Reflecting on 15 years

1. This month marks 15 years at Reflective IT, what does this milestone actually feel like when you say it out loud?

15 years! Honestly, it feels like a lot less, it has truly flown by. So much has happened in that time, both with the business and in my personal life. It's hard to even comprehend it all when you start to look back.

2. You spent four years living abroad in the gap between stints. Where were you, and what pulled you back to Reflective IT?

We did indeed. My wife was offered a job as a sportswear designer for Adidas, so we spent four years in the beautiful city of Nuremberg, Germany. We lived just outside the city walls, though above a bakery, next door to a nightclub and opposite a kebab shop probably wasn't the best for my health! Coming back to Reflective was easy, knowing David and Deborah personally, the door was always open for when the time was right.

Inside the day job

3. Your role spans everything from network infrastructure to cloud services. When someone at a party asks what you do, what do you actually say?

Parties… you mean the sort where 30 primary school kids are running around you?! Those are the only ones I get time for these days! Generally though, I'll say I work in IT mainly on projects, making sure all the fantastic things you don't see in the background runs well, and keeping it running for the next few years. It's a never-ending game of trying to stay one step ahead.

4. What’s a task that used to take serious time and patience when you started, but now feels almost effortless by comparison?

Spinning up a server. It used to take hours, once you'd acquired the hardware, that is, watching blue progress bars while the OS installed. Now it can be done in the time it takes me to pour a bit of latte art into my morning coffee. It's the small things that bring joy.

5. Is there a project or moment over the years that still sticks with you? Something that went brilliantly, or a hairy situation the team pulled off together?

There are always those moments when you remotely reboot a bit of kit and it teases you by not coming back online for the next 20 minutes, heart in mouth every time! Honestly though, I love the opportunity to set up a brand-new office infrastructure. Getting hands-on with new kit, rack-mounting it, getting it all configured and looking neat and pristine, that's a proper good day.

What's kept James at Reflective

6. You've watched Reflective IT grow through plenty of ups and downs. What's stayed exactly the same, and what's changed the most?

The culture has stayed the same, that's been the constant. What's changed the most is the maturity and approach to everything we do. I'd also say processes. As much as we can all hate a bit of red tape, it's there for a reason, and it's helped us achieve our ISO 9001 and 27001 accreditations.

7. If you could give your day-one self some advice about working here, what would it be?

Be confident in your own abilities, you're hired because of them.

Life beyond the inbox

8. You're dad to two pre-teens. How do they keep you grounded, or on your toes, outside of work?

They like to remind me of my age and that my dancing is embarrassing. I keep it in the back pocket though, ready to deploy on the school run when I need to embarrass them right back.

9. Piano and CrossFit is a brilliant combination, strength and dexterity in one person. Which came first, and what does each one give you that the other doesn't?

Piano is my first love; I don't think I've ever lived without one. It's the one place I can go to truly switch off and be creative, any time of day.

CrossFit is something I've started in the last 18 months, after being pestered to join by a friend and putting it off for a very long time. I can honestly say it's one of the best decisions I've made for my fitness, and now I've got the whole family involved.

10. For anyone curious about CrossFit but a bit intimidated to walk through the door, what would you tell them?

I've heard people say, "I can't join because I can't do a press-up or a pull-up yet." But once you're through the doors, you realise there's an amazing, supportive community of all abilities, from 6-year-olds to 80+, all working towards their own goals without judgement. It's initially humbling, but that only motivates you more.

What's next

11. Finally, what does the next chapter look like? At Reflective IT, on the piano, in the gym, or at home. Anything you're particularly excited about?

At Reflective, it's exciting to see the internal growth, roles being created that never existed before as we grow alongside our clients, some of whom I've known since my first stint.

On the personal side, Bank Holiday Monday brings CrossFit's annual "Murph" workout: a 1-mile run, 100 pull-ups, 200 press-ups, 300 squats, and another 1-mile run. I'm targeting sub-40 minutes this year, but with 30 degree heat forecast, it's going to be tough!

