Archive for the ‘Security and Compliance’ category

OMAN VAT update November 2020 -ask Synergy Software Systems

November 27th, 2020

The International Monetary Fund, Oman’s economy is expected to shrink by 10 percent this year, the biggest contraction in the Gulf, and its fiscal deficit could widen to 18.3 percent of GDP from 7.1 percent last year.

Last year Oman enacted on June 15 an electronic system for registering excise taxpayers, setting the stage for residents to be taxed on products deemed harmful to public health and the environment after a 90-day grace period. The Omani “sin tax” involves a 100% levy on tobacco, pork, alcohol and energy drinks and a 50% tax on carbonated drinks. This year it increased the tax on alcohol to 100%

Oman announced that it expects to introduce an income tax on high earners in 2022, the finance ministry said in a 2020-2024 economic plan, new details of which were published late on Sunday, as the Gulf state seeks to restore finances battered by low oil prices.

The plan also aims to redirect state subsidies to those groups who need it, rather than subsidize all users. Electricity and water tariffs will be changed gradually in the coming years, the document said.

Meanwhile Oman Royal Decree No. 121/2020 was passed, and the VAT Law was published by the Official Gazette of Oman on 18 October 2020. The date of implementation is expected to be 16 April 2021 (i.e. 180 days from the date of publication of the VAT Law). The Executive Regulations will clarify certain aspects of the VAT Law and those are expected to be published soon by the Official Gazette.
In the next 4-5 months’ time, businesses in Oman should consider the implementation impacts on the entire business, operations, procurement, sales, administration, human resources, information technology, etc. We advise an internal steering committee with a representative from each function.

The VAT Law published is exhaustive with the benefit of the experience of other GCC VAT Laws.

Registration
Muscat has set a voluntary registration threshold of 19,250 Omani riyals and mandatory registration for businesses and individuals with turnover of at least 38,500 riyals.
Non-resident businesses that provide taxable supplies will be required to VAT register. Unlike resident businesses, there will be no minimum threshold that needs to be met before nonresident businesses must register for VAT with Omani authorities. A non-resident business will probably have an option to appoint an agent in Oman – that does not have to be jointly and severally liable, nor a fiscal representative of the principal. More detail is expected in the executive regulations.
Rules for digital service providers based outside of Oman are still in development. Digital service providers based outside of Oman, as well as e-commerce services, will need to pay careful attention to regulations over the coming months to ensure compliance.

VAT impact assessment,
Administration:

• VAT registration and gathering information from customers
• VAT recovery issues and VAT grouping
• VAT litigation avoidance strategies

The VAT fiscal impact,
• budgets, cash-flow, working capital, etc. Financial record keeping it is to be expected, that any company found to have kept inadequate records or issued incomplete invoices may be subject to potentially severe fines.
IT impact,
Ascertain the impact on the accounting system software and hardware such as gathering and loading data, developing statutory reports, amending other financial reports.
• The law sets out rules for proper record keeping and invoicing. All VAT-registered entities must keep specified records, including customs and invoicing documentation, and retain these records for at least 10 years. Archive storage space/cost and the impact of future planned system upgrades needs to be considered.
• The law specifies mandatory filing requirements, including documentation required when filing VAT returns. Now might be a good time to look at both document management systems and RPA e.g. for data entry validation, or VAT reconciliation or for data entry to government websites.

Process and documentation impact,
Redefine the processes under VAT – quotes, contracts and terms and conditions will need revision. Update your process documents for audit purposes.
VAT is a transaction-based tax, so the underlying legal documentation (ie, the contract or terms) detailing the supply of a good or service is the start of the review process. Review your contracts to determine the Omani VAT impact. Does the contract account for VAT (and/or other taxes)? When a contract is ‘silent on VAT’, this could well mean that the amounts specified therein are treated as inclusive of VAT. To avoid misunderstanding, such “silent” contracts should ideally be updated. Parties may need to (re)negotiate the considerations to account for non-recoverable VAT.
Businesses should also review the contracts to determine whether they reflect economic reality. Are the parties to the contracts the actual supplier and recipient of the service or goods? This is important in relation to the invoices issued by the supplier and, the right of the recipient to potentially recover VAT.
To apply the correct VAT treatment of the supply of a service or good, the supplier may need to obtain additional information from the recipient.
Contracts and/or terms and conditions may need to be revised in order to collect or store such information and to ascertain the correct Omani VAT treatment of the services or goods supplied.

