There exists a subtler and potentially more damaging danger lurking in your business – the insider threat.

Insider threats are one of the most serious and costly cybersecurity risks for any organisation. This phenomenon involves individuals exploiting their privileged access to compromise security from within.

 An insider threat could be a current or former employee, consultant, board member, business partner, or third-parties, and could be intentional, unintentional, or malicious.

Insider threats can cause various types of harm, such as data loss, data leakage, unauthorised information disclosure, corruption, espionage, sabotage, terrorism, degradation of resources, and malware or ransomware attacks.

The 2023 Insider Threat Report by Cybersecurity Insiders states that 74% of organisations are at least moderately vulnerable to insider threats. The 2022 Cost of Insider Threats Global Report from Ponemon Institute reveals that insider threat incidents have risen 44% over the past two years, with costs per incident up more than a third to $15.38 million.

Types of insider threat

Intentional Insider threats

An intentional insider threat occurs when an individual sets out to purposely cause harm to the organisation. This often happens because they want to get even with a company over a lack of recognition or a failure to meet expectations, such as not receiving a desired bonus or promotion. Their actions could include:

Unintentional Insider threats

This happens because of employee error or negligence.

Third-party Threats

A third-party threat is typically a business partner or contractor that compromises an organisation’s security. An excellent example is how cost low-code platform provider Pegasystems were told to pay $2.036 billion in damages for trade secret misappropriation to the detriment of coding automation company. Pegasystems had hired an employee of a government contractor to spy on Appian to learn how to better compete against its rival.

Seven ways to mitigate insider threats

  1. Access control and segmentation: Adhere to the principle of least privilege by granting employees only the necessary access. Implement network segmentation to curtail lateral movement and contain breaches if they occur.
  2. Monitor behaviours: Use technology to establish baseline patterns and identify anomalies, such as excessive data access or login activities from unfamiliar locations, triggering alerts for further investigation.
  3. Training and Awareness: Regularly educate employees about the nuances of insider threats, the tactics employed in social engineering, and the importance of adhering to established security protocols and policies.
  4. Data Loss Prevention (DLP): Deploy DLP tools to monitor and control the movement of sensitive data, both within and outside the organisation. Prevent unauthorised sharing with mandatory controls at file level.
  5. Exit Procedures: Have clear and written policies on roles and responsibilities when an employee leaves or a contractor is terminated.  Access should be revoked immediately. Any corporate device should be collected.
  6. Third-party management: The same stringent security standards should apply to third-party vendors and contractors, and closely monitor their activities when they access your systems to minimise potential vulnerabilities.
  7. Encryption and Data Protection: Data should always be encrypted at rest and in transit.

The potential ramifications of insider breaches underscore the significance of adopting a comprehensive security approach. While technological solutions play a pivotal role, security awareness, clear policies, and employee training are equally vital.

19 January 2024 – Leading cloud, infrastructure, and cybersecurity provider BMIT Technologies plc today announced the appointment of two seasoned professionals to key executive roles. The new appointments reflect the company’s ongoing journey as it transforms into leading hybrid IT solutions provider and consolidates its position as Malta’s leading managed services provider.

Sean Cohen has assumed the role of Chief Officer Customer Delivery and Support Services. Formerly the Head of Technical Operations at BMIT, he brings over a decade of expertise in delivering and managing intricate customer IT solutions. In his new capacity, he will lead BMIT’s Enterprise Solutions team, with an enhanced focus on cloud and managed services, along with the implementation of advanced cybersecurity solutions.

Alan Camilleri has been appointed Chief Officer Tower Operations. With a rich background in telecommunications and experience in commercial, digital, and operational roles, he joins BMIT from GO plc. His responsibilities will encompass overseeing BMIT’s recent investment in passive mobile infrastructure and exploring potential markets for further growth.

BMIT CEO Christian Sammut expressed his enthusiasm for the appointments, stating, “I would like to welcome Sean and Alan to BMIT’s executive team. Sean’s appointment consolidates the pivotal role he has had at BMIT for many years and will help drive our cybersecurity business, building upon the sterling work he is already doing with us. Alan’s appointment at BMIT marks the completion of Project Sky, undertaken last year. He will lead our Tower Operations business and explore new opportunities for further development.”

