<\/strong>, with many putting it closer to <strong>1 million dollars per hour<\/strong>.<\/p>\n\n\n\n<p>For micro SMBs with fewer than 25 employees and a single server, ITIC notes that even a conservative estimate can still be around <strong>100,000 dollars per hour<\/strong> when you include lost productivity and opportunities.<\/p>\n\n\n\n<p>Accounting firms sit squarely in that risk profile:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Work is deadline-driven<\/strong>, so you cannot easily move it to another day<\/li>\n\n\n\n<li>Staff often work extended hours during tax season, so evening and weekend outages are still expensive<\/li>\n\n\n\n<li>Missed filings bring penalties, interest, and tough conversations with clients<\/li>\n<\/ul>\n\n\n\n<p>A simple example:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>15 billable staff at an average of 150 dollars per hour<\/li>\n\n\n\n<li>A three hour outage of remote desktops hosting tax software during March<\/li>\n<\/ul>\n\n\n\n<p>Direct lost billable time alone is 15 x 150 x 3 = 6,750 dollars. That ignores catch up time, overtime, and any write offs partners take to preserve client relationships. A few such incidents in a season can quietly erase a significant share of partner profit.<\/p>\n\n\n\n<p>This is why downtime should be treated as a financial and client service risk, not just an IT metric.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-when-staff-start-bypassing-controls-to-get-work-done\"><span id=\"when-staff-start-bypassing-controls-to-get-work-done\"><strong>When Staff Start Bypassing Controls to Get Work Done<\/strong><\/span><\/h3>\n\n\n\n<p>Once uptime becomes unreliable and there is no clear IT owner, staff will do whatever it takes to move work. That often means bypassing the very controls partners think are protecting the firm.<\/p>\n\n\n\n<p>Common behavior in firms without stable IT support:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Saving client documents to personal laptops or consumer cloud storage because the DMS or portal is slow<\/li>\n\n\n\n<li>Emailing returns or financial statements unencrypted because the secure system is down<\/li>\n\n\n\n<li>Sharing logins to bottleneck systems so several people can work at once<\/li>\n\n\n\n<li>Disabling antivirus, VPN clients, or other security tools that appear to slow machines<\/li>\n<\/ul>\n\n\n\n<p>Each of these choices may feel reasonable at the moment, especially under deadline pressure. Collectively, they:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Spread sensitive data<\/strong> across devices and services the firm does not control<br><\/li>\n\n\n\n<li>Break the link between user accounts and individuals, which undermines <strong>audit trails<\/strong><\/li>\n\n\n\n<li>Directly contradict <a href=\"https:\/\/verito.com\/blog\/what-is-a-wisp\/\" target=\"_blank\" rel=\"dofollow\" ><strong>WISP norms<\/strong><\/a>, IRS Publication 4557 expectations, and what you told your <strong>cyber insurer<\/strong><\/li>\n<\/ul>\n\n\n\n<p>This is why <strong>uptime and security are tightly connected<\/strong>. If systems are not usable, <strong>security controls<\/strong> will be worked around. When your IT person quits and nobody is responsible for both performance and protection, the risk of that drift increases.<\/p>\n\n\n\n<p>A <strong>managed IT model<\/strong> that understands accounting firms treats uptime, user experience, and security as one problem. <strong>The mandate is simple:<\/strong> Keep systems fast and available so that staff do not feel forced to create their own shortcuts.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-compliance-risk-irs-4557-ftc-safeguards-and-your-wisp-after-your-it-person-leaves\"><span id=\"compliance-risk-irs-4557-ftc-safeguards-and-your-wisp-after-your-it-person-leaves\"><strong>Compliance Risk: IRS 4557, FTC Safeguards, and Your WISP After Your IT person Leaves<\/strong><\/span><\/h2>\n\n\n\n<p>Most firms think of compliance as <strong>policies and paperwork<\/strong>. Regulators DO NOT. They expect working controls plus proof, and your IT person is usually the one translating policy into real settings.<\/p>\n\n\n\n<p>At a high level, your firm is subject to these three compliance norms:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th><strong>Framework \/ document<\/strong><\/th><th><strong>Who it hits in practice<\/strong><\/th><th><strong>What it expects in plain language<\/strong><\/th><\/tr><\/thead><tbody><tr><td><strong>IRS Publication 4557<\/strong><\/td><td>Anyone preparing tax returns<\/td><td>Have and follow a data security plan that protects taxpayer data, including tech controls, training, and incident response.<\/td><\/tr><tr><td><strong>FTC Safeguards Rule<\/strong><\/td><td>Non-bank financial institutions, including many CPA and tax firms<\/td><td>Maintain a <strong>written security program<\/strong> with admin, technical, and physical safeguards, plus risk assessments and vendor oversight.<\/td><\/tr><tr><td><strong>WISP<\/strong><\/td><td>All tax pros handling taxpayer data<\/td><td>A written, implemented, and maintained information security plan, not a one time document.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Recent IRS and Security Summit messages are explicit: a <strong>WISP is a federal mandate<\/strong> for tax professionals, not an optional best practice.<\/p>\n\n\n\n<p>The amended Safeguards Rule now adds breach notification duties. As of May 2024, covered firms must notify the FTC when certain breaches affecting 500 or more individuals occur.<\/p>\n\n\n\n<p>Someone has to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Keep the WISP and <a href=\"https:\/\/verito.com\/blog\/risk-management-for-accountants\/\" target=\"_blank\" rel=\"dofollow\" ><strong>risk assessments<\/strong><\/a> current<\/li>\n\n\n\n<li>Collect basic evidence that controls are actually running<\/li>\n\n\n\n<li>Turn these requirements into practice through MFA, backups, logging, and vendor checks<\/li>\n<\/ul>\n\n\n\n<p>In many firms, that \u201csomeone\u201d is the internal IT person. When they leave, the program is often still on paper, but the operator is gone.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-who-owns-your-wisp-and-evidence-once-the-it-guy-quits\"><span id=\"who-owns-your-wisp-and-evidence-once-the-it-guy-quits\"><strong>Who Owns Your WISP and Evidence Once The IT Guy Quits<\/strong><\/span><\/h3>\n\n\n\n<p>Even firms with decent documentation tend to centralize the details in IT. If and when the IT person quits, three things commonly go missing at once: the latest WISP, a recent risk assessment, and day-to-day evidence of compliance.