Invoicing
Chapter 8 of the law outlines invoicing requirements. Any person making a taxable supply of goods or services will be required to issue a tax invoice, which may be in the form of an e-invoice rather than in paper format.
The details required to be disclosed on a tax invoice, the language in which invoices must be issued, rules for simplified tax invoices, and other similar requirements are expected to be set out in the executive regulations. Currently, it is expected that invoicing will be permitted in English and that use of Arabic will not be compulsory. The executive regulations are expected to specify when a business will be exempt from issuing tax invoices.
The requirement to issue tax invoices is also triggered in other circumstances, e.g., the receipt of advance payments that generate a requirement to account for VAT, or the making of deemed supplies.
For businesses issuing invoices in a foreign currency, the VAT amount must be stated in Omani Rials (OMR) and be converted using the average purchase and sale price of the relevant currency published by the Central Bank of Oman on the date on which the VAT is due. The tax authorities are expected to clarify whether any other conversion methods will be permitted.
This may affect your accounting system because you may sue different rates contractually or for corporate budgets or period end revaluation.
User training
e.g.
- how to add a customer TRN,
– how file a return,
- how to draft anew quote or contract.
- system changes

Transition management
Based on the VAT implementation in other GCC countries, there are challenges to be expected during the process. Complacency is a major risk, as is starting the implementation and transition activity late, and not allowing adequate time to test system and process changes.
Consider for example instances in which goods or services are paid for prior to the law coming into effect, but are only delivered once the law is in place?
The regulations indicate that VAT will have to be paid in such circumstances. However, further questions are raised in terms of invoicing and filing. More details are expected to be provided on precisely how compliance will function under these transitional circumstances
Appoint a proven implementation expert, to walk you through each type of business transaction and its treatment to avoid penal consequences.

Place of Supply
Understanding the concepts of “Supply”, “Place of Supply” and “Time of Supply” is critically important for effective implementation of Oman VAT. The place of supply shall be determined on the basis of the final consumption place of the supply, regardless of the product originating place,. When the supplies are consumed within Oman, they shall be levied to VAT. Services supplied outside of Oman to its residents will be treated as supplies in Oman. Some exemptions will apply to certain services provided to end-users outside of Oman.

For services, the place of supply depends on (i) the type of recipient (is the service business-to-business or business-to-consumer?) and (ii) the type of service. Special rules may apply to certain services such as real estate related services or electronically supplied services (or e-services). Real estate related services and e-services are always deemed to be supplied where the real estate is located respectively where the recipient is located. Particularly, overseas business-to-consumer suppliers of e-services should be aware that they will need to charge, collect and remit Omani VAT to the tax authorities.

Businesses in Oman which import services or goods may need to account for Omani VAT by means of a reverse charge mechanism. Such VAT would in principle be recoverable if and to the extent the business renders VAT taxable activities.
e-services are subject to VAT when the recipient of such services is located or residing in Oman. A reverse charge mechanism applies in case of business-to-business supplies of e-services, under which the burden of VAT is shifted from an overseas supplier to the Omani recipient. As of April 1, 2021, foreign and domestic e-service suppliers should obtain customer information (ie, verified VAT number) to determine their customers’ status (business or consumer).

Free zones
Businesses operating within free zones, special economic zones and duty free zones are likely to be subject to special VAT rules. Concessional VAT treatments are likely to be applicable for supplies within, to and from the customs duty suspension zones, free zones or special zones. Importers, who avail themselves of customs duty suspension benefits under the GCC Common Customs Law, would also likely be eligible for similar benefits under VAT. Dealing with this may require your accounting system to be able to handle a ‘reverse charge’ process.
Responsible person
All businesses will be required to have a responsible person who oversees VAT compliance. This person is liable to any penalties for failures to comply. This is similar to the UK’s Senior Accounting Officer concept, where a person can be fined up to £5,000 for not taking appropriate actions to stay compliant.
In Oman, the responsible person can personally be fined up to 10,000 OMR (nearly £20,000) with a prison sentence of up to one year. The fine can be doubled and the jail sentence doubled for repeat offenders. Any late submissions are subject to a 1% fine on the owed tax every month.
The severity of the punishments put the responsible person under considerable pressure to get things right. In a complex business, multiple users make VAT decisions, often with minimal VAT training and if you are relying on others to input data correctly then it’s imperative they do it correctly as the consequences of non-compliance are life changing.
If I were in this position, I would be doing everything in my power to achieve full compliance by using the best resources and tax technology available to me. I would also document all my recommendations.
The sensible way to mitigate the possibility of non-compliance is to minimise the risk of human error. For large businesses this means automating their VAT determination. Integrated finance/erp systems and RPA are two obvious solutions.
Most enterprise level businesses will be processing thousands of transactions a day, so human error will naturally occur when choosing tax codes, especially while VAT is a new concept in the country and wider region. Eventually staff become complacent or change jobs and new hires induction and training is less risky with automated systems.
Contact us for more information on systems we have already localised for VAT compliance, and how RPA automation can reduce cost and risk.