“As we continue to transform BMIT into a leading hybrid IT solutions provider and expand our service portfolio, particularly in cybersecurity, these two appointments bring considerable experience and expertise to our executive team. I am confident that they will play a crucial role in BMIT's ongoing growth and transformation,” Sammut added.

About BMIT Technologies plc 

BMIT Technologies plc is a technology company providing infrastructure, hybrid cloud solutions, and advisory, implementation, and management services. The company helps design, build, modernise and manage the systems that clients rely on for growth, security, and success. By applying our extensive expertise, experience, and excellence we enhance customer experience, provide true value, and increase efficiency. Backed by a robust and trusted organisation, best-in-class infrastructure and a talented team of experts across various technology platforms, BMIT Technologies offers an unparalleled technology experience to any business.

BMIT has embarked on a journey of transformation, expanding its role from the leading data centre and Cloud provider to cybersecurity solutions and managed services provider.

In the realm of cybersecurity, being a managed service provider (MSP) means more than just solutions and services; it's about providing guidance, fostering understanding of an ever-evolving digital landscape and helping businesses to base their buying decisions on solid advice – and knowledge.

For this reason, BMIT has launched 'Hybrid Horizons’, a podcast designed not only to occasionally talk about the new stuff the company brings to the marketplace but more importantly, to extend the conversation to topics that are of interest to businesses and those working with and in technology.

Why 'Hybrid Horizons'?

Cybersecurity is more than a set of tools; it calls for ongoing dialogue. 'Hybrid Horizons' extends the conversation beyond conventional security measures. It's about bringing you practical insights, unravelling complexities, and discussing topics that are usually only discussed at conferences or dedicated events.

The podcast will feature subject matter experts from BMIT, but the aim is to feature local and international experts who can provide unique insights on diverse topics in their field.

From understanding the basics to navigating the latest threats, we will be talking to experts from global vendors like Microsoft, Veeam and so on.

We also want to keep it simple. Discussions will revolve around actionable steps, proactive defence, and how to adapt to the evolving threat landscape.

The first Episodes

Episode 1: Cybersecurity Awareness

Delve into the essentials of cybersecurity awareness, exploring practical steps to secure your digital presence. BMIT’s Ivan Galea discusses the evolution of cyber threats, from DDoS attacks to phishing and ransomware.

Episode 2: Decrypting Microsoft's Latest Security Report

A practical breakdown of Microsoft's latest security report, offering insights and strategies derived from industry analysis by Microsoft’s security specialist Nikola Begovic.

Episode 3: Quantum Cybersecurity

We sit down with Professor Andre Xuereb to discuss the impact of quantum computing on cybersecurity, how our approaches to encryption are changing and the role of the EU-funded PRISM in creating secure communication channels.

You can listen to the podcast on Spotify or Apple Podcasts. Episodes are not longer than 30 minutes, perfect for your morning commute!

I hope you find ‘Hybrid Horizons’ interesting!

Black Friday and Cyber Monday are the busiest shopping days of the year. According to Bitdefender, consumers spent $9 billion online last year, up by 22% on 2021. In 2022, Cyber Monday generated a whopping $11.3 billion in revenue alone.

Unfortunately, the boom in retail business comes with a matching risk: cybercrime.

Cybercriminals, consistently active throughout the year, intensify their efforts on these two days, capitalizing on individuals' pursuit of limited-time offers and discounted prices across a myriad of products.

Customers get a kick out of securing a bargain and they don’t want to miss out on a good deal. While they may overspend or buy stuff they hadn’t planned, they also tend to lower their guard when shopping online, especially with fantastic deals appearing in their inbox (especially when they are at work).

Cybercriminals make the most of this behaviour by launching various cyberattacks, including phishing campaigns, ransomware attacks, Magecart/E-skimming, supply chain attacks, fake DDoS verification pages and the always-present malware exploiting software vulnerabilities.

Cybercriminals use a customer’s sense of urgency and fear of missing out (FOMO) to deceive them into clicking on malicious links or sharing personal information.