Microsoft Teams is now at the centre of how modern businesses communicate. It is where conversations happen, decisions are made, and collaboration moves quickly. That same speed and familiarity are exactly why attackers are targeting it.

Recent reports highlight a rise in impersonation attacks within Teams, where attackers pose as trusted colleagues to deceive users into handing over access or sensitive data.

These attacks are particularly dangerous because they exploit trust. Unlike traditional phishing emails, Teams messages feel immediate, familiar, and internal - making them far more likely to bypass suspicion.

What is a Microsoft Teams impersonation attack?

An impersonation attack occurs when a cybercriminal contacts a user while pretending to be someone within the organisation, often IT support, finance or leadership.

These attackers often request actions such as:

• Clicking on a malicious link
• Sharing their screen or granting remote access
• Providing login credentials or sensitive information

In real-world scenarios, attackers guide users step by step through actions such as launching remote support tools, allowing them to gain direct access to systems.

Once access is granted, the attacker can move quickly across systems, access data, and strengthen their foothold in the environment without raising immediate suspicion.

Why Microsoft Teams is becoming an attack target

Attackers are not replacing phishing. They are evolving it. Microsoft detected approximately 8.3 billion phishing emails in the first quarter of 2026 alone, showing just how active and persistent these threats still are.

As organisations have strengthened email security, attackers are shifting to channels where trust is higher and responses are quicker.

Teams is particularly attractive because:

• External users can contact internal staff
• Messages feel informal and conversational
• Users are more likely to respond quickly without verification

In many cases, attackers only need a few user-approved actions to establish a foothold and escalate their access within the Microsoft 365 environment.

What happens if an attacker gets access?

The impact of a successful Microsoft Teams impersonation attack can be signification and far-reaching. Once inside, attackers might:

• Data theft and exposure of sensitive business information
• Access to email, files, and internal systems
• Lateral movement across the organisation
• Potential full tenant compromise or ransomware-style lockouts

Microsoft has observed attackers using legitimate tools and administrative processes after gaining access, allowing them to blend into normal activity and avoid detection. In more advanced cases, this can lead to account takeover, data encryption in services like OneDrive and SharePoint, or complete system lockouts. This type of compromise can take significant time and resource to recover from, especially if attackers gain administrative access.

Key warning signs to look out for

Educating users is one of the most effective ways to reduce risk. Here are some common red flags:

• Unexpected messages from IT, finance, or senior staff
• Urgent or pressured requests to act quickly
• Requests for passwords, MFA codes, or screen sharing
• External accounts (often labelled “External”) posing as internal users
• Links or attachments that seem unusual or out of context

Remember: attackers rely on speed, urgency and familiarity. If something feels off, it is worth stopping and checking.

How to protect your organisation

Protecting against Microsoft Teams impersonation attacks requires a layered approach combining technology, configuration, and user awareness:

• Restrict or carefully manage external Teams access
• Implement strong identity protections such as MFA
• Deploy Microsoft Defender for Office 365 / XDR for visibility
• Provide regular security awareness training for staff
• Encourage a “verify before you trust” culture for all requests

Organisations must treat Microsoft 365 as critical infrastructure, with the same level of governance and protection as any core business system.

How Reflective IT Can Help

If someone on Teams asks for access, credentials or urgent action, stop and verify the request through another channel. Trust should never replace verification.

Need help reviewing your Microsoft 365 security or understanding how exposed your organisation is? Speak to our team.

📞020 3820 1080 | 📧 support@reflectiveit.com

Why this Bill matters for businesses

The UK Government introduced the Cyber Security and Resilience Bill in November 2025, and it is still moving through Parliament. Even before it becomes law, the official summary of the Bill and the Parliament tracker show a clear direction of travel: expectations around cyber resilience, incident reporting, and governance are rising.

For business leaders, this is not just an IT issue. It affects customer trust, supplier assurance, regulatory readiness, and how confident your organisation would be during a serious incident.

What will change under the Bill?

