April 2026 News & Updates

Apr, Thu, 2026
nathan
CTC NEWS , Industry News , Mailing List , Monthly Newsletters , Tech news

CTC News

New pricing starting in June 2026 – We will be implementing a slight price increase on 1 June 2026. Additional information will be posted to our Policies and Procedures page here.
Updates to the MyIT Program – The MyIT Program provides enterprise level compliance-ready IT support for small to medium business clients without the enterprise level pricing and with no term agreements, so no lock-in. If you don’t find value in the program, you can cancel at any time. We’re updating the MyIT Program level names to better reflect the value each tier provides. Going forward:
- MyIT Essentials (formerly Bronze) — Core protection for businesses that need the fundamentals: patching, backups, monitoring, and a team to call when things break.
- MyIT Professional (formerly Silver) — Our most popular plan. For businesses that can’t afford to wait: real-time alerting, priority support queue, and faster response when minutes matter.
- MyIT Enterprise (formerly Gold) — Maximum protection with included on-site support hours and dedicated account management.
- If you’re currently on a MyIT plan, your service and pricing aren’t changing—just the name. Details on all MyIT Programs are available here. Questions? Let us know.

Industry News

NIST Changes How Vulnerabilities Are Scored – What This Means for Your Business – On April 15, NIST announced a major shift in how it processes cybersecurity vulnerabilities. CVE submissions have surged 263% since 2020, and NIST can no longer analyze every one. They’re moving to a risk-based triage model that prioritizes vulnerabilities in CISA’s Known Exploited Vulnerabilities catalog, software used by the federal government, and critical infrastructure software. What this means for small businesses: you can no longer rely on NIST severity scores alone to decide what to patch. Many CVEs will now be listed as “Not Scheduled” for analysis. If you don’t have a systematic patch management process that goes beyond waiting for NIST scores, now’s the time to fix that. This is especially important given the recent spike in ransomware attacks targeting small businesses.
Proofpoint Total Protection – Now Including Microsoft 365 Backup – For clients already using Proofpoint Essentials for email security, you can now upgrade to Proofpoint Total Protection, which adds comprehensive Microsoft 365 backup to your existing security stack. Here’s why this matters: Microsoft protects their infrastructure, but if you accidentally delete an email, SharePoint file, or OneDrive folder, you have 30 days to recover it—then it’s gone forever. Total Protection includes automated backup of Exchange, SharePoint, OneDrive, and Teams; point-in-time recovery from any backup date; and immutable backups that ransomware can’t touch. Ask us about upgrading if you’re interested.
PCI DSS Compliance – Are You Ready? – If you accept credit cards, you’re required to be PCI DSS compliant—and the rules have gotten stricter for 2026. Key requirements now include multi-factor authentication for anyone accessing cardholder data, quarterly vulnerability scans with no exceptions, and documented security policies (written down, not just “we know what we’re doing”). The penalty for non-compliance: fines start at $5,000/month and can escalate quickly if you have a breach, plus you risk losing your ability to accept credit cards entirely. Not sure where you stand? We can audit your current setup and get you compliant.
Upcoming End of Life for Windows Server 2016 – We’re officially under two years before the Windows Server 2016 End of Life (EOL), currently scheduled for 25 January 2027. This may seem like a long way off but, in most cases, the upgrade from Windows Server 2016 will require not only additional software licenses but also Client Access Licenses (CALs) and hardware and extensive planning to transition older systems off of the current Windows Server 2016 platform.
Windows 10 End of Life – Still Relevant – Windows 10 support ended October 2025. If you’re still running it, you’re no longer receiving security updates. This is a compliance issue for regulated industries and a growing security risk for everyone. Your options: upgrade to Windows 11 (free if hardware supports it), replace hardware that can’t run Windows 11, or explore extended support options (limited availability). Still on Windows 10? We need to talk.

Updates

Microsoft released patches for approximately 90 vulnerabilities in the April 2026 Patch Tuesday update. This includes several critical Remote Code Execution (RCE) vulnerabilities affecting Windows, Office, and Exchange Server. As always, we recommend applying these updates as soon as possible—especially if you’re running Exchange Server on-premises.

Microsoft releases regular updates the second Tuesday of each month, often referred to as ‘Patch Tuesday’. These updates are categorized as Low, Moderate, Important or Critical. Details on the categories are available here. The updates can include any supported Microsoft product from Windows to Office to Internet Explorer and server products like Exchange and SQL Server. If you have one or more of these products installed, especially if the update is listed as Important or Critical, it’s important that the updates are installed.

Additional details on this month’s Microsoft updates are available from SANS Internet Storm Center, Krebs on Security, Bleeping Computer, and CrowdStrike.

Adobe released 12 security bulletins this month, ranging from Important to Critical and impacting Acrobat Reader, Illustrator, Photoshop, Bridge, ColdFusion, Connect, FrameMaker, Experience Manager Screens, InCopy, InDesign, and DNG SDK.

Like Microsoft, Adobe now releases updates to their products on the second Tuesday of each month. Adobe will also release ‘out of band’ updates if necessary to address critical vulnerabilities in their products. Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos, for interactive content like games, etc.), Adobe Shockwave and the Adobe Creative Suite (Photoshop, Illustrator, Acrobat, Lightroom, etc

Additional details are available from Adobe Here including links to download the update(s) and instructions for installation.

Need IT Support for your Home or Business? We’d love to help!

Are you a small to medium sized business looking to leverage technology and enable your business and workforce to work smarter and more efficiently? Do you already have computers, servers, firewalls, VPNs or other technology that you’re not taking full advantage of? Are you looking for an IT Service Provider who understands small to medium sized businesses needs and the challenges that we face that can work with you to grow your business rather than just sell you time?

Cyber Tech Cafe is an IT Service Company with a focus on helping small to medium business get the most out of their technology investment. As a small business ourselves, we understand the challenges you face and have designed our service offerings to help you get the most out of your technology dollar. We offer on-call, as needed support if you just need a quick fix or extra set of hands right now. We also offer maintenance plans that we call “MyIT” that are designed to address the most common concerns (patch management, disaster recovery / backup, log review, etc.) that are based on the number of workstations and servers that you have and have no term contract. We believe that, if you find value in what we’re doing, you’ll find a way to keep us around without a contract saying that you have to.

If you have questions about the MyIT plans or have an IT need that you need addressed right now, let us know. We look forward to the opportunity to earn your business.

Article Submitted by Nathan J. Underwood, CEH