Raising cybersecurity awareness is crucial well before Black Friday and Cyber Monday, both from the customer's perspective and the cybercriminal's point of view.

Heightened emotions and urgency can lead to impulsive decisions and increased vulnerability to scams and fraud - falling victim to phishing attacks, counterfeit websites, or identity theft, leading to financial losses and emotional distress.

For cybercriminals, every individual is a target, even more so if they are using business devices to buy stuff. They know that people check their personal email at work and are willing to click on a link or attachment in an email because the offer is just too good to be true.

If you own a business, it pays to step up security awareness efforts before this shopping spree weekend. Employees may use their own devices, but most organisations do not mind them checking out websites or email on company devices when they are on their lunch break, for example (every business should have an Acceptable Use Policy).

Most IT teams will be aware of these risks and take the necessary steps to mitigate the risk. Some businesses, however, do not have someone focusing on security so a helping reminder would not be amiss.

Here are some things worth reviewing:

  1. Update your software and systems. If employee PCs have not been updated in a while, it’s time to do so. Unpatched software and systems are a major risk.
  2. Backup your data. When was the last time you backed up your data? If you have backups, when did you last test them? The last thing you want is a ransomware attack and no backups from which you can recover your data.
  3. Train your staff. Send a memo to all your employees on how to spot and avoid phishing emails, malicious links, fake websites, and other online scams. Remind them to use strong passwords, avoid public Wi-Fi, and report any suspicious activity or incident.
  4. Monitor your network. Keep a vigilant eye on network activities to detect any unusual or malicious behaviour, including unauthorised access, denial-of-service attacks, or data exfiltration.
  5. Implement multi-factor authentication. Multi-factor authentication (MFA) is a security measure that will stop most phishing attacks but beware of MFA fatigue.
  6. Review your policies and procedures. Do your employees know what to do if they do the unthinkable and fall for a phishing scam or ransomware attack? You need to have clear and updated policies and procedures for cybersecurity.
  7. Find an IT partner. If you don't have the resources or expertise to handle cybersecurity on your own, find a trusted cybersecurity partner who can help.

Cybersecurity is a challenge for every organisation. An attack will happen one day. Is your business prepared to deflect that attack? If the answer is no, it is time to take the right steps to correct your security posture.

The cost of not doing anything more often than not results in crippling consequences. Reach out to us using the form below and one of our experts will answer any questions you may have.

More and more business leaders are recognising the importance of cybersecurity. They are also acknowledging that a strong first line of defence, starting with their employees, can considerably reduce the risk of a breach or data leakage.

However, achieving this requires employees to be well-informed and proficient in identifying and mitigating cyber threats.

While certain businesses do provide rudimentary training, there exists a distinct necessity for comprehensive, continuous, and customised training programmes for employees. This is precisely why BMIT Technologies has launched the BMIT Cybersecurity Awareness Programme catering to businesses of all sizes and industries.

BMIT handles all aspects of security awareness, from configuration to management. This lets you focus on your core business tasks while BMIT helps your employees safeguard the digital environment. 

Christian Sammut, CEO at BMIT, emphasises, "Cybersecurity awareness among employees, encompassing the ability to identify and address cyber threats, constitutes a pivotal element within nearly every security framework and standard.

“We recognise that a single breach or ransomware attack possesses the potential to incapacitate a business. Often, it merely takes a single click on a link or attachment. If our awareness training can avert such incidents, we consider our objective accomplished – aiding businesses in securing their systems and safeguarding their data against cyber threats.”

BMIT’s Security Awareness Programme:

You can find more information about our security awareness programme here. Fill in the below form to set up a discovery meeting with one of our business technology advisors and learn more about your business and training needs. Start educating your employees today!

The Cybersecurity Imperative: Securing Business, Safeguarding Profit conference, organised by BMIT as part of its activities around Cybersecurity Awareness Month, was a remarkable success!

The very well-attended event provided attendees valuable insights into the critical role of cybersecurity in today's business landscape. Let me summarise some of the key takeaways and highlights from the presentations and panel discussion at the end.