1. More UK organisations could fall into scope

The Bill is expected to bring more organisations into scope, including some data centres, managed service providers, and critical suppliers. The Government's futureproofing factsheet points to a broader and more adaptable framework. The practical point is simple: even if you are outside regulation today, that may not remain the case.
That is why the idea of a critical supplier matters. If your services support essential operations, customers and regulators may expect stronger cyber resilience before the law applies directly to you.

What this means for MSPs and outsourced IT provides

For the first time, many managed service providers will be brought into direct regulatory scope as “relevant managed service providers”. This reflects a simple reality. MSPs often have deep, trusted access into client systems, which creates a “one-to-many” risk if they are compromised.

For businesses, this changes the conversation. Choosing an IT provider is no longer just about service or cost. It is a security and risk decision.

2. Cyber incident reporting requirements are becoming stricter

Incident reporting is also set to become more demanding. The Government's incident reporting factsheet highlights the pressure of faster reporting expectations. For leadership teams, a 24-hour reporting window means roles, escalation paths, evidence gathering, and communications need to be clear before an incident happens.

Reporting is expanding beyond “disruption”

The direction of travel is also broader than outages. More types of cyber incidents are expected to be reportable, including activity that could lead to disruption, not just incidents that already have.

The model points toward:

• Early notification within 24 hours
• A fuller report within 72 hours
• Greater visibility for regulators and the NCSC

This raises the bar. It is no longer just about having an incident response plan, but being able to execute it quickly under pressure.

3. Boards will face stronger regulatory pressure

Boards should also expect more regulatory pressure. The real issue is not just potential fines. It is whether your organisation can show that cyber risk is being managed in a structured and defensible way.

Why it matters even if you are not directly in scope

Even if your business is not directly regulated under the Bill, the commercial impact may still reach you early. Customers, insurers, and larger partners are likely to raise expectations around cyber resilience, supplier assurance, and incident readiness. The Government's information sharing factsheet also points to a broader shift toward resilience across the wider ecosystem.

• Cyber security requirements becoming more common in contracts and tenders
• Supplier assurance checks becoming a more routine part of buying decisions
• Baseline controls such as Cyber Essentials, MFA, and response planning becoming expected
• Buyers favouring suppliers who can clearly demonstrate cyber resilience

In other words, this is becoming a competitive and trust issue, not just a compliance issue.

What business leaders should do now

That is why this should move from awareness to action. Whether or not you are directly in scope, now is the time for business leaders and IT teams to review cyber resilience, supply chain exposure, and leadership readiness.

• Run a cyber security review. Identify what data you hold, where it lives, and who has access.
• Check your backups, MFA coverage, and access controls. This is the foundation everything else builds on.
• Assess your scope and supply chain exposure. If you're a managed service provider, data centre, or supplier to regulated industries, conduct a gap analysis against the NCSC's Cyber Assessment Framework now.
• Make cyber a board-level conversation. Assign clear executive responsibility for cyber resilience. Update your incident response plan with the 24-hour reporting clock in mind.

What is Secure Boot and Why it Matters

Secure Boot is a core Windows security feature that validates the integrity of a device during start-up. Its role is to ensure that only trusted and approved components are allowed to run before Windows fully loads. This early stage of start-up is critical.

Threats that operate at boot level:

• Run before antivirus and endpoint detection tools are active
• Are harder to detect once the system is live
• Can maintain persistence even after remediation steps

Secure Boot creates the foundation of trust that every other security control depends on. If that foundation weakens, higher‑level protections become easier to bypass.

What is Changing in 2026?

Many Windows devices in business environments still rely on Secure Boot certificates issued in 2011. Microsoft has confirmed that these certificates will begin expiring in June 2026.

When this happens:

• Devices will continue to start as normal
• New early‑boot security protections may no longer apply
• Microsoft will be unable to enforce certain protections at the earliest stage of start-up

Over time, this places devices into a weakened security posture without obvious warning signs. For organisations with mixed hardware estates or long device refresh cycles, this risk can quietly grow.

Microsoft Defender’s Secure Boot Assessment

To support this transition, Microsoft Defender now includes a Secure Boot certificate readiness assessment.

