What Our Endpoint Security Platform Is Finding That Traditional Antivirus Often Misses!

What Your Antivirus Isn't Looking For

When most veterinary practices think about cybersecurity, they think about malware, ransomware, phishing emails, and hackers trying to gain access to their systems.

Those threats are very real, and modern Endpoint Detection & Response (EDR) solutions help us detect and respond to them every day. But some of the most significant risks we uncover aren't malware at all.

They're password files.

As part of the security monitoring and protection services provided by I.T. Guru, we've identified multiple instances of files that appear to contain usernames, passwords, and other sensitive credentials stored on workstations and shared practice network drives. These files often have names such as:

  • Passwords.docx
  • Passwords.xlsx
  • Accounting Passwords.xlsx
  • Password Management spreadsheets
  • Computer and Networking Gear Passwords
  • Website Passwords and Practice Management System Passwords

While these files are often created with good intentions, they can become a significant security liability if they fall into the wrong hands.

Why Password Files Are a Risk for Veterinary Practices

Veterinary hospitals rely on dozens of systems every day, including:

  • Practice Information Management Systems (PIMS)
  • Digital imaging platforms
  • Reference laboratory portals
  • Payroll and accounting systems
  • Microsoft 365/Google Workspace
  • Vendor and pharmaceutical ordering systems
  • Remote access and support tools

When passwords are stored in Word documents, spreadsheets, or shared folders, a single compromised workstation can potentially provide access to multiple critical systems throughout the practice.

In many cybersecurity incidents, the greatest damage doesn't come from the initial compromise—it comes from what an attacker discovers after they've gained access.

The Problem With "We've Always Done It This Way"

Many password files started years ago as a quick solution:

  • A spreadsheet shared among managers
  • A document containing vendor logins
  • A list of software credentials stored on a network drive
  • A collection of passwords maintained for employee transitions

Over time, those files become part of daily operations and are often forgotten.

Unfortunately, cybercriminals actively search for exactly these types of documents because they can provide immediate access to the systems that keep a veterinary practice running.

Modern Security Goes Beyond Malware

Traditional antivirus focuses on finding malicious software.

Modern EDR solutions look much deeper.

In addition to identifying malware and suspicious activity, EDR can help detect security risks that may otherwise go unnoticed, including insecure credential storage, risky behaviors, unauthorized software, and indicators that could expose the practice to future attacks.

Finding a spreadsheet full of passwords before an attacker does is just as valuable as blocking malware in the first place.

A Better Way to Manage Practice Credentials

Rather than storing passwords in documents or spreadsheets, we recommend using a dedicated password management platform.

Two solutions we frequently recommend are:

1Password

  • Encrypted credential storage
  • Secure sharing between team members
  • Administrative controls
  • Multi-factor authentication support

NordPass

  • Secure password vaults
  • Team password sharing
  • Password health monitoring
  • Simple migration from spreadsheets and documents

These solutions allow practices to securely store credentials while maintaining appropriate access for doctors, managers, and staff.

Questions Every Veterinary Practice Should Ask

Take a few minutes to consider:

  • Do we have a file named "Passwords" anywhere in the practice?
  • Are vendor logins stored in Excel spreadsheets?
  • Are team members sharing credentials through email?
  • Are passwords stored on shared drives accessible to multiple users?
  • Do former employees still know passwords that haven't been changed?

If the answer to any of these questions is yes, it may be time to review how credentials are being managed.

Final Thoughts

Cybersecurity isn't just about stopping viruses anymore.

It's about reducing risk across every part of the veterinary practice.

Sometimes that means blocking malware. Sometimes it means stopping a phishing attack. And sometimes it means finding the spreadsheet full of passwords that everyone forgot existed.

The goal isn't just to stop cyberattacks—it's to reduce opportunities for them to happen in the first place. Removing insecure password files, implementing a secure password manager, and limiting access to sensitive credentials are simple steps that can significantly improve the security of any veterinary practice.
Back to List