1. The Growing Cybersecurity Threat Landscape

One of the central themes of the conference was the ever evolving and expanding cybersecurity threat landscape. Businesses today are under constant threat from a multitude of cyber attacks, ranging from ransomware to sophisticated state-sponsored attacks. The consensus was clear: cybersecurity is no longer optional; it's an imperative. Even more worrying is that, as cybersecurity expert Lisa Forte explained, ransomware groups are run like businesses. At the end of the day, commented Nikola Begovic from Microsoft, it’s all about the money.

2. The Cost of Cyberattacks

Several presentations also highlighted the significant financial and reputational costs associated with cyberattacks. Cyber incidents can result in not only immediate financial losses but also long-term damage to a company's reputation, customer trust, and shareholder value. The price of inadequate cybersecurity can be devastating.

3. The Role of Artificial Intelligence and Machine Learning

In the age of cyber warfare, advanced technologies like Artificial Intelligence (AI) and Machine Learning (ML) are playing a pivotal role in identifying and mitigating cyber threats. Lisa Forte and Nikola Bregovic agreed that AI was not that much of a threat because criminals and hackers were doing just fine with toolset they had. However, as Gordon Bezzina, BMIT’s CTO explained, AI and ML had the potential to assist security teams when it came to detecting and responding to threats more quickly and accurately than ever before. These technologies are not just tools but integral components of a modern cybersecurity strategy. Nikola said that automation, using AI, will be very important for cybersecurity experts, even more so as companies struggle to find skilled cybersecurity resources. Thanks to the integration of AI in existing security technologies, security teams would be able to analyse large volumes of log data, for example, and react must faster to threats and events.

4. Importance of Employee Training

Conference attendees were reminded that human error is still a significant factor in many cyber incidents. Several presentations emphasised the importance of ongoing employee training and awareness programmes to build a strong human firewall. Companies should invest in educating their employees about cybersecurity best practices. Sean Cohen, Head of Tech Operations at BMIT, spoke about the human threat vs the human element and how, through education, breaches and cyber attacks could be prevented. Instilling a security culture throughout an organisation was important and employees needed to speak up as quickly as possible if they made a mistake.

5. Planning is key

Patricio Cerda from Veeam addressed a very important aspect of cybersecurity that many businesses don’t give a lot of attention too – disaster and recovery planning. What happens when your business is attacked and there is a breach or data leakage? Patrick explained how an attack is inevitable at some point and therefore it was critical for businesses to plan ahead. He spoke about disaster recovery, backup strategies and common sense, like not keeping all your data on one media or in the same location.

6. Developing much needed resources

Katia Bonello set the scene at the beginning by looking at the Maltese cybersecurity ecosystem and what the country is doing, through the National Cybersecurity Coordination Centre (NCC) to fight apathy and a lack of appetite among businesses to invest in cybersecurity. During the panel discussion, NCC analyst Martina Bonanna, spoke about the challenges and the NCC’s work with other NCCs in Europe. She spoke about the various initiatives to educate and encourage young people to take up a career in security. Gordon Bezzina, commented on the global skills shortage in cybersecurity, pointing out that the shortage was being felt across the industry not only for security roles but in other areas of IT.

7. The local scene

The panel session provided a platform to discuss some of the issues impacting local businesses and the state of cybersecurity awareness among local enterprise. Dr Marthese Portelli, CEO of the Malta Chamber, did not mince her words when describing local attitudes towards security and digitalisation in general. She emphasised that funding was available and encouraged businesses to take up these opportunities to invest where it was needed. If not, local businesses, risked falling behind, further putting their operations at risk.

The Cybersecurity Imperative: Securing Business, Safeguarding Profits conference brought together professionals and experts from diverse backgrounds to address the critical issues surrounding cybersecurity. Cybersecurity is no longer just an IT department’s issue; it's a fundamental business issue. Protecting our businesses and safeguarding profits requires a proactive approach to security, the right technologies, and a well-informed and prepared workforce.

The key points covered in the conference highlighted the urgency and importance of cybersecurity in the modern business landscape. To ensure your organisation's resilience and profitability, it’s crucial to implement a robust cybersecurity strategy, stay informed about evolving threats, and foster a culture of security.