<\/p>\n\n\n\n<p>You can see the fragility if you map where key items usually live.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th><strong>Item<\/strong><\/th><th><strong>Where it often lives today<\/strong><\/th><th><strong>Problem when IT leaves<\/strong><\/th><\/tr><\/thead><tbody><tr><td>WISP file<\/td><td>IT laptop or a poorly labeled shared folder<\/td><td>No one is sure what version is current<\/td><\/tr><tr><td>Risk assessment<\/td><td>Spreadsheet or PDF in an IT folder<\/td><td>Partners cannot describe current risks or priorities<\/td><\/tr><tr><td>Backup and patch reports<\/td><td>RMM console, scripts, email alerts<\/td><td>No independent proof systems are protected<\/td><\/tr><tr><td>User and admin access records<\/td><td>AD exports, old lists, IT\u2019s own notes<\/td><td>No clean view of who has access to what<\/td><\/tr><tr><td>Vendor security questionnaires<\/td><td>PDF attachments and email chains in IT mailbox<\/td><td>Hard to show you did basic third-party due diligence<\/td><\/tr><tr><td>Incident history<\/td><td>Tickets and ad hoc emails<\/td><td>No consistent record of past issues and lessons learned<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Regulators and insurers care about two questions:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Are reasonable controls in place?<\/li>\n\n\n\n<li>Can you prove it over time?<\/li>\n<\/ol>\n\n\n\n<p>If the honest answer today is \u201cIT handled that\u201d and IT is gone, your compliance story is weak even if your tools are decent.<\/p>\n\n\n\n<p>A quick check for partners:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Can you locate your current WISP without asking the former IT person?<\/li>\n\n\n\n<li>Can you show a risk assessment or similar review from the last 12 months?<\/li>\n\n\n\n<li>Can you produce basic logs or reports for backups, patching, and access reviews?<\/li>\n<\/ul>\n\n\n\n<p>If any of those are \u201cno\u201d or \u201cnot sure,\u201d your compliance risk shoots up the day your IT person resigns.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-why-not-meeting-compliance-norms-hurts-in-the-real-world\"><span id=\"why-not-meeting-compliance-norms-hurts-in-the-real-world\"><strong>Why Not Meeting Compliance Norms Hurts in The Real World<\/strong><\/span><\/h3>\n\n\n\n<p>Accounting firms that don\u2019t meet compliance norms have consequences with three core stakeholders:<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-1-irs-and-regulators\"><span id=\"1-irs-and-regulators\">1. <strong>IRS and regulators<\/strong><\/span><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Publication 4557 and recent IRS releases state clearly that <strong>tax professionals must have and maintain a WISP<\/strong>.<\/li>\n\n\n\n<li>PTIN renewal asks you to attest that you have an <strong>adequate data security plan<\/strong>. That is hard to justify if you cannot even find it.<\/li>\n\n\n\n<li>Under the updated <a href=\"https:\/\/verito.com\/ftc-safeguards-rule\" target=\"_blank\" rel=\"dofollow\" ><strong>FTC Safeguards Rule<\/strong><\/a>, certain breaches must be reported to the FTC, which will naturally look at whether you ran a reasonable security program.<br><\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-2-cyber-insurance\"><span id=\"2-cyber-insurance\">2. <strong>Cyber insurance<\/strong><\/span><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Applications and renewals ask about MFA, backups, WISP, and incident response. If previous answers depended on your IT person\u2019s assurances and you cannot now produce evidence, claims and renewals become more fragile.<\/li>\n\n\n\n<li>After an incident, insurers will expect you to show that the controls you claimed were actually in place.<br><\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-3-clients-and-larger-counterparties\"><span id=\"3-clients-and-larger-counterparties\">3. <strong>Clients and larger counterparties<\/strong><\/span><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Mid-sized businesses, banks, and PE-backed clients have started to treat CPA firms as vendors <strong>subject to security questionnaires<\/strong>. They will ask who owns your <strong>information security program<\/strong> and will expect to see a WISP and high-level controls in place.<\/li>\n\n\n\n<li><em>\u201cOur IT guy used to handle that, but he left\u201d<\/em> is not a credible answer when you are asking them to send you their most sensitive financial data.<\/li>\n<\/ul>\n\n\n\n<ol class=\"wp-block-list\"><\/ol>\n\n\n\n<p>The point is not that one resignation makes you automatically non-compliant. It is that your ability to prove and maintain compliance can disappear overnight if it was concentrated with one person.<\/p>\n\n\n\n<p>A more mature model, usually through <strong>managed IT for accounting firms<\/strong>, spreads that knowledge and responsibility across:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A dedicated contact for security and compliance operations<\/li>\n\n\n\n<li>Repeatable processes for WISP maintenance, risk assessments, and evidence collection<\/li>\n\n\n\n<li>Regular reporting to partners in plain language, tied directly to IRS 4557 and Safeguards expectations<\/li>\n<\/ul>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-first-24-to-72-hours-an-emergency-checklist-for-accounting-firms\"><span id=\"first-24-to-72-hours-an-emergency-checklist-for-accounting-firms\"><strong>First 24 to 72 hours: An Emergency Checklist For Accounting Firms<\/strong><\/span><\/h2>\n\n\n\n<p>When your IT person quits, you are not trying to redesign your whole environment in three days. You are trying to stop anything critical from breaking or leaking while you figure out your long term IT management plan.<\/p>\n\n\n\n<p>Think in five moves.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-1-stabilize-access-and-ownership\"><span id=\"1-stabilize-access-and-ownership\"><strong>1. Stabilize Access and Ownership<\/strong><\/span><\/h3>\n\n\n\n<p><strong>Objective:<\/strong> Make sure the firm, not a former employee, controls the keys.<\/p>\n\n\n\n<p><strong>Priorities:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Email and identity (Microsoft 365 or Google Workspace)<\/strong><strong><br><\/strong>\n<ul class=\"wp-block-list\">\n<li>List all global admins.