Exemptions:
Supply of foodstuffs, medicines and medical equipment is to be determined by the decision of the President, after coordination with the competent authorities. Some of the basic foodstuff will also be exempted from five per cent VAT. In addition to financial services, provisions of healthcare and education and their related goods and services, other exemptions are undeveloped lands (bare lands); resale of residential properties; local passenger transport; and renting real estate for residential purposes, Investment gold, silver and platinum, supplies of international goods and passenger transport and related services; supply of rescue aircrafts, boats and auxiliary ships; supply of crude oil and its oil derivatives and natural gas; import of maritime, air and land transport vehicles for transport of goods for commercial purposes as well as import of related services; and supplies for the disabled and charity organisation have been designated as zero rated.

Sector challenges

Retail sector: Certain food items may be zero-rated as per the VAT Law. The list of items which are zero-rated is not yet published. Businesses need to map the product with the list (consider the composition of the product, purpose, etc.). Incorrect classification could lead to a wrong zero-rating position.

Pharma sector: Medicines and medical equipment are zero-rated. However, the zero-rating is expected to apply in cases where the medicines are approved by / registered with the Competent authorities. The approval could be generic, or it may apply for certain period / certain class of medicines. For each sale / purchase there may need to be validation whether the medicine is approved to apply zero-rating.
Financial services: Banks and large financial institutions should classify their products into margin / fee-based income because margin is exempt from VAT and fee-based income is subject to VAT. Businesses must also consider the customer location because margins earned from a customer outside Oman will be zero-rated.
Certain charges which are penal may have a different VAT treatment. In the majority of the transactions, Islamic finance products will follow the treatment of non-Islamic finance products; however, there are some exceptions. The financial services sector may have a substantial portion of income which could be exempt, input tax apportionment.
Logistics sector: International transportation, i.e. movement from Oman to outside Oman and vice-versa is zero-rated whereas local passenger transport is exempt and local transport of goods is subject to VAT at 5%.
However the entire transportation journey involves freight forwarder, agent, shipping line, feeder operator, etc,. so ascertain the VAT impact on different charges for providing services. More clarity is expected from the Executive Regulations.
Export of services: Providing services to a customer based outside Oman is zero-rated subject to certain conditions. One important condition is that the benefit of services should accrue to the customer outside Oman. In other words, benefit should not be received by any other person in Oman. This may be subjective and depend on the arrangement with the customer and the nature of charge / services. It is advisable to identify such arrangements and to evaluate the VAT treatment. Other GCC countries are divided in terms of VAT treatment on such transactions.
It is likely that sector-specific guidance will be issued by the Oman Tax Authority to clarify the VAT treatment for different industry verticals.

Exempted Supplies from VAT
Some supplies based on transactions and others on nature will be exempted from VAT.
Supplies exempted based on transaction include:
• Any supplies transacted between the same group of the VAT group (e.g. a parent company and subsidiary or branches)
• Any supplies transacted between the same group of the VAT group (e.g. a parent company and subsidiary or branches)
• Business ownership transferred by one taxable person to another
• Any insurance claims made within the Sultanate of Oman
• All imports made by Armed forces, Army, and Air force in Oman
• All imports made by diplomats, embassies, consular bodies, international organizations. (subject to conditions)
• Supplies imported for charities and not-for-profit organizations
• Supplies brought to Oman by travellers and passengers as gifts or personal use only
• All supplies imported for people with special needs including medical aid equipmentIn addition to receivers’ or person utilizing the supplies, some supplies will be exempted from VAT by nature of product/service:
• Financial Services
• All Health Care services including the imports of medical supplies and equipment
• All educational services including the import of supplies for educational purpose
• Resale of the Real-estate and leasing of real estate properties for residential purposes only
• Non-developed land i.e. empty or barren land
• All local means of transportation for passengers

