A spreadsheet is not a password manager

We get it — it started as a quick fix. A shared Excel file on the server, or a sticky note digitised into a Word doc. But over time, these files become the single most dangerous document in your organisation.

Files like these are routinely flagged by our security tooling:

• passwords.xls
• logins.xlsx
• Passwords - IT.docx
• password list.txt
• accounts & passwords.xlsx
• WiFi passwords.docx

These files are typically unencrypted, easy to share accidentally, and — if a bad actor gets onto your network — exactly what they’re searching for.

Huntress MDR flags these files automatically

Huntress Managed Detection & Response monitors your endpoints 24/7. Part of that monitoring involves looking for indicators that your environment may have been compromised — or is vulnerable to becoming so.

When a suspicious file is detected, Huntress raises an alert to us here at Tranquil IT. We investigate, and if the risk is confirmed, we work with you to remediate it — moving credentials into a proper password manager and decommissioning the insecure file.

This kind of proactive detection is exactly what separates managed security from a “set and forget” antivirus. Huntress catches things that traditional tools miss — including risky habits that haven’t caused a problem yet.

Tools fix habits — training prevents them

Switching to a password manager solves the immediate problem. But the reason that spreadsheet existed in the first place is usually a lack of security awareness — and that’s where the next breach is waiting to happen.

A phishing email, a weak password reused across accounts, a colleague clicking a dodgy link — these are human problems, and they need a human solution.

We now offer Huntress Security Awareness Training (SAT) to help your team build lasting security habits, not just tick a compliance box. It includes:

• Phishing simulations — see how your team responds to realistic attacks before a real one lands
• Bite-sized training modules — built for busy people, not IT professionals. Most take just a few minutes to complete
• Password hygiene training — covers exactly this kind of risky behaviour so it doesn’t happen again
• Progress reporting — we track completion and risk scores so you can see your security culture improving over time

Think of MDR and SAT as two sides of the same coin: Huntress MDR watches your systems, while SAT watches your people. Together, they cover the two most common causes of a breach.

What to do if you’ve been flagged

If Huntress has raised an alert about a password file on your systems — don’t panic. It doesn’t mean you’ve been breached. It means we’ve spotted a risk and we want to help you close it.

1. Stop adding to the file — immediately
2. Set up a password manager (we can help)
3. Migrate your credentials across and delete the file securely
4. Enable multi-factor authentication on your critical accounts
5. Ask us about Huntress SAT to make sure your team knows what to watch for next time

If you’re not sure where to start, get in touch — we deploy and manage password managers for clients of all sizes, and it’s a straightforward project with an immediate security benefit.