<\/li>\n\n\n\n<li>Add at least one partner-level admin account with MFA.<\/li>\n\n\n\n<li>Change passwords and MFA on any admin accounts that were controlled by the IT person.<br><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Domains and DNS<\/strong><strong><br><\/strong>\n<ul class=\"wp-block-list\">\n<li>Confirm who can log in to the domain registrar.<\/li>\n\n\n\n<li>Ensure at least one partner or owner has credentials and MFA.<br><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Core tax and accounting systems<\/strong><strong><br><\/strong>\n<ul class=\"wp-block-list\">\n<li>Identify the primary admin for <a href=\"https:\/\/verito.com\/blog\/tax-software-hosting-solutions-boost-efficiency\/\" target=\"_blank\" rel=\"dofollow\" ><strong>tax software<\/strong><\/a>, GL, payroll, DMS and portals.<\/li>\n\n\n\n<li>Move ownership from personal mailboxes to shared addresses (for example <em>it@firmname<\/em>, <em>ops@firmname<\/em>).<br><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Vendors and hosting<\/strong><strong><br><\/strong>\n<ul class=\"wp-block-list\">\n<li>List key vendors: hosting provider, backup vendor, internet provider, firewall or RDS provider, major SaaS.<\/li>\n\n\n\n<li>Add finance and a partner as named contacts on each account.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p>You do not need a perfect IAM strategy in 72 hours. That said, you do need to know who can change what, today.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-2-inventory-systems-and-critical-dependencies\"><span id=\"2-inventory-systems-and-critical-dependencies\"><strong>2. Inventory Systems and Critical Dependencies<\/strong><\/span><\/h3>\n\n\n\n<p><strong>Objective:<\/strong> Know what software and systems you are actually running and what depends on it.<\/p>\n\n\n\n<p>Use a simple table like this and fill it quickly:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th><strong>System or service<\/strong><\/th><th><strong>Purpose<\/strong><\/th><th><strong>Where it runs<\/strong><\/th><th><strong>Who uses it most<\/strong><\/th><\/tr><\/thead><tbody><tr><td>Tax software A<\/td><td>Individual and entity returns<\/td><td>Hosted \/ RDS \/ on premises<\/td><td>Tax team<\/td><\/tr><tr><td>Tax software B<\/td><td>Business or state returns<\/td><td>Hosted \/ RDS \/ on premises<\/td><td>Tax team<\/td><\/tr><tr><td>GL \/ bookkeeping<\/td><td>Write-up and client accounting<\/td><td>Cloud \/ server<\/td><td>CAS \/ bookkeeping team<\/td><\/tr><tr><td>DMS or file storage<\/td><td>Client documents and workpapers<\/td><td>File server \/ cloud DMS<\/td><td>All staff<\/td><\/tr><tr><td>Remote access<\/td><td>Staff access to apps and files<\/td><td>VPN \/ RDS \/ cloud desktops<\/td><td>All remote and hybrid staff<\/td><\/tr><tr><td>Backup solution<\/td><td><a href=\"https:\/\/verito.com\/blog\/secure-cloud-hosting-for-accountants\/\" target=\"_blank\" rel=\"dofollow\" ><strong>Protects servers<\/strong><\/a> and key datasets<\/td><td>Local appliance \/ cloud<\/td><td>Entire firm<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Then:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Add legacy servers and any &#8220;mystery boxes&#8221; the IT person mentioned.<\/li>\n\n\n\n<li>Note any single vendor where only IT had the relationship.<\/li>\n<\/ul>\n\n\n\n<p>This is your starting point for any managed IT or interim support. Without it, every incident becomes detective work.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-3-lock-down-immediate-security-risks\"><span id=\"3-lock-down-immediate-security-risks\"><strong>3. Lock Down Immediate Security Risks<\/strong><\/span><\/h3>\n\n\n\n<p><strong>Objective:<\/strong> Close the easiest and most dangerous holes in your data security apparatus.<\/p>\n\n\n\n<p>Focus on four items:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>MFA coverage<\/strong>\n<ul class=\"wp-block-list\">\n<li>Confirm MFA is on for:\n<ul class=\"wp-block-list\">\n<li>Email and global admin accounts<\/li>\n\n\n\n<li>Remote access (VPN, RDS, cloud desktops)<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>If it is missing anywhere public-facing, fix that first.<br><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Endpoint and server protection<\/strong>\n<ul class=\"wp-block-list\">\n<li>Verify that firm-owned laptops, desktops, and servers have active <a href=\"https:\/\/verito.com\/blog\/ai-malware-accountants-kryptonite\/\" target=\"_blank\" rel=\"dofollow\" ><strong>antivirus<\/strong><\/a> or EDR.<\/li>\n\n\n\n<li>Look for computers that have not checked in to the console recently. Treat them as blind spots.<br><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Backups and restores<\/strong>\n<ul class=\"wp-block-list\">\n<li>Identify what is being backed up, where, and how often.<\/li>\n\n\n\n<li>Confirm there is at least one recent backup for:\n<ul class=\"wp-block-list\">\n<li>Tax servers or hosted data<\/li>\n\n\n\n<li>File storage or DMS<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Perform a small test restore. Do not assume the job &#8220;running&#8221; means data is recoverable.<br><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Account cleanup<\/strong><strong><br><\/strong>\n<ul class=\"wp-block-list\">\n<li>In email, remote access, and core apps:\n<ul class=\"wp-block-list\">\n<li>Disable former staff accounts that were never removed.<\/li>\n\n\n\n<li>Remove obvious tests or shared accounts that no one can justify.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<p>None of this is optional in an accounting firm. Until it is done, your risk window stays wide open.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-4-document-what-you-know\"><span id=\"4-document-what-you-know\"><strong>4. Document What You Know<\/strong><\/span><\/h3>\n\n\n\n<p><strong>Objective:<\/strong> Turn passive and verbatim knowledge into a usable handover document.<\/p>\n\n\n\n<p>Create a single document or spreadsheet with, at minimum, for each key system:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>System name<\/li>\n\n\n\n<li>Business owner (person, not &#8220;IT&#8221;)<\/li>\n\n\n\n<li>Where it runs and who the vendor is<\/li>\n\n\n\n<li>How users log in (local accounts, AD, SSO, MFA)<\/li>\n\n\n\n<li>How it is backed up<\/li>\n\n\n\n<li>Who to call when it breaks<\/li>\n<\/ul>\n\n\n\n<p>If the departing IT person is still available, use a structured one-hour handover process to fill gaps:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ask for any network diagram, password manager export into a firm-owned vault, vendor list, and a quick &#8220;top 5 concerns&#8221; list.