The cybersecurity baseline: What are the essentials you need?
The Cybersecurity Baseline: What Are the Essentials You Need? Article Publish Date: Let’s start by building the foundations that will support your business as it grows and it’s needs evolve. The truth is there isn’t one definitive answer – every business’ way of working is unique be that in the office, hybrid or fully remote. However, while there’s no “one size fits all” solution, there are some best practices and tools that (if implemented correctly) give you a solid base to protect your business and build your wider security strategy. A note from our technical team: this isn’t a “here’s the least you can have and be cyber secure” guide. The following are solutions that can be applied to all business whether cloud only, hybrid or on-prem. Protect your business by safeguarding your people The first pillar of our cybersecurity foundation is Cyber Awareness Training also known as “Human Risk Management” (HRM). Knowing that 88% of data breaches start by successfully exploiting human error, keeping your team aware of the threat landscape and promoting a security-first culture is key to stopping cyber threats. The second pillar takes some pressure off your team by preventing phishing, malware, and other harmful spam from reaching a real person while preventing data leaks in both incoming and outgoing emails. It takes the form of a Secure Email Gateway. The third and final pillar of this guide is Next-Gen Anti-Virus. NGAV performs threat prevention by blocking and quarantining threats using machine learning and behavioural analysis without requiring advanced technical knowledge. It’s a start but what’s next? This is what our team recommends if you’re taking the first steps of your cybersecurity journey however, we always recommend following the government framework, Cyber Essentials, which mitigates or prevents over 80% of common cyber attacks. For more information on the cybersecurity baseline, contact us today. Contact Us
Understanding the UK Cyber Security & Resilience Bill: What It Means for 2026 and Beyond
Understanding the UK Cyber Security & Resilience Bill: What It Means for 2026 and Beyond Article Publish Date: The UK Government is entering a new era of cyber regulation. Cyber threats are intensifying and recent attacks have caused serious disruption across public and private sectors. The new Cyber Security and Resilience Bill signals a shift from voluntary best practice to mandatory cyber resilience. The Bill is designed to strengthen essential services, protect national security, and update the UK’s ageing NIS Regulations (2018) to keep pace with modern cyber risks. Full implementation is anticipated after Royal Assent, expected in 2026, pending the bill’s progression beyond its current committee stage and the development of secondary legislation and regulator guidance. Why Is This Bill Needed? Cyber threats have accelerated dramatically, for example: 204 nationally significant cyber incidents were recorded by the NCSC in the year to August 2025, a 130% year on year increase. The Synnovis ransomware attack disrupted NHS pathology services, leading to over 10,000 cancelled outpatient appointments and critical care delays. Attacks against European energy providers caused operational shutdowns, highlighting vulnerabilities in critical infrastructure. The Government has made cyber resilience a national priority. Services such as healthcare, water, energy, and digital infrastructure are now too essential, and too interconnected, to remain exposed to preventable disruption. What the Bill Does: Key Changes Expands Who Falls Within Regulation The Bill significantly widens the regulatory net to reflect modern supply chain risk. This aligns the UK more closely with the EU’s NIS2 Directive, while retaining UK specific flexibility. Tougher Incident Reporting Requirements Under the new bill, businesses must notify regulators within 24 hours of a significant incident and provide a full report within 72 hours. Stronger Security Standards Organisations must maintain security measures that are: “Appropriate, proportionate, and up to date,” and Measurable against the NCSC Cyber Assessment Framework (CAF). The CAF now becomes the expected standard for demonstrating compliance. Expanded Regulator Powers Regulators (such as the ICO, Ofcom, or sector bodies) will have powers to: Designate critical suppliers. Issue enforcement notices and conduct inspections. Direct organisations to take specific actions where national security risks arise. Tougher Penalties Non‑compliance can result in fines of up to £17 million, or 4% of global annual turnover. How to Prepare Review and update incident response plans Ensure you can meet both the 24-hour initial report and 72-hour full notification requirement by incorporating reporting into your incident response plan. Strengthen supply chain assurance Assess whether you could be designated a critical supplier, or whether your suppliers could endanger your cyber readiness. Review contracts, access models, and due diligence processes. Align with the NCSC CAF Map your controls to CAF principles and identify gaps around governance, risk management, asset control, and resilience. Test resilience scenarios Conduct tabletop exercises for ransomware, data centre outages, MSP compromise, and cascading supply chain failures. Take Action Now This Bill represents a major step change in UK cyber regulation, and the expectation is clear: resilience is no longer optional. Start preparing now. Contact us today to discuss how to adapt your incident response plan to the legislative landscape. Contact Us
VMware Is Changing Their Strategy. What Does It Mean For You?
VMware Is Changing Their Strategy. What Does It Mean For You? Article Publish Date: VMware’s parent company Broadcom are shifting strategy this year. Their focus is shifting to hyperscalers and datacentres, removing the SMB and smaller enterprise products from the catalogue while enacting substantial price increases to what remains. As a loyal partner of VMware since Trustack’s founding in 2008, we’ve always taken pride in keeping our clients ahead of any critical changes that could affect their business. This latest change is among the most impactful we’ve experienced, with Broadcom shifting to an entirely new strategy forcing all VMware users to take action before their next renewal or be caught out with price increases in some cases of up to 300%. Key Changes at VMware: Essentials & Essentials Plus removed from catalogue. Standard remains in the product catalogue. However, we expect this to be removed soon and have already seen Broadcom refuse to issue new Standard licences. VMware have announced they will be selling vCloud Foundation exclusively going forward. Several thousand partners have already been removed from their partner programme, indicating a trend away from resellers. Trustack have avoided that thus far due to our longstanding relationship with VMware. What Are Your Options Going Forward? Our top recommendation is to consider Scale Computing, a hyperconverged solution which we now use internally to run a large part of Trustack. Scale Computing will not only give you cost savings but also improved efficiency and simplified management of your virtualisation solution. Alternatively, Microsoft Hyper-V is Microsoft’s virtualisation technology that integrates effectively with the Windows ecosystem. Hyper-V has the basic features you might need in a hypervisor, but it lacks some of the more advanced functionality of VMware. Finally, you can choose to remain with VMware by upgrading to vCloud Foundation, but you can expect potential cost increases of 300% on your previous renewal. To discuss what your next steps should be, contact Trustack today. Contact Us