Registration process

The registration process is likely to start in January 2021 according to the Tax Authority in Oman. All registration process will be through its online e-services portal. The Applicant will have to provide the company ownership and business-related information. The necessary information required to register with the portal may include:
• Copy of trade license
• ID card and Passport copies of business owner and partners
• Company’s Memorandum of Association
• Contact details, E-mail for registration and other contact details
• Bank account details
• The income statement for the last 12 months
• Nature of business and activities performed
Each registering entity will be allotted a VAT registration identification number other than their currently held tax number.

Filing returns
Article 72 of the law prescribes the following minimum information to be provided in the periodical return:
• Value of taxable and exempt supplies;
• Total value of imported goods;
• Amount of output VAT on revenue transactions;
• Amount of recoverable input VAT on costs; and
• Net VAT due for the period.
Article 73 provides an option to amend tax returns within a period of 30 days from the date of discovery of any error or omission.

VAT payment
VAT will be payable to the tax authorities within 30 days from the end of the VAT period, together with the filing of the return. Unpaid VAT will be subject to a penalty of 1% of the tax due per month or part month, unless waived by the tax authorities in accordance with article 82 of the law

Mode of Payment
All entities entitled against the VAT requirements will have to deposit the VAT returns electronically through the E-Services portal.

VAT recovery
VAT recovery will normally only be possible in the case when the recipient has received a tax invoice which adheres to the Omani VAT invoice requirements. These requirements include details on the supplier and recipient. Any incurred VAT on incorrectly issued invoices (e.g, wrong issuing party, wrong VAT rate and/or other missing requirements) may not be recoverable. Businesses operating in Oman should define policies to ensure a proper VAT administration and invoicing.

A VAT group is a facility that allows two or more taxpayers to be registered for VAT purposes as a single taxpayer. The VAT group scheme is of interest to taxpayers with a restricted VAT recovery rate which is part of a group with non-restricted businesses. Inclusion of such payers in the VAT group may provide for (additional) VAT recovery.
Although VAT may be recoverable, the recovery itself generally takes a certain period of time. This cash flow aspect should be one of the considerations during the (re)negotiation process, particularly with large supply contracts spanning several years.

If you need advice on preparing for VAT and updating and automating your financial or erp systems then we have implemented VAT for more than a hundred companies in UAE, KSA and Bahrain. we are gold Partners for Microsoft Dynamics 365 Fiinance, Infor Sunsystems and UiPAth RPA.

Call u son 0097143365589

Dynamics 365 Dubai partner Synergy Software Systems

November 12th, 2020

There is much talk about digital transformation but what does it mean for your company?
For selected Enterprise clients we work with Microsoft to deliver curated workshops to ‘inspire-quantify-empower- achieve’

Further to our recent seminar contact us now to avail of free upgrade and migration reviews to Dynamics 365 Finance and Supply Chain

Synergy Software Systems is the oldest Dynamics. partner in the EMEA region and has implemented solutions on Axapta 2.3 Axapta 3 Dynamics Ax4, Ax 2009, Ax2o12, Ax2012 R2, Ax2012 r3, and of course Dynamics 365.

We have also implemented every version of Dynamics CRM since version 3.

As Microsoft partners we also implement and support Office 365 and Microsoft365 . Exchange server, Teams, and the azure stack

We also have a practise for Power Bi/Power Apps/Power Automate, so we are able to help you to fully leverage the entire Dynamics 365 platform.

To take your business on the first step into the cloud with Dynamics call us: 009714 3365589

Massive increase in cybercrime.

November 6th, 2020

Disturbing increase in cyberthreats in the second quarter of the year, more than 400 new cyberthreats were recorded every minute, according to a new report from cybersecurity firm McAfee. Nw malware samples also grew by 11.5 percent for the period.

PowerShell malware and Covid-19-themed attacks dominated the landscape. Malicious Donoff Office document attacks propelled new PowerShell malware upwards by 117 percent. The documents behave as TrojanDownloaders by using Windows Command to launch PowerShell, which then downloads and executes malicious files.
McAfee claims Donoff also played a “ critical role” in driving the 689 percent surge in PowerShell malware in the quarter prior to this one.