<\/li>\n\n\n\n<li>Ask which systems they considered most fragile or overdue for upgrade.<\/li>\n\n\n\n<li>Ask where security alerts currently go and which ones they watched most closely.<\/li>\n<\/ul>\n\n\n\n<p>You will not get everything. You do not need everything. You need enough information that can help a new internal hire or <strong>managed IT provider<\/strong> not start from the beginning.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-5-decide-on-an-interim-support-provider\"><span id=\"5-decide-on-an-interim-support-provider\"><strong>5. Decide on an Interim Support Provider<\/strong><\/span><\/h3>\n\n\n\n<p><strong>Objective:<\/strong> Ensure someone competent is accountable for IT while you choose a long-term model.<\/p>\n\n\n\n<p>Realistic options:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Internal coordinator<\/strong>\n<ul class=\"wp-block-list\">\n<li>Appoint a tech-savvy staff member as the single point of contact.<\/li>\n\n\n\n<li>Their job is coordination: logging issues, talking to vendors, following checklists.<\/li>\n\n\n\n<li>Do not expect them to design security or rebuild infrastructure.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Short term outside help<\/strong>\n<ul class=\"wp-block-list\">\n<li>Bring in a local IT firm or independent consultant for 30 to 90 days.<\/li>\n\n\n\n<li>Ask them specifically to:\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/verito.com\/blog\/cpa-backups-3-2-1-1-0-method\/\" target=\"_blank\" rel=\"dofollow\" ><strong>Validate backups<\/strong><\/a> and MFA<\/li>\n\n\n\n<li>Review health of critical servers and RDS<\/li>\n\n\n\n<li>Help finish your basic documentation process<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Accelerated move to managed IT<\/strong>\n<ul class=\"wp-block-list\">\n<li>If you are not eager to continue the one-person model, start a <a href=\"http:\/\/verito.com\/managed-it-onboarding\" target=\"_blank\" rel=\"dofollow\" >structured assessment <\/a>with a managed IT provider for accounting firms.<\/li>\n\n\n\n<li>Ask for a clear onboarding plan that covers:\n<ul class=\"wp-block-list\">\n<li>Taking over monitoring and backups<\/li>\n\n\n\n<li>Standardizing access and MFA<\/li>\n\n\n\n<li>Comparing your current environment to IRS 4557 and Safeguards expectations<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p>Once this is in place, you have bought time to weigh out your long-term options. The next question is what model replaces the one that just failed. That is where the choice between another internal IT hire, a generic MSP, and reliable managed IT providers for accounting firms comes into play.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-side-by-side-comparison-internal-it-vs-generic-msp-vs-managed-it\"><span id=\"side-by-side-comparison-internal-it-vs-generic-msp-vs-managed-it\"><strong>Side-by-side Comparison: Internal IT vs. Generic MSP vs. Managed IT<\/strong><\/span><\/h2>\n\n\n\n<p>We have already touched upon the risks of relying on a single or a small team of in-house IT professionals and how their exit from the firm can impact your IT infrastructure. To further exemplify the advantages of moving to a managed IT partner, here is a comparison between managing IT in-house, opting for a generic MSP, and handing over these responsibilities to a managed IT partner:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th><strong>Option<\/strong><\/th><th><strong>Main strengths<\/strong><\/th><th><strong>Main limitations for CPA firms<\/strong><\/th><th><strong>Best fit when<\/strong><\/th><\/tr><\/thead><tbody><tr><td><strong>Hire internal IT person<\/strong><\/td><td>Culture fit, on-site help, deep firm-level context<\/td><td>Single point of failure, limited skills, weak off-hours cover<\/td><td>Very small firms with simple environments<\/td><\/tr><tr><td><strong>Generic MSP<\/strong><\/td><td>Larger team, predictable pricing<\/td><td>Limited tax app knowledge, generic compliance, weak alignment in the busy season<\/td><td>Firms that can handle compliance and tax season planning internally<\/td><\/tr><tr><td><strong>Managed IT for accounting firms<\/strong><\/td><td>Industry-fluent support, <a href=\"https:\/\/verito.com\/security-best-practices\" target=\"_blank\" rel=\"dofollow\" ><strong>security and compliance<\/strong><\/a> built-in, no single point of failure<\/td><td>Requires structured onboarding and mindset shift about IT ownership<\/td><td>Firms that see IT as regulated infrastructure tied to revenue and risk<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p><strong>The key question for partners is blunt:<\/strong><\/p>\n\n\n\n<p>Do you want to rebuild the same fragile model that failed when your IT person quit, or use this as the point where IT becomes a <strong>documented, managed function<\/strong> that survives through staff changes.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-how-a-managed-it-partner-takes-over-after-your-it-person-quits\"><span id=\"how-a-managed-it-partner-takes-over-after-your-it-person-quits\"><strong>How a Managed IT Partner Takes Over After Your IT Person Quits<\/strong><\/span><\/h2>\n\n\n\n<p>A good managed IT provider should not just<em> \u201cadd a help desk.\u201d<\/em> They should replace a person-dependent setup with a system: clear phases, ownership, and documentation.<\/p>\n\n\n\n<p>You can think of handing IT to a managed partner in four steps.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th><strong>Phase<\/strong><\/th><th><strong>Main goal<\/strong><\/th><th><strong>What you should see in the firm<\/strong><\/th><\/tr><\/thead><tbody><tr><td><strong>Assessment<\/strong><\/td><td>See what the IT person left behind<\/td><td>No more black boxes or mystery servers<\/td><\/tr><tr><td><strong>Stabilization<\/strong><\/td><td>Lock down security and uptime<\/td><td>Fewer surprises, known response paths<\/td><\/tr><tr><td><strong>Compliance<\/strong><\/td><td>Align controls with IRS and FTC rules<\/td><td>WISP and evidence that match reality<\/td><\/tr><tr><td><strong>Ongoing management<\/strong><\/td><td>Deliver IT as a repeatable function<\/td><td>No single point of failure, predictable support<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-1-assessment-discovering-what-you-actually-have\"><span id=\"1-assessment-discovering-what-you-actually-have\"><strong>1. Assessment: Discovering What You Actually Have<\/strong><\/span><\/h3>\n\n\n\n<p>The provider starts by validating, not guessing.