This allows organisations to:

1. Identify devices still relying on older Secure Boot certificates
2. Confirm which systems are already compliant
3. Flag devices where Secure Boot is disabled or unsupported

By surfacing this information centrally, Secure Boot is no longer just a firmware‑level concern. It becomes part of your wider security posture and risk management approach.

Why This Matters for SMEs and Medium‑Sized Enterprises

This change does not only affect large enterprises. Many SMEs and mid‑market organisations face increased exposure because:

• Devices are refreshed at different times
• Firmware updates are rarely reviewed
• Security tooling focuses on the operating system and above
• Boot‑level protections are assumed to be functioning correctly

Attackers actively exploit these assumptions. Threats that operate below the operating system are designed to bypass traditional endpoint controls, making them particularly effective in environments with limited visibility into foundational security layers.

AI Is Now Part of Daily Business Operations

AI is no longer limited to specialist teams or experimental projects. It is increasingly built into the tools people already use, from email and collaboration platforms to reporting, customer support, and security systems.

Common examples of AI in everyday business life now include:

• Automated document drafting and summarisation
• AI assisted data analysis and reporting
• Intelligent assistants embedded in productivity platforms
• AI supported security monitoring and threat detection

For many organisations, AI adoption has happened gradually and often without a clearly defined strategy. That convenience brings value, but it also introduces new considerations around governance, security, and visibility.

Productivity Gains Come with New Risks

AI can significantly improve efficiency and decision making, but it also changes how information flows through a business.

Key areas organisations should be paying attention to include:

• Data handling and access - understanding what data AI tools can see and use
• Accuracy and trust - ensuring outputs are reviewed and validated, not treated as fact
• Security exposure - recognising that AI tools can become new attack surfaces
• User behaviour - avoiding over reliance on AI without proper oversight

AI does not introduce risk on its own. Risk comes from how it is deployed, where it is integrated, and whether it is monitored properly.

What Businesses Should Be Looking Out For

As AI becomes more deeply embedded into daily workflows, there are some practical areas that deserve attention.

1. Uncontrolled AI usage
   Teams may start using AI features or third party tools without clear guidelines, creating blind spots around data usage and security.
2. Poor visibility into AI driven activity
   AI systems often operate quietly. Without monitoring, unusual behaviour or misuse can go unnoticed.
3. Increased reliance on automated decisions
   AI can support decision making, but organisations still need accountability, review processes, and human oversight.
4. Expanding attack surface
   As AI is integrated into more systems, it becomes another area attackers may attempt to exploit, particularly if access controls are weak.

AI Needs Governance, Not Just Adoption

One of the biggest mistakes organisations make with AI is treating it as a standalone tool rather than part of their wider IT and security environment.

Effective AI use requires:

• Clear policies around usage and access
• Alignment with existing security controls
• Ongoing visibility into how AI features are used
• The ability to respond quickly if something does not look right

Without these, AI can introduce unnecessary complexity and risk rather than delivering long term value.

How Reflective IT Can Help

At Reflective IT, we help organisations integrate and manage modern technologies, including AI, in a way that is secure, controlled, and aligned with business objectives.

By combining proactive managed IT services with continuous security monitoring through our UK based Security Operations Centre (SOC), we help businesses gain visibility across their environments, understand how AI enabled tools are being used, and respond quickly when risks or issues arise.

This approach ensures AI supports productivity and innovation without compromising security, governance, or operational resilience.

If you would like to discuss how AI fits into your IT environment, or how to manage the risks alongside the benefits, speak to our team.

📞 0207 317 4535 | 📧 support@reflectiveit.com

Teams Has Quietly Become Business Critical

Teams now sits at the centre of communication, file sharing, and collaboration. That convenience is exactly what makes it attractive to attackers.

Messages feel informal. Files are shared quickly. Links are clicked with less scrutiny than email. Trust is high, which is often where phishing and malware succeed.
Microsoft has clearly acknowledged this shift and is moving Teams towards a more secure by default model, reducing reliance on users spotting threats on their own.

Security Changes You Might Not Notice, But Should Understand

Many of the most important Teams updates focus on quietly reducing risk rather than adding visible new features.