The Cybersecurity Imperative is more critical than ever, and it's a responsibility we all share in safeguarding our businesses and profits in the digital age!

The importance of cybersecurity has grown exponentially. As individuals, businesses, and organisations we have become increasingly reliant on digital tools and platforms, however the risks associated with cyber threats have intensified as well. The first line of defence against these threats is not a matter of implementing security solutions alone, but rather a well-informed and vigilant human element.

According to Expert Insights, almost 90% of data breaches are not caused by cyber-attacks or hackers. They are caused by simple human error. So, in a business landscape riddled with phishing attacks, ransomware incidents, and data breaches, it's no longer enough to entrust security solely to IT departments and cybersecurity tools. However, when an organisation creates a culture of security awareness, both within the company and among its employees, the chances of a successful cyber-attack happening can be greatly reduced.

A security awareness programme can act as a shield against cyber-attacks by equipping employees with the knowledge and skills they need to deal with potential threats.

What are the concerns that need to be addressed?

The essence of Security Awareness Programmes

At the heart of any robust cybersecurity strategy lies a comprehensive security awareness programme. Such programmes are designed to educate and empower employees to recognise, respond to, and prevent security threats effectively. They serve as an essential bridge between your organisation’s cybersecurity policies and the end-users who interact with systems and data daily.

Security awareness programmes encompass a range of activities aimed at fostering a security-conscious culture within the organisation. These include online courses, quizzes, tests, and simulated phishing campaigns, all of which cover a wide spectrum of cybersecurity topics. From the basics of identifying phishing emails to best practices for creating strong passwords and safeguarding sensitive information, these programmes ensure that employees are well-versed in the essentials of cybersecurity.

Customisation is an important feature

When you choose a security awareness programme it should be unique to your organisation. One-size-fits-all approaches on their own rarely yield the desired results. To truly engage employees and foster a sense of ownership in cybersecurity, you need to tailor the programme to suit your organisation’s industry, culture, and specific needs. If the content is relevant and relatable, employees will pay attention and you’ll have succeeded in driving home the importance of their role in protecting sensitive information.

Continuous learning and adaptation

A security awareness programme should be a living, breathing entity. Regular updates are essential to ensure that employees are equipped with the latest information about emerging threats and best practices. This not only keeps their knowledge current but also demonstrates the business’s commitment to their ongoing development in the realm of cybersecurity.

Data-driven insights for targeted learning

An effective security awareness programme should offer insights into the strengths and weaknesses of your employees’ cybersecurity awareness. Data and analytics play a pivotal role in identifying high-risk users who might inadvertently open the door to a potential data breach. Armed with this information, administrators can provide targeted assistance and training to those who need it most, thereby creating a stronger line of defence against cyber threats.

Align with the business’s goals

If you want to have a lasting impact, whichever programme you choose must be closely aligned with your overall cybersecurity strategy and policies. It should be driven by senior management, and they need to communicate the programme's importance and encourage participation.

A collective effort

It’s not enough to simply inform employees about cybersecurity best practices; the goal is to instil a proactive and vigilant mindset. By fostering a sense of responsibility for cybersecurity among all employees, you create a collaborative effort that significantly reduces the business’s susceptibility to cyber-attacks.

Security awareness programmes are more important than ever. While some may see it as an expense because it does not contribute to the bottom line, a robust programme is an investment in your employees, their security knowledge and the addition of another layer of security against cyber threats. If one data breach or phishing attack is stopped in its tracks, then you will have more than recouped the investment.

Reach out to us today through the below form to learn more about security training for your organisation.

October is celebrated worldwide as Cybersecurity Awareness Month, a time to refocus our attention on safeguarding digital assets and promoting cybersecurity best practices.

In this blog, we look at nine important things that businesses can do during Cybersecurity Awareness Month to enhance their cyber defences and foster a safer digital environment.

Conduct a Cybersecurity Discovery Assessment

Start the month by performing a thorough cybersecurity risk assessment. Identify your most valuable and sensitive assets - such as data, systems, and networks - and evaluate potential threats and vulnerabilities that could compromise them. Click here to learn more about BMIT Cybersecurity Discovery tool.