<\/p>\n\n\n\n<p><strong>Typical work in this phase:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Scan and map servers, workstations, remote desktop hosts, cloud services, and network devices<\/li>\n\n\n\n<li>Review how staff connect: VPN, RDS, cloud desktops, direct SaaS access<\/li>\n\n\n\n<li>Check identity and access: Microsoft 365 or Google admin, MFA coverage, admin accounts in key apps<\/li>\n\n\n\n<li>Confirm where tax, accounting, and DMS data physically lives and how it is protected<\/li>\n<\/ul>\n\n\n\n<p><strong>Output should be a short, written baseline that covers:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Systems and applications list<\/li>\n\n\n\n<li>Identity and access picture<\/li>\n\n\n\n<li>First-pass risk summary across security, uptime, and compliance<\/li>\n<\/ul>\n\n\n\n<p>Partners should get a direct briefing, not a technical dump.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-2-stabilization-securing-and-stabilizing-the-environment\"><span id=\"2-stabilization-securing-and-stabilizing-the-environment\"><strong>2. Stabilization: Securing and Stabilizing The Environment<\/strong><\/span><\/h3>\n\n\n\n<p>Once the environment is visible, the provider focuses on gradual and structured stabilization of the IT infrastructure that matters most for an accounting firm.<\/p>\n\n\n\n<p><strong>Security stabilization usually includes:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Centralizing<\/strong> <a href=\"https:\/\/verito.com\/blog\/online-cybersecurity-essentials-multi-location-accounting-firms\/\" target=\"_blank\" rel=\"dofollow\" ><strong>endpoint protection<\/strong><\/a> with a managed console<\/li>\n\n\n\n<li>Enforcing MFA on email, remote access, and administrator accounts<\/li>\n\n\n\n<li>Cleaning up user lists and <strong>removing stale or orphaned accounts<\/strong><\/li>\n\n\n\n<li><strong>Setting a<\/strong> <strong>basic patching schedule for servers<\/strong> and endpoints with agreed maintenance windows<\/li>\n<\/ul>\n\n\n\n<p><strong>Uptime stabilization typically covers:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Monitoring remote desktop hosts, tax servers, and key services for performance and availability<\/li>\n\n\n\n<li>Defining severity levels and response times for incidents like &#8220;nobody can log in to tax software&#8221;<\/li>\n\n\n\n<li>Fixing obvious bottlenecks such as under-sized RDS hosts or storage issues<\/li>\n<\/ul>\n\n\n\n<p><strong>Within a few weeks, you should see:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Tickets logged and closed through a help desk instead of ad hoc emails<\/li>\n\n\n\n<li>Clear communication when issues occur and when they are resolved<\/li>\n\n\n\n<li>Fewer recurring problems with the same systems<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-3-compliance-alignment-rebuilding-your-data-security\"><span id=\"3-compliance-alignment-rebuilding-your-data-security\"><strong>3. Compliance Alignment: Rebuilding Your Data Security<\/strong><\/span><\/h3>\n\n\n\n<p>After critical risks are under control, the provider helps re-attach your IT infrastructure to IRS Publication 4557 requirements, the FTC Safeguards Rule, and your WISP.<\/p>\n\n\n\n<p><strong>Expect concrete work like:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Reviewing your existing WISP and updating it to reflect actual systems and controls<\/li>\n\n\n\n<li>Running a focused risk assessment that highlights gaps in access control, backup, monitoring, and vendor management<\/li>\n\n\n\n<li>Setting a cadence for backup tests, access reviews, and security reporting<\/li>\n\n\n\n<li>Organizing evidence so you can answer three questions quickly:\n<ul class=\"wp-block-list\">\n<li>What controls do we have?<\/li>\n\n\n\n<li>Are they working?<\/li>\n\n\n\n<li>Where is the proof?<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p>A competent provider will speak directly about how controls map to IRS and FTC expectations, not hide behind generic buzzwords. That is what you need for <strong>PTIN attestation, cyber insurance, and client due diligence<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-4-ongoing-management-no-more-single-point-of-failure\"><span id=\"4-ongoing-management-no-more-single-point-of-failure\"><strong>4. Ongoing Management: No More Single Point of Failure<\/strong><\/span><\/h3>\n\n\n\n<p>Once assessment, stabilization, and initial compliance work are done, the relationship should shift into a steady rhythm.<\/p>\n\n\n\n<p><strong>Day-to-day processes you should see:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>24&#215;7 monitoring of key systems and security events<\/li>\n\n\n\n<li>Help desk support that understands tax season pressure and common accounting workflows<\/li>\n\n\n\n<li>Planned hardware refreshes and software upgrades, not last minute scrambles<\/li>\n\n\n\n<li>Regular reports to partners on uptime, tickets, security posture, and upcoming risks<\/li>\n<\/ul>\n\n\n\n<p>Importantly, none of this depends on a single individual inside your firm. The provider brings a team with overlapping skills and documented procedures. If one engineer leaves, your passwords, vendor relationships, and institutional knowledge stay put.<\/p>\n\n\n\n<p><strong>From a partner\u2019s point of view, IT becomes:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Measurable:<\/strong> uptime, ticket metrics, security checks, and audit trails<\/li>\n\n\n\n<li><strong>Explainable:<\/strong> a program you can describe to regulators, insurers, and clients<\/li>\n\n\n\n<li><strong>Resilient:<\/strong> able to survive staff changes without putting busy season at risk<\/li>\n<\/ul>\n\n\n\n<p><strong>A managed IT provider like <a href=\"https:\/\/verito.com\/\" target=\"_blank\" rel=\"dofollow\" >Verito<\/a> goes further by combining:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Secure cloud hosting for tax and accounting applications on hardened private servers<\/li>\n\n\n\n<li><strong>VeritGuard<\/strong> <a href=\"https:\/\/verito.com\/blog\/co-managed-it-vs-fully-managed-it-for-cpa-firms-2026\/\" target=\"_blank\" rel=\"dofollow noopener\"  data-wpil-monitor-id=\"1197\">managed IT services<\/a> that cover endpoints, networks, backups, and help desk under one contract<\/li>\n\n\n\n<li>Industry-fluent support that treats tax season uptime and regulatory compliance as non-negotiable<\/li>\n<\/ul>\n\n\n\n<p>Instead of betting the firm on one internal IT employee, you get a team, tested processes, and a platform that does not walk out the door.