These include:

• Blocking high risk file types commonly used to spread malware
• Real time link scanning in chats and channels using Microsoft threat intelligence
• Clear security warnings when content appears suspicious
• Improved reporting options so suspicious activity can be flagged quickly

The aim is simple: close the gaps attackers exploit inside trusted collaboration spaces.

Everyday Teams Activity Can Introduce Risk

Even with stronger defaults, how Teams is used still plays a major role in security. Phishing attacks now routinely originate inside collaboration tools because messages feel familiar and safe.

Top Tips: How to Avoid Phishing in Microsoft Teams

1. Treat unexpected links with the same caution as email
   Just because a link appears in Teams does not mean it is safe. If it is unexpected, urgent, or asks you to sign in, take a moment to verify it before clicking.
2. Be cautious with files shared in chats and channels
   Teams can feel safer than email, which is why file based attacks spread easily. Stick to familiar file types and avoid opening files you were not expecting, even if they come from someone you know.
3. Watch out for urgency and pressure
   Messages designed to rush you, such as “quick check” or “need this now”, are common phishing tactics. Pausing for a moment is often enough to prevent a mistake.
4. Check the context, not just the sender’s name
   Compromised accounts are a common entry point. If a message feels unusual for the sender, it is worth double checking before taking action.
5. Report suspicious messages early
   Teams includes options to report suspicious content. Early reporting helps limit the spread and allows issues to be investigated quickly.

Why Secure by Default Still Needs Oversight

Microsoft strengthening default protections is a positive step, but it does not remove the need for ongoing oversight.

Teams environments grow organically. Channels are added, guests are invited, integrations are enabled, and usage changes over time. Without visibility, risk builds quietly in the background.

While user awareness is important, visibility and monitoring across Microsoft Teams play a critical role in identifying suspicious activity early.

What Has the FCA Changed?

The FCA has acknowledged that incident reporting across the industry has not always been consistent. Firms have called for clearer guidance on what should be reported, when it should be reported, and what level of information is required.

In response, the FCA has introduced more structured and consistent rules covering:

• Operational incident reporting, including cyber attacks and technology outages.
• Third party reporting, where disruption originates from suppliers or service providers.

To reduce complexity, the reporting framework has been streamlined and aligned with the Prudential Regulation Authority (PRA) and the Bank of England. This includes a single reporting portal, clearer thresholds, and simplified reporting expectations for most firms.

Why Third Party Risk Is Central to the Update

One of the key drivers behind the new rules is the increasing role of third parties in cyber incidents.

The FCA has confirmed that over 40% of cyber incidents reported in 2025 involved a third party provider, highlighting how often disruption sits outside a firm’s direct control.

Recent high profile outages affecting major cloud and infrastructure providers have reinforced this point. Even organisations with strong internal controls can be impacted when a critical supplier experiences an incident.

The FCA’s position reflects a clear shift in regulatory thinking. Operational resilience is no longer assessed solely on internal systems. It now extends across the entire technology and supplier ecosystem that supports business operations.

Why This Matters Beyond Regulated Firms

Although these rules are aimed at FCA regulated organisations, the principles behind them apply to almost every modern business.

Most UK organisations now rely on:

• Cloud platforms such as Microsoft 365 and Azure
• Managed IT and cyber security providers
• Software as a service (SaaS) applications
• External suppliers with system or data access

When incidents occur in these environments, the impact can be immediate. Without clear monitoring and response processes in place, organisations may struggle to detect issues early or fully understand their scope and impact.

The FCA’s update reinforces an expectation that organisations understand where their risks sit, can identify disruption quickly, and are prepared to respond, even when the issue originates outside their own network.

Operational Resilience Depends on Visibility and Response

Modern cyber incidents are not always obvious. Many begin quietly through trusted access, misused permissions, or supplier systems rather than overt attacks.

Without continuous visibility and a defined incident response approach, organisations may find it difficult to:

• Detect incidents early
• Assess their scope and potential impact
• Respond confidently under pressure
• Meet governance, audit, or reporting expectations

This is why regulators are increasingly prioritising operational resilience, not just preventative security controls.

