An independent cybersecurity review across many of Florida’s largest accounting firms reveals a wide range of results. Firms that prepare returns hold extremely sensitive taxpayer data, yet many show significant gaps in basic email authentication.
Using data from audit.emailmenow.com, we evaluated each firm’s domain across SPF, DKIM, DMARC, transport security (MTA-STS/TLS), and website security headers.
Cybersecurity Scores of Major Florida Accounting Firms
Overall compliance scores from audit.emailmenow.com. Re-run any domain at the link to verify.
| Rank | Firm | Domain | Overall Score | Performance Level |
|---|---|---|---|---|
| 1 | Kaufman Rossin | kaufmanrossin.com | 68% | Good |
| 2 | Berkowitz Pollack Brant | bpbcpa.com | 64% | Good |
| 3 | Thomas Howell Ferguson | thf-cpa.com | 62% | Above Average |
| 3 | Cherry Bekaert | cbh.com | 62% | Above Average |
| 5 | Saltmarsh, Cleaveland & Gund | saltmarshcpa.com | 60% | Above Average |
| 5 | Templeton & Company | templetonco.com | 60% | Above Average |
| 7 | Carr, Riggs & Ingram | cricpa.com | 55% | Average |
| 8 | Markham Norton Mosteller Wright | markham-norton.com | 38% | Weakest |
| 9 | James Moore & Co. | jmco.com | 34% | Weakest |
What the Results Reveal
- Scores range from 68% (Kaufman Rossin) down to 34% — no Florida accounting firm reaches a strong (70%+) posture.
- A cluster sits at 60–68%, but two firms fall below 40%, showing enforced DMARC, strict SPF, and transport protections are inconsistent.
- Weak email authentication fuels the tax-season phishing and client-payment fraud that increasingly target CPA firms.
Why This Matters for Accounting Firms
The IRS (Publication 4557) requires every tax professional to maintain a written information security plan (WISP) to keep a PTIN, and the FTC Safeguards Rule backs it with civil penalties. Tax season is also peak phishing season for tax pros.
Check any firm’s posture at audit.emailmenow.com/?industry=cpa-firms.
See also — national audit
- Major U.S. CPA Firms (national)
- Major U.S. Tax Preparers (national)
- National Payroll Providers (national)
Recommendations
- Enforce DMARC (
p=reject), strict SPF (-all), and DKIM signing. - Add MTA-STS and website security headers.
- Document your WISP and run recurring security awareness training before filing season.
Protect your firm and your clients. Run a free Instant Cybersecurity Audit at audit.emailmenow.com/?industry=cpa-firms.
Contact EmailMeNow IT Consulting for help with your IRS-ready written security plan and email hardening.
Source & methodology: Overall compliance scores from the free scan at audit.emailmenow.com — each domain checked for email authentication (SPF, DKIM, DMARC), transport security (MTA-STS/TLS), website security headers, and network security. Re-run any domain at the link to verify.