Introduce or revisit basic cybersecurity practices

Everyone in your business should understand the importance of basic cybersecurity hygiene. This includes using strong and unique passwords, enabling multi-factor authentication, keeping software and devices up to date, regularly backing up data, encrypting data both in transit and at rest, and being careful when opening emails or attachments.

Educate employees on cybersecurity best practices:

Most security breaches are the result of human error. In many cases, providing comprehensive cybersecurity training can greatly reduce the risk of a breach or cyber-attack. Educate them about various threats, such as phishing, ransomware, malware, social engineering, and data protection. See how BMIT can help you boost your first line of defence.

Cybersecurity policy and Incident Response plan

Having a robust and updated cybersecurity policy that outlines rules and guidelines for your business is paramount and it should cover key areas such as access control, password management, data classification, encryption, remote work, and third-party vendor management. You should also have a detailed incident response plan to ensure your team knows exactly what to do in case of a cyber-attack or breach.

Are your defences in good shape?

Configurations and baselines created a year or more ago may prove useless if your business is a target. Use this month to audit and assess your cybersecurity controls and processes. For example, have you implemented multi-factor authentication company-wide? Do you adopt a Zero Trust model? Is Shadow IT an issue for your business? Conduct tests to gauge the effectiveness of your security measures and identify areas for improvement. Is penetration testing something worth investing in?

Invest in cybersecurity tools and solutions

Depending on your business’s needs and budget, you need to invest in basic cybersecurity solutions. Are you filtering traffic, do you have VPNs for your remote workers, email security to filter spam, malware and myriad threats, intrusion detection on your network or hosts? What about vulnerability management? How do you manage employee devices on the network? Do you have a solution in place? Data leakage protection is another area you should be looking into.

Do you need help?

Not every business has the resources to manage cybersecurity in-house or the skillset to implement so many solutions. You may not have the security expertise either. In that case, you need an IT partner, an organisation that can help design, implement and manage your security needs. Unless you have the budget and resources for an internal team of experts, working with a managed service provider (MSP) should be at the top of your list. Don’t skimp on security!

Cybersecurity is everyone’s responsibility

Cybersecurity is not just a technical concern but a cultural one. Encourage a shared responsibility for security from top management to frontline staff. Help your employees understand their role in defending the business.

Install and forget does not work with cybersecurity

With the volume and sophistication of cyber threats evolving constantly, your policies and strategy need to be updated regularly. Just as your business strategy and goals change, you need to align your cybersecurity strategy with those changes, it must address current risks, incorporate the latest technologies and best practices, and address any gaps that may arise.

Secure Your Digital Future with BMIT

October's Cybersecurity Awareness Month brings to the forefront the ever-growing threats in our digital world. From human lapses to intricate cyber-attacks, the risks are real and on the rise.

Don't wait for a cyber incident to dictate your next move. Prioritise cybersecurity today. With our experience, tools, and customised approach you can ensure your business stays resilient and secure. Together with our team of experts you can navigate the complexities of cybersecurity with confidence, knowing that your valuable assets are protected!

Secure your business today, fill in the form below to get started.

BMIT to invest 47.1 million euro in approximately 280 rooftop sites, as it creates a high quality and diversified technology company, with an improved long-term financial profile

28 September 2023 – Leading cloud, infrastructure, and cybersecurity provider BMIT Technologies plc (“the Company”) today announced that its shareholders have resoundingly approved the Company’s acquisition of GO plc’s passive (tower) infrastructure, used for the hosting of its cellular telecommunications equipment.

By way of this transaction BMIT will be acquiring approximately 280 sites and ‘towers’, in the process taking over the ownership and management of the rooftops on which GO have installed or will be installing, active equipment to run their mobile services to subscribers.

Once under BMIT’s ownership, BMIT will oversee maintenance and upgrades, while allowing GO continued access for their operations and provision of mobile services on their network. As part of the agreement, GO plc will be required to install and deliver to BMIT an additional 30 sites by the end of 2030.

The Company said it will be acquiring these sites / towers for a total consideration of approximately 47.1 million euro.