Account Management

For AMs, ISO9001 puts structure, clarity, and consistency behind every client relationship. Documented processes, service reviews, and feedback loops mean fewer surprises, faster issue resolution, and stronger trust from customers. ISO9001’s focus on continual improvement helps AMs demonstrate proactive value, reduce escalations, and maintain long‑term relationships that grow revenue and strengthen retention.

Management

ISO9001 gives leadership a strategic operating framework that improves governance, transparency, and data‑driven decision making. It eliminates ambiguity across departments, aligns objectives, and ensures everyone is working to the same quality standards. This creates scalability, reduces organisational risk, and proves to clients and auditors that Reflective IT is a well‑run, continuously improving MSP. ISO9001 helps management build a predictable, efficient, and mature operational culture.

Service Desk

ISO9001 transforms the Service Desk from reactive to consistently reliable. Standardised triage, escalation paths, and documentation improve first‑time fix rates and reduce rework. With clear procedures and better knowledge capture, the team delivers faster, more consistent support — which boosts customer satisfaction and reduces ticket noise. ISO9001 also improves training, ensuring new analysts ramp up faster and deliver to the same high standard as the rest of the team.

Engineering

Engineering benefits from ISO9001 through controlled, repeatable technical processes. Standardised change management, deployment procedures, and testing reduce failure rates and improve stability. Engineers spend less time firefighting and more time delivering quality work. ISO9001 also boosts cross‑team alignment by requiring accurate documentation and knowledge sharing, reducing dependency on “tribal knowledge” and improving the resilience of the engineering function.

Cyber Security

ISO9001 supports Cyber Security by enforcing consistent controls, documentation discipline, and risk‑based thinking across the whole business. It reduces gaps caused by inconsistent practices and strengthens the link between security, quality, and operational outcomes. With ISO9001, Cyber has clearer evidence trails, stronger incident handling processes, and improved collaboration with engineering and the service desk — all of which support audit readiness and enhance client trust in our security posture.

Reflective IT Solutions is delighted to announce the acquisition of SecureDesk, a Buckinghamshire‑based managed IT services and cyber security consultancy. This strategic integration marks a major milestone for both organisations and reinforces Reflective IT’s commitment to delivering exceptional service, deeper expertise, and enhanced capability to clients across the UK.

Strengthening capabilities for a more secure, more supported future
with SecureDesk joining the Reflective IT family, the combined business brings together an even broader portfolio of services across managed IT support, cyber security, cloud services, and consultancy. This enhanced capability means that existing clients of both organisations will now benefit from more resources, more specialists, and more hands‑on support than ever before.

CEO Perspectives on the Partnership:

Simon Neal, Managing Director of SecureDesk, shares his excitement about the strategic partnership:

We’re delighted to be entering a strategic partnership with Reflective IT. This partnership will allow us to further enhance our service offering while maintaining the friendly, personal connections our clients know and trust. Reflective IT’s strong customer‑first approach made them a natural fit, and we’re excited about what we can accomplish together.

David Hartup, Managing Director of Reflective IT Solutions, adds:

Reflective IT Solutions is a leading provider of IT Support in London, offering a wide range of award‑winning services including outsourced IT support, remote support, managed services, IT consultancy, IT infrastructure, IT security (including GDPR consultancy), and cloud computing solutions.

About SecureDesk

SecureDesk is a Buckinghamshire‑based managed IT services and cyber security consultancy supporting SMEs with proactive IT support, cloud‑focused solutions, and long‑term client partnerships built on practicality, trust, and expertise.

Reflective IT Tip

This partnership strengthens both day‑to‑day IT support and long‑term technology strategy. Clients now benefit from a larger team proactively monitoring systems, preventing issues before they arise, and delivering faster resolutions when they do. With combined expertise across cyber security, cloud and managed services, your organisation gains a more resilient, future‑proof IT foundation.

Interested to Know More?

Contact Reflective IT today to assess your readiness for cyber insurance and strengthen your cybersecurity posture.