Covid-19 was another theme exploited by cybercriminals in the second quarter of the year. McAfee’s network, boasts more than a billion sensors, and registered a 605 percent increase in Covid-19-related attacks compared to Q1.

“,,,,,,,,, a deluge of malicious URLs, attacks on cloud users and capable threat actors leveraging the world’s thirst for more information on Covid-19 as an entry mechanism into systems across the globe,” said Raj Samani, McAfee Fellow and Chief Scientist.

McAfee said there were almost 7.5 million external attacks on cloud user accounts in the quarter. According to the firm, all major industries were affected, including: financial services, healthcare, public sector, education, retail, technology and more.

In 2019, the Maze ransomware group introduced a new tactic known as double-extortion, which is when attackers steal unencrypted files and then threaten to release them publicly if a ransom is not paid. Ransomware gangs are increasingly failing to keep their promise to delete stolen data after a victim pays a ransom. ther ransomware operations, who began to create data leak sites used to publish victims’ stolen files.As part of this double-extortion tactic, most ransomware operations require a victim to pay a single ransom that will provide both a decryptor for their encrypted files and a promise not to share and to delete stolen files.Some ransomware operations, like AKO/Ranzy, demand two ransom payments, one for the decryptor and another not to publish stolen data.

In the recently released Coveware Q3 2020 ransomware report r we learn that some ransomware gangs do not keep their promise to delete stolen data after a ransom is paid. Certain groups are leaking stolen data after a ransom was paid, using fake data as proof of deletion, or even re-extorting a victim using the same data that was paid not to be released.

Sodinokibi: Victims that paid were re-extorted weeks later with threats to post the same data set.

Netwalker: Data posted of companies that had paid for it not to be leaked

Mespinoza: Data posted of companies that had paid for it not to be leaked

Conti: Fake files are shown as proof of deletion

Unlike a ransomware decryptor, which a threat actor can’t take away once given, there is no way for a victim to know for sure if a ransomware operation is deleting stolen data after a ransom payment is made. Due to this, Coveware says that it does not make sense to pay a ransom as there is no way to know for sure it will not be used to extort you further in the future. With this in mind, Coveware tells victims to expect the following even if they do decide to pay, so their data is not released:

– The data may not be credibly deleted. Victims should assume it will be traded to other threat actors, sold, or held for a second/future extortion attempt

– Stolen data custody held by multiple parties and not secured. Evenwhenf the threat actor deletes a volume of data following a payment, other parties that had access to it may already have made copies so that they can extort the victim in the future

- The data may get posted anyway by mistake or on purpose before a victim can even respond to an extortion attempt

Companies should automatically assume that their data has been shared among multiple threat actors and that it will be used or leaked in some manner in the future, regardless of whether they paid. They should treat the attack as a data breach and properly inform all customers, employees, and business partners that their data was stolen as required by law.

Doing this may b e embarrassing and painful but at least the companies look better for trying to do the right thing and gives those who were exposed the ability to monitor and protect their accounts from fraud.

A recent example of such an attack is Campari Campari Group an Italian beverage company known for its popular liquor brands, including Campari, Frangelico, SKYY vodka, Epsolon, Wild Turkey, and Grand Marnier. It was recently hit by a Ragnar Locker ransomware attack, where 2 TB of unencrypted files was allegedly stolen. To recover their files, Ragnar Locker is demanding $15 million.

As proof that they stole data, the ransom note contains eight URLs to screenshots of some of the stolen data. These screenshots are for sensitive documents, such as bank statements, a UK passport, employee U.S. W-4 tax forms, a spreadsheet containing SSNs, and a confidentiality agreement.

Ragnar Locker claims to have encrypted most of Campari Group’s servers from twenty-four countries and are demanding $15,000,000 in bitcoins for a decryptor. This price also includes a promise to delete data from their file servers and not publish or share the data, as well as a network penetration report and recommendations to improve security.

Ragnar Locker has been involved in other large attacks this year, including ones on Portuguese multinational energy giant Energias de Portugal (EDP) and French maritime transport and logistics company CMA CGM.

We advise all companies to regularly review and update their security policies, training and cyberdefence solutions.
Ask us about end point solutions or consider whether managed cloud hosted systems is preferable.

