April was a strong month. Your team experienced minimal IT disruption — 94% of issues were resolved inside your agreed 4-hour window, and there were no outages or data loss events. The office expansion completed mid-April added 7 new workstations, all of which were provisioned, patched, and secured before go-live.
We identified and patched a critical Windows vulnerability (CVE-2026-26809) across all 62 endpoints within 18 hours of its disclosure — before any active exploitation was publicly recorded. Separately, a credential-stuffing attempt against two Hartwell email accounts on April 19 was blocked by MFA. Neither account was compromised.
"Ticket volume is down 18% over three months. Fewer things are breaking because we're preventing more — not just responding faster."
One item needs attention before Q3: four workstations in the Chicago office are running Windows 10 on hardware manufactured in 2019. Microsoft ends support in October 2026. We recommend planning replacements now. Full details in the recommendations section.
Connectivity tickets in Chicago (10 this month, 7 last month) are clustering around the conference room switch. We are monitoring and will recommend a replacement if the pattern continues in May.
| Location | Devices | Patch compliance | AV status | Disk health | Status |
|---|---|---|---|---|---|
| New York HQ | 38 | 38 / 38 (100%) | Active — all | No alerts | Healthy |
| Chicago Office | 18 | 16 / 18 (89%) | Active — all | No alerts | Review |
| Remote users | 6 | 6 / 6 (100%) | Active — all | No alerts | Healthy |
2 devices missed the April 14 patch cycle (office was offline). Rescheduled for May 3. No known active exploits target the outstanding patches. We will confirm completion in next month's report.
| Threat type | Count | Outcome |
|---|---|---|
| Phishing emails | 28 | All blocked |
| Malware attempts | 7 | All blocked |
| Credential stuffing | 3 | Blocked by MFA |
| CVE-2026-26809 | — | Proactive patch |
Credential-stuffing attempt detected against 2 email accounts from Eastern European IP ranges. Both blocked by MFA. Passwords reset as precaution. No further activity in the following 11 days.
Four Chicago workstations are running Windows 10 on 2019-era hardware. Microsoft ends Windows 10 support in October 2026 — after that date, no security patches will be issued. We recommend ordering replacements in May to allow time for provisioning and migration before the deadline. Estimated cost: $4,800–$6,400. We can manage procurement and deployment.
Storage is at 61% utilisation and growing at approximately 200 GB per month. At this rate you will reach the 70% warning threshold in 4–5 months. Adding 4 TB now avoids emergency procurement and provides approximately 20 months of additional runway. We can quote options at your next check-in.
Phishing attempts against your domain increased from 19 in March to 28 in April — a 47% rise. All were blocked. However, user awareness training significantly reduces risk exposure, particularly for staff joining from the April office expansion. We recommend a 45-minute session for all 47 employees. We can coordinate scheduling with your HR team.