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-when-your-it-person-quits-it-is-time-to-fix-the-it-model-not-just-fill-the-seat\"><span id=\"when-your-it-person-quits-it-is-time-to-fix-the-it-model-not-just-fill-the-seat\"><strong>When Your IT Person Quits, It Is Time To Fix The IT Model, Not Just Fill The Seat<\/strong><\/span><\/h2>\n\n\n\n<p>When your only IT person quits, the real problem is not a vacancy. It is discovering how much of your security, uptime, and compliance was concentrated in one head.<\/p>\n\n\n\n<p>By now you have a clear picture of what is at stake:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Security risk jumps<\/strong> because admin access, MFA, monitoring, and backups may not be fully documented or supervised.<\/li>\n\n\n\n<li><strong>Uptime becomes fragile<\/strong> because no one clearly owns remote access, hosted tax and accounting systems, or quick fixes during busy seasons.<\/li>\n\n\n\n<li><strong>Compliance gets shaky<\/strong> because the person who tied your WISP, IRS Publication 4557 requirements, and FTC Safeguards obligations to real controls has left.<\/li>\n<\/ul>\n\n\n\n<p>Your response has three layers.<\/p>\n\n\n\n<p><strong>In the present moment, treat this as a heightened risk window: <\/strong>Make sure the firm holds all admin keys, <strong>MFA is enforced<\/strong> on public-facing systems, <strong>backups are tested<\/strong>, and obvious stray accounts are removed. Capture the systems and vendors you rely on in a simple inventory.<\/p>\n\n\n\n<p><strong>This quarter, remove the single point of failure: <\/strong>Decide whether you want to rebuild the same one-person IT model, lean on a generic MSP and keep compliance work in-house, or shift to managed IT for accounting firms so IT becomes a shared, documented function.<\/p>\n\n\n\n<p><strong>Longer term, treat IT as regulated infrastructure, not background support: <\/strong>Plan lifecycle upgrades, keep your WISP and evidence current, and expect IT to survive staff changes without risking tax season or client trust.<\/p>\n\n\n\n<p>If you want a reality check before you decide, start with an <strong>external cybersecurity and IT assessment<\/strong> focused on tax and accounting firms. Verito can review your environment against IRS Publication 4557 and FTC Safeguards expectations, verify backups and hosting setups, and give partners a direct answer on how exposed the firm really is. If you are ready to move away from the one-person model, you can also talk to Verito about <strong>combining secure cloud hosting for tax and accounting applications<\/strong> with <a href=\"https:\/\/verito.com\/veritguard\" target=\"_blank\" rel=\"dofollow\" ><strong>VeritGuard managed IT<\/strong><\/a>, so security, uptime, and compliance rest on a dedicated platform and team, not a single employee who might leave.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-faq\"><span id=\"faq\"><strong>FAQ:<\/strong><\/span><\/h2>\n\n\n<div class=\"saswp-faq-block-section\"><ol style=\"list-style-type:none\"><li style=\"list-style-type: none\"><h5 id=\"1-what-should-we-do-on-the-day-our-it-person-quits\" class=\"saswp-faq-question-title \">1. <strong>What should we do on the day our IT person quits?<\/strong><\/h5><p class=\"saswp-faq-answer-text\">Treat it as a security and continuity event, not just a staffing issue. Same day, you should:<br><br>\u2022 Confirm and document all global admin accounts in Microsoft 365 or Google Workspace<br>\u2022 Add at least one partner as global admin with MFA<br>\u2022 Change passwords and MFA for any admin account controlled only by the IT person<br>\u2022 Verify backups for tax servers, file storage, and key apps are running and test at least one small restore<br>\u2022 Start a simple system and vendor inventory, even if it is incomplete<br><br>If you only do these five actions, you have already reduced your immediate risk significantly.<\/p><li style=\"list-style-type: none\"><h5 id=\"2-are-we-still-compliant-with-irs-publication-4557-and-the-ftc-safeguards-rule-if-our-it-person-leaves\" class=\"saswp-faq-question-title \">2. <strong>Are we still compliant with IRS Publication 4557 and the FTC Safeguards Rule if our IT person leaves?<\/strong><\/h5><p class=\"saswp-faq-answer-text\">Not automatically non compliant, but often weaker than you think. You have a problem if:<br><br>\u2022 You cannot locate your WISP without the former IT person<br>\u2022 You have no recent risk assessment or access review you can show<br>\u2022 You cannot produce basic evidence of backups, patching, and MFA coverage<br><br>Regulators and insurers care about controls and proof. When the person who implemented and documented those controls leaves, your ability to prove compliance drops until someone else or a managed IT provider takes formal ownership.<\/p><li style=\"list-style-type: none\"><h5 id=\"3-can-a-managed-it-provider-take-over-if-our-it-person-left-with-almost-no-documentation\" class=\"saswp-faq-question-title \">3. <strong>Can a managed IT provider take over if our IT person left with almost no documentation?<\/strong><\/h5><p class=\"saswp-faq-answer-text\">Yes, if they know accounting environments and you are willing to let them do structured discovery. A capable provider will:<br><br>\u2022 Use tools to map servers, workstations, and network devices<br>\u2022\u00a0Interview partners and key staff about workflows and pain points<br>\u2022\u00a0Identify where tax, accounting, and DMS data actually lives<br>\u2022 Prioritize closing obvious gaps such as missing MFA, stale accounts, and unverified backups<br><br>You still need to answer questions and sign off on changes, but you do not have to reverse engineer everything yourself.<\/p><li style=\"list-style-type: none\"><h5 id=\"4-we-are-a-small-firm-is-managed-it-overkill-compared-to-a-part-time-local-it-person\" class=\"saswp-faq-question-title \">4. <strong>We are a small firm. Is managed IT overkill compared to a part time local IT person?