Pittsburgh CPA Firm Cybersecurity Cloud Case Study

PGH Networks is a Pittsburgh-based managed services provider delivering cybersecurity, cloud migration, and compliance support to accounting firms, law firms, and mid-market businesses across the Pittsburgh metro and within 75 miles of 15220. This Pittsburgh CPA firm cybersecurity and cloud case study walks through a representative engagement with a regional accounting practice — anonymized at the client's request — that needed to harden its security posture, document an IRS-aligned Written Information Security Plan (WISP), and move its tax software stack to the cloud before tax season.

The firm in question was a 38-seat CPA practice with offices in the South Hills and a satellite location in Cranberry Township. Leadership had received a renewal questionnaire from their cyber insurer, a client request for SOC-style attestations, and an internal mandate from the managing partner to stop running CCH ProSystem fx and Lacerte off an aging on-premises file server. They had roughly four months before the January 1 1040 prep ramp-up.

The challenge

The firm was carrying the technical debt typical of a Pittsburgh accounting practice that had grown organically: a single Hyper-V host running tax applications, mapped drives for working papers, inconsistent MFA coverage across Microsoft 365, no endpoint detection and response (EDR) on partner laptops, and a WISP that existed only as a two-page Word document from 2019. The IRS publication 4557 and FTC Safeguards Rule expectations under GLBA had both moved well past where their documentation sat.

Three constraints shaped the engagement. First, no downtime during tax season — any cutover had to land before mid-January and survive the March/April crush. Second, the firm's preparers used CCH Axcess, ProSystem fx, Lacerte, and QuickBooks, and the cloud target had to host all of them without breaking integrations with ShareFile and SharePoint. Third, the cyber insurance carrier had explicitly asked for MFA on email and remote access, EDR on every endpoint, immutable backups, and a current WISP — non-negotiables for renewal.

The real work of CPA cybersecurity is not buying tools — it is producing documentation an examiner, an insurer, or a client can actually read.

How PGH Networks solved it

TL;DR: PGH Networks rebuilt the firm's security baseline, authored a defensible WISP, and migrated CCH and Lacerte to a hosted environment without losing a single billable hour during tax season.

We sequenced the work in three phases so the partners could see progress against the insurer's checklist before committing to the larger cloud migration.

Phase 1 — Security baseline and WISP (weeks 1–5). We deployed a managed EDR agent across all 41 endpoints and 3 servers, enforced conditional-access MFA across Microsoft 365 including legacy authentication blocks, and stood up immutable, offsite backups with a 30-day retention floor. In parallel, our compliance team authored a WISP mapped to IRS Pub 4557, the FTC Safeguards Rule, and GLBA's administrative, technical, and physical safeguard categories — naming the firm's actual systems (CCH Axcess, Lacerte, ProSystem fx, ShareFile, Microsoft 365) rather than generic placeholders. The document named a Qualified Individual, defined incident response roles, and included the annual review cadence the Safeguards Rule expects.

Phase 2 — Cloud migration (weeks 6–12). We migrated CCH ProSystem fx and Lacerte to a hosted virtual desktop environment sized for tax-season concurrency, with prior-year returns and depreciation files validated against the on-prem source. ShareFile became the client-facing portal for 1040 organizers, signed 8879s, and source documents, replacing email attachments. SharePoint absorbed working papers with versioning and DLP policies tuned for PII and SSNs.

Phase 3 — Tax-season readiness (weeks 13–16). Before January 15, we ran a tabletop exercise covering ransomware, wire-fraud BEC, and a lost-laptop scenario, and we documented a tax-season uptime SLA with named escalation contacts on our side. Preparers were trained on the new MFA prompts, the ShareFile portal, and how to report a suspicious email in one click.

Outcomes

The firm completed tax season with zero unplanned downtime on the hosted CCH and Lacerte environment and no security incidents requiring insurer notification. Specific results from the engagement:

• The cyber insurance renewal closed with a measurable premium reduction after the carrier reviewed the WISP, MFA evidence, and EDR coverage report.
• Client document turnaround moved from email-attachment chains to a ShareFile portal, which the firm's administrator credits with reclaiming roughly an hour per preparer per day during peak weeks.
• The WISP passed review during a downstream client's vendor due-diligence questionnaire without follow-up requests — the first time that had happened.
• Partner laptops, which had previously held working copies of returns, were re-architected so PII no longer lived at the endpoint.

PGH Networks served as the firm's outsourced IT and security function for the full engagement, from WISP authorship through tax-season on-call coverage.

Takeaway for Pittsburgh CPAs and accounting firms

Most Pittsburgh accounting firms we talk to are not missing tools — they are missing the connective tissue between their tax software, their security stack, and the documentation their insurers, the IRS, and their own clients now expect. A Pittsburgh CPA firm cybersecurity and cloud project done well looks less like a product purchase and more like a sequenced program: baseline controls first, defensible WISP second, cloud migration third, and a tax-season runbook before the first 1040 is opened.

If your firm is running CCH Axcess, ProSystem fx, Lacerte, or QuickBooks on aging infrastructure, facing a Safeguards Rule or GLBA question from a client or carrier, or simply tired of being the partner who reboots the server at 9 p.m. on April 14 — that is the conversation PGH Networks is built for. We work with accounting firms across Pittsburgh, the South Hills, Cranberry, Monroeville, and the broader 75-mile radius around 15220, and we can scope an engagement against your next renewal or tax-season deadline rather than a generic timeline.