009714336589

Dynamics 365 Finance and SCM upgrade and migration offer from Synergy Software Systems

November 4th, 2020

Over 60 companies tuned into our Webinar with Microsoft last week about the benefits of Dynamics 365 cloud and the upgrade or migration journey.
Note that the special subscription offer incentive, and free uggrade assessments are only available till year end, for a limited number of applicants and first come first served basis . There were also additional discounts offered by Synergy Software Systems till end November 2020.

Some of the reasons for upgrade include:

As of October 2021, Microsoft will no longer support Dynamics AX 2012 R3. That’s not so far away, and now is the time for remaining AX 2009 and 2012 users to move to a new ERP (Enterprise Resource Planning) solution. Such a project will seem daunting, but Microsoft Dynamics 365 Supply Chain & Finance Management will be your last and best upgrade.

An immediate reason Dynamics AX users who have a current Microsoft Dynamics annual enhancement plan to choose Microsoft Dynamics 365 at this time is that can currently receive an intial discount on the Dynamics 365 cloud subscription.

Contact us today to learn more. Keep reading to find out why we think you’ll love Microsoft Dynamics 365.

Advantages of the Microsoft Cloud
When you move from on-premise Dynamics AX to the Dynamics 365, its more than an update of patches or even an upgrade of features. It’s a paradigm shift to compete in the modern digital economy. Dynamics Ax 2was always very versatile and could be customised to meet your specific needs. However that flexibility came at the cost of upgrades to a later version. There might be statutory changes such as introduction of Vat or Revenue recognition, or patches need to fight cybercrime, or business expansion that outgrow existing features and hardware. However the significant challenges, of upgrade constrained the business from making timely ‘agile’ changes.

Additional complexity arose to update integrations, ISV modules and specialist reports, and integrations. With Dynamics 365 Finance & Supply Chain
Management on the Microsoft Cloud, – you will continuously update. The updates are automatic, performed in the background, immediately available, and accommodate your customizations and integrations. You’ll be able to lower your ERP costs, while always benefiting from the latest innovations Microsoft has to offer.

Apps in the Microsoft app store will deploy rapidly without worry about code conflict.

Seamless remote connectivity
Cloud-based solutions such as Dynamics 365 Finance & Supply Chain Management allow out-of-the-box mobile access and anytime, anywhere connectivity. Empower your teams to do their jobs even while working remotely. Give them access to the information and processes they need, whether working from home, on the road, or in the field. Seamless operations provide increased user and customer satisfaction, and increase efficiency.

Built-in disaster recovery
The pandemic and recent natural disasters have shown us that calamity can strike without warning and affect any business. Locating your information and processes in Microsoft’s secure Cloud gives you high-performance, remote access to all your ERP data and processes.
It also guarantees built-in disaster recovery for your organization. You’ll be able to be up and running even if you can’t get to the office. Your information will be secure from both physical disasters and cyberattacks.

Easier integrations
Dynamics 365 Finance & Supply Chain Management is built on a Common Data Service, which connects, ERP, Power Platform (including Power BI) and all the other Microsoft business productivity tools such as Microsoft 365. That enables all of those programs to work together seamlessly. Send and receive data, build workflows, automate processes, and create custom functionality. Your teams will be connected using processes with which they are familiar.

Lower IT costs
A cloud-based solution eliminates the expense of owning and maintain on-premises hardware.
- Hidden but significant savings Include” SQL licenses and support, Windows Server licences, Anti malware software for servers, back up software.
- Save on server room costs for space, electricity, and IT resources.
- No additional BREP charge,

Enhanced performance
The Microsoft Cloud guarantees high performance and ongoing improvements.
Your environment is primarily managed and maintained by Microsoft.
You will never again have the expense of upgrading servers, buying extra data storage, and paying for external hosting. All that will be covered as part of your Dynamics 365 subscription.

Stronger Security
Microsoft’s cloud platform has unparalleled security to safeguard your data.
Dynamics 365 Finance & Supply Chain Management has built-in, role-based security features such as Segregation of Duties (SODs).
Count on Dynamics 365 Finance & Supply Chain Management to support your compliance efforts and meet all your security requirements.