Ing. Christian Sammut, CEO at BMIT Technologies plc, said: “The Board of Directors and I are very happy that this transaction, called Project Sky, has received the full backing of our shareholders. Project Sky will have an immediate impact on our revenue and performance, strengthening the company while further diversifying and improving our growth profile and revenue base.

“Project Sky will also have a positive impact on our longer-term margins and help us reduce our dependency on specific sectors. By creating this new vertical, we are building on years of experience in our core infrastructure and data centre business, whilst continuing to pave the way for our transformation into a hybrid IT solutions provider. Moreover, it ensures a stable and guaranteed revenue which will help us achieve our objectives for the years to come.”

The acquisition or ‘Proposed Transaction’ was approved by 99.99% of the Company’s shareholders during an extraordinary general meeting on Monday, 25th September 2023.

About BMIT Technologies plc 

BMIT Technologies plc is a technology company providing infrastructure, hybrid cloud solutions, and advisory, implementation, and management services. The company helps design, build, modernise and manage the systems that clients rely on for growth, security, and success. By applying their extensive expertise, experience, and excellence they enhance customer experience, provide true value, and increase efficiency. Backed by a robust and trusted organisation, best-in-class infrastructure and a talented team of experts across various technology platforms, BMIT Technologies offers an unparalleled technology experience to any business.  

Microsoft has announced important changes to some of the Microsoft 365 and Office 365 plans in the European Economic Area (EEA) and Switzerland, which will come into effect on 1st October 2023. 

First change to the following products:

Beginning October 1, 2023, Microsoft will unbundle Teams from Microsoft 365 and Office 365 Enterprise suites. For the enterprise suite of products (M365 E3/E5 and O365 E1/E3/E5), customers buying a new subscription will not have Teams included, however, they will be purchasing it at a lower price and will still be able to purchase Teams as a standalone.

Due to the above changes Microsoft have introduced Teams as a standalone product. This will give customers the opportunity and flexibility to add Teams to specific users as needed.

Second change to the following products:

For our small business and frontline workers, Microsoft will continue to bundle Teams, keeping their current offering. However, Microsoft will also be introducing new adjacent plans “without-Teams” which will be offered at a lower price giving customers the flexibility to mix the plans to lower the cost and enable Teams to specific users only.

FAQs

Why is Microsoft making this change?

Earlier this year the European Commission announced that it had opened a formal investigation regarding Microsoft’s bundling of Microsoft Teams with Microsoft 365 and Office 365 suites for business customers. Microsoft stated that they will continue to cooperate with the Commission and remain committed to finding solutions that will address its concerns.

How will these changes affect existing customers?

Existing customers who are already subscribed to any of the above products can choose to stay with their current plan which includes teams. Such customers can continue to renew and even add or decrease user seats upon renewal.

Can existing enterprise and business customers change to the new plans without teams?

Yes, customers who are already enrolled in an enterprise plan with Teams included can change to a “No Teams” plan when they renew.

How will these changes affect new customers?

Starting October 1, new enterprise subscription orders or plan upgrades (example E3 to E5) will not contain Teams. Should a customer wish to have Teams included they have to purchase two subscriptions – one for Microsoft 365 enterprise product and one for Microsoft Teams.

New small and medium business customers will be able to choose between the existing Microsoft 365 Business with Teams or without Teams plans. This also applies for the Frontline plans.

How is the new Microsoft Teams different from Microsoft Teams Essentials?

Microsoft Teams is an enterprise offering available to customers in the EEA and Switzerland that provides meetings, chat, calling (VoIP), and collaboration without any limitation on seat numbers.

Microsoft Teams Essentials remains unchanged; it provides meetings, chat, calling (VoIP), and collaboration for customers with fewer than 300 users.

Can customers outside the EEA and Switzerland purchase the new EEA (no Teams) suites and/or Microsoft Teams EEA?

The new EEA suites and Teams standalone are intended for purchase by customers with enrolments in EEA countries and Switzerland, from EEA/Switzerland pricelists, for deployment on EEA/Switzerland tenants out of data centres in the EEA and Switzerland.