An independent cybersecurity review across major Maryland accounting firms reveals a wide range of results. Many organizations handle sensitive communications daily, yet show significant gaps in email authentication and transport security.
Using data from audit.emailmenow.com, we evaluated each domain across email, website, and network security — including SPF, DKIM, DMARC, MTA-STS/TLS, and security headers.
Cybersecurity Scores of Major Maryland Accounting Firms
Overall compliance scores from audit.emailmenow.com, measured June 5, 2026. Re-run any domain at the link to verify. SC&H Group audits on schgroup.com — the firm’s primary domain (Hunt Valley, MD).
| Rank | Organization | Domain | Overall Score | Performance Level |
|---|---|---|---|---|
| 1 | Aronson | aronsonllc.com | 58% | Average |
| 2 | CohnReznick | cohnreznick.com | 54% | Average |
| 3 | Frost PLLC | frostpllc.com | 52% | Average |
| 4 | SC&H Group | schgroup.com | 44% | Below Average |
| 5 | Ellin & Tucker | ellinandtucker.com | 44% | Below Average |
| 6 | KatzAbosch | katzabosch.com | 38% | Weak |
| 7 | Withum | withum.com | 34% | Weak |
| 8 | Gelman Rosenberg | gelmancpas.com | 30% | Weak |
What the Results Reveal
- Scores span 58% down to 30% — 0 of 8 reach a Good (70%+) posture.
- 8 of 8 scored below 60%, leaving stakeholders exposed to phishing and impersonation.
- Weak authentication undermines compliance expectations and increases BEC and wire-fraud risk.
Why This Matters in Maryland
Maryland accounting firms hold sensitive taxpayer data. The IRS (Publication 4557) requires a written information security plan, and the FTC Safeguards Rule backs it with civil penalties.
See also — national audit
- Major U.S. CPA Firms (national)
- Major U.S. Tax Preparers (national)
- National Payroll Providers (national)
Recommendations
- Enforce DMARC (
p=reject), strict SPF, and DKIM signing. - Add MTA-STS and website security headers.
- Run periodic domain audits and security awareness training.
Check any organization’s posture. Run a free Instant Cybersecurity Audit at audit.emailmenow.com/?industry=cpa-firms.
Contact EmailMeNow IT Consulting for help with email security hardening and compliance documentation.
Source & methodology: Overall compliance scores from the free scan at audit.emailmenow.com, measured June 5, 2026 — each domain checked for email authentication (SPF, DKIM, DMARC), transport security (MTA-STS/TLS), website security headers, and network security. Re-run any domain at the link to verify.