<\/strong><\/h5><p class=\"saswp-faq-answer-text\">A small headcount does not mean low risk. Even a three to five person tax practice:<br><br>\u2022 Handles thousands of Social Security numbers and bank details<br>\u2022 Is expected to have a WISP under IRS guidance<br>\u2022 Often relies on one server or hosting environment for nearly all revenue producing work<br>A part time local IT person can help with break fix work, but they rarely provide 24&#215;7 monitoring, structured security and compliance alignment, or team coverage if they are unavailable. For many small firms, a focused managed IT plan plus secure hosting is more predictable and defensible than relying on one individual who has no obligation to be available when you need them most.<\/p><li style=\"list-style-type: none\"><h5 id=\"5-what-should-we-ask-a-managed-it-provider-before-signing-especially-after-an-it-resignation\" class=\"saswp-faq-question-title \">5. <strong>What should we ask a managed IT provider before signing, especially after an IT resignation?<\/strong><\/h5><p class=\"saswp-faq-answer-text\">At minimum, ask:<br><br>\u2022 How many CPA or accounting firms do you support today<br>\u2022 Which tax and accounting applications you work with regularly<br>\u2022 How you help clients comply with IRS Publication 4557, the FTC Safeguards Rule, and WISP expectations<br>\u2022 What your guaranteed response times are during evenings and weekends in busy season<br>\u2022 Where our documentation lives and how we get it if we ever leave<br><br>If the answers are vague, generic, or not specific to accounting firms, you are likely buying basic IT support, not a managed IT function that can replace the single point of failure you just lost.<\/p><\/ul><\/div>\n\n\n<p><\/p>\n\n\n\n<ol class=\"wp-block-list\"><\/ol>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\"><\/ol>\n\n\n\n<ol start=\"3\" class=\"wp-block-list\"><\/ol>\n\n\n\n<ol start=\"4\" class=\"wp-block-list\"><\/ol>\n\n\n\n<ol start=\"5\" class=\"wp-block-list\"><\/ol>\n","protected":false},"excerpt":{"rendered":"Your only IT person quits. No successor, limited documentation, and they are the only ones who really understands&hellip;\n","protected":false},"author":12,"featured_media":5195,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[104],"tags":[25,254,548,549,296,553,280,241,550,351,552,551,326],"class_list":{"0":"post-5194","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-managed-it-services","8":"tag-accounting-firms","9":"tag-cloud-hosting-for-accountants","10":"tag-cpa-it-support","11":"tag-cybersecurity-for-accountants","12":"tag-cybersecurity-for-accounting-firms","13":"tag-data-breach-prevention","14":"tag-ftc-safeguards-rule","15":"tag-irs-publication-4557","16":"tag-it-risk-management","17":"tag-managed-it-services","18":"tag-tax-season-uptime","19":"tag-veritguard-managed-it","20":"tag-wisp"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.1 (Yoast SEO v27.1.1) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Managed IT For Accounting Firms When Your IT Person Quits<\/title>\n<meta name=\"description\" content=\"See what happens when your IT person quits and how managed IT for accounting firms protects security, uptime, and compliance.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/verito.com\/blog\/managed-it-for-accounting-firms-it-guy-quits\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Managed IT For Accounting Firms: What Happens To Security, Uptime, And Compliance When Your IT Guy Quits\" \/>\n<meta property=\"og:description\" content=\"Your only IT person just quit. Who owns security, uptime, and compliance now? This guide shows what breaks inside a CPA firm, what to fix in the first 72 hours, and how managed IT built for accounting firms like Verito can replace a single point of failure with a secure, always on platform.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/verito.com\/blog\/managed-it-for-accounting-firms-it-guy-quits\/\" \/>\n<meta property=\"og:site_name\" content=\"Verito Technologies | Blog\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-20T14:45:37+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/01\/Managed-IT-For-Accounting-Firms_-What-Happens-To-Security-Uptime-And-Compliance-When-Your-IT-Guy-Quits-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1500\" \/>\n\t<meta property=\"og:image:height\" content=\"1000\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Camren Majors\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:description\" content=\"Your only IT person just quit. Who owns security, uptime, and compliance now? This guide shows what breaks inside a CPA firm, what to fix in the first 72 hours, and how managed IT built for accounting firms like Verito can replace a single point of failure with a secure, always on platform.\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Camren Majors\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"24 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Managed IT For Accounting Firms When Your IT Person Quits","description":"See what happens when your IT person quits and how managed IT for accounting firms protects security, uptime, and compliance.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/verito.com\/blog\/managed-it-for-accounting-firms-it-guy-quits\/","og_locale":"en_US","og_type":"article","og_title":"Managed IT For Accounting Firms: What Happens To Security, Uptime, And Compliance When Your IT Guy Quits","og_description":"Your only IT person just quit. Who owns security, uptime, and compliance now? This guide shows what breaks inside a CPA firm, what to fix in the first 72 hours, and how managed IT built for accounting firms like Verito can replace a single point of failure with a secure, always on platform.","og_url":"https:\/\/verito.com\/blog\/managed-it-for-accounting-firms-it-guy-quits\/","og_site_name":"Verito Technologies | Blog","article_published_time":"2026-01-20T14:45:37+00:00","og_image":[{"width":1500,"height":1000,"url":"http:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/01\/Managed-IT-For-Accounting-Firms_-What-Happens-To-Security-Uptime-And-Compliance-When-Your-IT-Guy-Quits-1.jpg","type":"image\/jpeg"}],"author":"Camren Majors","twitter_card":"summary_large_image","twitter_description":"Your only IT person just quit. Who owns security, uptime, and compliance now? This guide shows what breaks inside a CPA firm, what to fix in the first 72 hours, and how managed