Your Vet IT Person Keeps the Practice Running. That's Not the Same as Security.

Almost every veterinary practice has someone who handles the computers — a local IT company, a PIMS-savvy contractor, or the one staff member who's “good with tech.” They keep Cornerstone or ezyVet running, set up new workstations, sort out the printer, and get the network back when it drops. They're genuinely valuable, and the practice would struggle without them.

The problem is the quiet assumption that comes with them: because someone handles IT, security is handled.It usually isn't. These are two different jobs, and most veterinary IT support is doing the first one, not the second.

Two Different Jobs

IT support keeps things working.Its job is uptime and functionality — the PIMS is up, the network is fast, the new tech's laptop is configured, the email flows. When something breaks, it gets fixed. The mental model is maintenance.

Security assumes someone is actively trying to get in. Its job is to prevent, detect, respond to, and recover from attacks. The mental model is adversarial: it asks not “is this working?” but “if an attacker phished a receptionist right now, would we even know — and what would stop them spreading to the PIMS server?” That's a different question, answered with different tools: 24/7 monitoring, behavioural threat detection, tested backups, phishing simulations, and a rehearsed incident response plan.

A practice can have excellent IT and zero security, the same way a building can have a great facilities manager and no alarm system. The lights work; that says nothing about whether the doors are watched.

Where the Gap Bites in a Veterinary Practice

The gap isn't theoretical — it maps directly onto how practices actually get hit. A capable IT person may have the PIMS running perfectly while MFA was never enforced on it, so a single stolen password opens the whole record system. Backups may exist because IT set them up, but nobody has tested a restoreor confirmed they're offline — so ransomware encrypts them too. Email works flawlessly, but there's no filtering or training to catch the fake distributor invoice that reroutes a payment, the attack we cover in fake invoice fraud.

None of those are IT failures. The systems are working exactly as intended. They're security gaps — and they sit outside what break-fix IT is scoped, equipped, or watching for.

Six Questions to Ask Your IT Person

You don't need to become technical to find out where you stand. Ask directly, and listen for whether the answer is a confident “yes, here's how” or a hedge:

If most answers are “no” or “I think so,” that's not a knock on your IT person — it's simply outside their scope. They were hired to keep things running, and they are. Security is a separate engagement.

You Don't Have to Choose

The fix usually isn't to replace your IT support. Most practices keep their existing IT relationship for day-to-day work and add a security-led providerfor the monitoring, response, training, and compliance that break-fix IT doesn't cover. The two roles complement each other — and a good security provider will work alongside your IT person rather than around them. The broader case for this split is in MSP vs MSSP.

The Bottom Line

“Our IT guy has it covered” answers a question nobody asked. IT keeps the practice running; security keeps it defended. They're different jobs, and assuming the first one delivers the second is how a practice ends up fully functional right up until the morning the PIMS won't open. Ask the six questions. The answers tell you which job is actually being done.

For the full set of controls a practice should have, see our veterinary practice cybersecurity guide, or see how a security-led partner delivers them on our cybersecurity for veterinary practices page.