We're delighted to have got another client through Cyber Essentials today.

This one was up against the deadline to complete before the 1st April changes and needed a couple of revisions with the assessor (and we'd taken over from another provider but that's another story) but all done now.

CE or CE Plus is an excellent baseline in cyber security for small and medium organizations to obtain. It is part policy driven - so the organisation has to buy into making changes into how they operate in order to achieve the certification - and part actual configuration of the IT so MFA/2FA is used everywhere, computers patched and updates in set timeframes, etc.

One of the main benefits of achieving Cyber Essentials certification is that it can help to protect your organization from a wide range of common cyber attacks. By following the Cyber Essentials framework, you can ensure that your organization has implemented basic security controls that are known to be effective at mitigating many common cyber threats.

Some specific benefits of Cyber Essentials certification may include:

1. Increased resilience against cyber attacks: By implementing the controls outlined in the Cyber Essentials framework, your organization can reduce the risk of cyber attacks and become more resilient to potential security incidents.

2. Improved customer confidence: Having Cyber Essentials certification can demonstrate to your customers that your organization takes cyber security seriously and has taken steps to protect their data and information.

3. Potential cost savings: Implementing the controls required for Cyber Essentials certification can help to prevent costly security incidents, such as data breaches or malware infections, which can save your organization money in the long run.

4. Compliance with regulations: In some industries, Cyber Essentials certification may be a requirement for doing business or complying with specific regulations. By achieving certification, your organization can ensure it is meeting these requirements.

Overall, Cyber Essentials certification can provide a range of benefits that help to protect your organization from cyber threats, build customer confidence, and potentially save money in the long run.

All very achievable for those organisations that wish to commit to demonstrating to their supply chain they take cyber security seriously.

Please note that from 1st March 2022 there are price increases being applied to certain Microsoft 365 licences. There are also changes being applied the annual licence committments.

The table below shows the new monthly pricing for two of the most common M365 Business licences from March 1st 2022

Note: I’ve only shown the Business licences here – there are also similar increases for the Enterprise E1, E3 and E5 licences.

Enforced annual commitment on licences or 20% premium for monthly commitment

The other big change is that Microsoft are now enforcing the annual commitment to Microsoft 365 licences, i.e. if you take out a 1 year licence you cannot cancel that licence before the end of the term. You can pay for the licence either upfront in one payment or pay monthly but the commitment is for 1 year.

If you want to only have a month to month commitment, i.e. the ability to cancel a given licence on a monthly basis, you can do so but you will pay a 20% premium to have that right. This is the Monthly Commit, Monthly Payment column in the above table.

Microsoft are suggesting that businesses look at their current staff and licencing and start to think in terms of annual commitment licences for permanant staff and monthly commitment licences, with the 20% premium in cost, for temporary or seaonal licences.

You can probably guess that top of the list of our current activities is preparing our clients for increased use of remote and home working.

This isn’t new to us and most organisations have implement home working/remote working in some limited way over a number of years. However now, with the very real possibility that some workplaces may be completely unavailable if a quarantine is declared in a given area, this has stepped up a whole new level.

I’ll update this piece over the coming days but I wanted to publicise some relevant information from Microsoft and also the BCS, our professional body.

Firstly a key application you’ll want to implement is Microsoft Teams. This comes as part of several Office 365 subscriptions but there is now an extended free trial of Teams Premium available;

Microsoft announce free extended trial of Microsoft Teams

And This article from the BCS – more aimed at larger enterprises who need to do detailed business continuity planning.

What do I need (to make my staff work effectively from home)?

In short anyone using Office 365 Business Essentials, Business Premium or the Enterprise E plans has the essential tools available to them already: hosted Exchange email (with webmail), SharePoint or OneDrive for Business and most crucially Microsoft Teams Premium.

Teams allows you to chat, video and audio conference, schedule meetings, store and exchange files and place infromation centrally. The beauty of Teams is that, as the name suggest, you can create teams and channels only relevent to specific groups of people. Your Sales team can chat and exchange ideas within their own group, likewise accounts, customer services, etc. You can also have company wide Teams so you can make announcements to all staff.

Some users will still need access to their PCs in the office during a quarantine period so some form of remote access – VPN based or perhaps a remote agent on the PC – will be needed to get access to CAD applications, accounts packages, other line of business applications. This will vary from client to client as you will all have different setups.

Too little internet

One bottleneck that you might encounter is that your internet connection is much slower, typically, on uploads compared to downloads. This matters because when you have many remote users trying to access a server they will be using your upload bandwidth and 30-40 users won’t squeeze into a typical fibre internet upload speed.

So to mitigate this you need to be thinking of how to minimise the amount of data that is left o nthe internal company network. The more data that can be uploaded to Teams/SharePoint/Onedrive for Business the better. Having your file data in the cloud will mean that remote users don’t need to dial into the comapny netowrk to retrieve it.

This means there is more bandwidth left on your internet connection to allow the CAD users, accounts, business app users to work remotely on their PCs left in the office.

Voice over IP

If you have a voice over IP telephone system find out if you can use a webclient or softphone with it. That would mean your users can log into their phone extension form home and with a USB headset they can answer and make calls as if they were in the office.

The skinny

If you have an Office 365 subscription start using all the tools you have – Teams for keeping groups talking to each other, cloud storage (OneDrive for Business, SharePoint) for sharing and working on data and cloud based email.

If you have VoIP check to see if you have a software phone available to you so you can work out of the office