IT built for accounting firms like Verito can replace a single point of failure with a secure, always on platform.","twitter_misc":{"Written by":"Camren Majors","Est. reading time":"24 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/verito.com\/blog\/managed-it-for-accounting-firms-it-guy-quits\/#article","isPartOf":{"@id":"https:\/\/verito.com\/blog\/managed-it-for-accounting-firms-it-guy-quits\/"},"author":{"name":"Camren Majors","@id":"https:\/\/verito.com\/blog\/#\/schema\/person\/865ad0905f2ef35c7587605a88ab6c1e"},"headline":"Managed IT For Accounting Firms: What Happens To Security, Uptime, And Compliance When Your IT Guy Quits","datePublished":"2026-01-20T14:45:37+00:00","mainEntityOfPage":{"@id":"https:\/\/verito.com\/blog\/managed-it-for-accounting-firms-it-guy-quits\/"},"wordCount":5275,"publisher":{"@id":"https:\/\/verito.com\/blog\/#organization"},"image":{"@id":"https:\/\/verito.com\/blog\/managed-it-for-accounting-firms-it-guy-quits\/#primaryimage"},"thumbnailUrl":"https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/01\/Managed-IT-For-Accounting-Firms_-What-Happens-To-Security-Uptime-And-Compliance-When-Your-IT-Guy-Quits-1.jpg","keywords":["accounting firms","cloud hosting for accountants","CPA IT support","cybersecurity for accountants","cybersecurity for accounting firms","data breach prevention","FTC safeguards rule","IRS publication 4557","IT risk management","managed IT services","tax season uptime","VeritGuard managed IT","WISP"],"articleSection":["Managed IT Services"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/verito.com\/blog\/managed-it-for-accounting-firms-it-guy-quits\/","url":"https:\/\/verito.com\/blog\/managed-it-for-accounting-firms-it-guy-quits\/","name":"Managed IT For Accounting Firms When Your IT Person Quits","isPartOf":{"@id":"https:\/\/verito.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/verito.com\/blog\/managed-it-for-accounting-firms-it-guy-quits\/#primaryimage"},"image":{"@id":"https:\/\/verito.com\/blog\/managed-it-for-accounting-firms-it-guy-quits\/#primaryimage"},"thumbnailUrl":"https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/01\/Managed-IT-For-Accounting-Firms_-What-Happens-To-Security-Uptime-And-Compliance-When-Your-IT-Guy-Quits-1.jpg","datePublished":"2026-01-20T14:45:37+00:00","description":"See what happens when your IT person quits and how managed IT for accounting firms protects security, uptime, and compliance.","breadcrumb":{"@id":"https:\/\/verito.com\/blog\/managed-it-for-accounting-firms-it-guy-quits\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/verito.com\/blog\/managed-it-for-accounting-firms-it-guy-quits\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/verito.com\/blog\/managed-it-for-accounting-firms-it-guy-quits\/#primaryimage","url":"https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/01\/Managed-IT-For-Accounting-Firms_-What-Happens-To-Security-Uptime-And-Compliance-When-Your-IT-Guy-Quits-1.jpg","contentUrl":"https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/01\/Managed-IT-For-Accounting-Firms_-What-Happens-To-Security-Uptime-And-Compliance-When-Your-IT-Guy-Quits-1.jpg","width":1500,"height":1000,"caption":"Managed IT For Accounting Firms_ What Happens To Security, Uptime, And Compliance When Your IT Guy Quits"},{"@type":"BreadcrumbList","@id":"https:\/\/verito.com\/blog\/managed-it-for-accounting-firms-it-guy-quits\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/verito.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Managed IT Services","item":"https:\/\/verito.com\/blog\/category\/managed-it-services\/"},{"@type":"ListItem","position":3,"name":"Managed IT For Accounting Firms: What Happens To Security, Uptime, And Compliance When Your IT Guy Quits"}]},{"@type":"WebSite","@id":"https:\/\/verito.com\/blog\/#website","url":"https:\/\/verito.com\/blog\/","name":"Verito Technologies | Blog","description":"Verito Technologies Blog","publisher":{"@id":"https:\/\/verito.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/verito.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/verito.com\/blog\/#organization","name":"Verito Technologies","url":"https:\/\/verito.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/verito.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/verito.com\/blog\/wp-content\/uploads\/2020\/01\/logo_blue.png","contentUrl":"https:\/\/verito.com\/blog\/wp-content\/uploads\/2020\/01\/logo_blue.png","width":625,"height":208,"caption":"Verito Technologies"},"image":{"@id":"https:\/\/verito.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/verito.com\/blog\/#\/schema\/person\/865ad0905f2ef35c7587605a88ab6c1e","name":"Camren Majors","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/verito.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/77bfceda618286bd3464259eedc244dda94e71f2d7782a878cb75fd25c966426?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/77bfceda618286bd3464259eedc244dda94e71f2d7782a878cb75fd25c966426?s=96&d=mm&r=g","caption":"Camren Majors"},"description":"Camren Majors is co-founder and Chief Revenue Officer of Verito Technologies, a cloud hosting and managed IT company built exclusively for tax and accounting firms. He is the co-author of Beyond Best Practices: Modernizing the Successful Accounting Firm (2026). His work has been featured in NATP TAXPRO Magazine and he has presented for NATP, NAEA, and NSA."}]}},"_links":{"self":[{"href":"https:\/\/verito.com\/blog\/wp-json\/wp\/v2\/posts\/5194","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/verito.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/verito.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/verito.com\/blog\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/verito.com\/blog\/wp-json\/wp\/v2\/comments?post=5194"}],"version-history":[{"count":6,"href":"https:\/\/verito.com\/blog\/wp-json\/wp\/v2\/posts\/5194\/revisions"}],"predecessor-version":[{"id":5345,"href":"https:\/\/verito.com\/blog\/wp-json\/wp\/v2\/posts\/5194\/revisions\/5345"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/verito.com\/blog\/wp-json\/wp\/v2\/media\/5195"}],"wp:attachment":[{"href":"https:\/\/verito.com\/blog\/wp-json\/wp\/v2\/media?parent=5194"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/verito.com\/blog\/wp-json\/wp\/v2\/categories?post=5194"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/verito.com\/blog\/wp-json\/wp\/v2\/tags?post=5194"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}