Innovations
Such as AI, virtual agents, connected field service, and more
Advanced tools such as machine learning, artificial intelligence, virtual agents, and connected field service were once out of reach for mid-sized company. Now with Dynamics 365 Finance & Supply Chain Management, you too can leverage the latest technology advancements to unlock new opportunities and gain a competitive edge

Contact us on 0097143365589

Important considerations for a ransomware attack

October 31st, 2020

This post contains general information only offered in good faith and cannot consider every customers’ environment or risk. Synergy Software Systems is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or any other professional advice or services. This publication is not a substitute for such professional advice or services, nor should you use it as a basis for any decision, action or omission that may affect you or your business. Before making any decision, taking any action or omitting an action that may affect you or your business, consult a qualified professional advisor. You acknowledge that Synergy Software Systems shall not be responsible for any loss sustained by you or any person who relies on this publication.

If your network experiences a ransomware attack, then it is likely that your IT staff will want to immediately research and work to stop the attack before they get assistance from an outside incident response firm. This guidance is to help you to prepare your strategy, policies and and responses procedure and checklists to aid your first responders to identify important response priorities for containing a ransomware attack and to avoid common pitfalls that can hinder later investigation and recovery activities.

• Notify your incident response partner and cyber insurance agent (if you have these relationships in place).
• Be aware of any statutory and legal or contractual requirements e.g. to notify authorities, or trading partners relying on your services or integrated systems perhaps with SLAs and financial penalties, or perhaps GDPR related.
• Stop any malicious encryption software that may still be running.
• If you suspect servers and workstations are still encrypting data, power down as quickly as possible to reliably stop further encryption.
• If continued encryption is not a concern on a system, leave the system powered on but disconnect it from the network (as RAM may contain forensic data).
• Disconnect network attached storage (NAS) systems from the network immediately and until you can validate that all systems are free of ransomware.
• Isolate critical systems to prevent further spread of the malware.
• Isolate backups and backup servers.
• Shut down servers or disconnect them from networks.
• Shut down wide area network tunnels.
• Disable any employee remote access services that do not use multi-factor authentication (MFA).
• Disable VPNs or whitelist source IPs to known employees.
• Disable Remote Desktop Protocol (RDP) services or whitelist source IPs to known employees.
• Disable existing domain administrator accounts.
• Create new domain administrator accounts for critical IT staff.
• Disable all other domain administrator accounts (to prevent logins and use of issued Kerberos tickets).
• Disable malware command-and-control channels.
• Disable outbound web traffic.
• Disable all other outbound services/protocols through the firewall.
• Collect and retain logs that are not already in a centralized archive.
• As Windows security event logs can by default be overwritten within days, copy the folder c:\windows\system32\winevt\logs from any domain controllers, RDP servers and other key impacted servers to a safe place.
• Since many firewall logs and VPN are also overwritten quickly, work to export VPN access logs and firewall traffic logs to a safe place.

DEVELOP A RECOVERY STRATEGY
At this point evaluate and develop an investigation and recovery strategy. Examples of key next steps include:
• When needed, completing contracting with a legal firm and/or incident response firm
• Determining the state of storage systems and status of online and offline backups
• Creating an inventory of impacted systems
• Prioritizing applications for recovery
• Creating an inventory of sensitive or high-risk data that could have been stolen
• Evaluating potential risk to cloud email accounts or other cloud services

PITFALLS TO AVOID
In the case of an incident, your organization will want to avoid the following.
• DESTROYING CRITICAL DATA
Many times, IT staff may delete encrypted files or impacted virtual machines to free space for recovery, only to learn that the associated backups are missing or corrupt. Be sure to retain copies of all encrypted or impacted files and systems until after backups are validated and restores are complete, even if it means you have to slow down recovery to add temporary storage and copy potentially unneeded data.

• DESTROYING EVIDENCE
Deleting files or virtual machines, or performing other recovery activities before taking steps to preserve disk images, logs and other evidence, can destroy artifacts that could be used later to help tell the story of how the attacker got in and what data they stole.

• OPTIMISTIC ASSUMPTIONS
There is often a tendency to underestimate an attacker early on and to assume that it is unlikely that the attacker accessed some critical system or set of sensitive data. Perhaps because of a belief that the data would have been too hard to find or too difficult to extract. The organization, may then base its decisions about investigation and notification activities on these optimistic assumptions.

• LEAKING INFORMATION TO THE ATTACKER
Be aware that the attacker may be monitoring your communications during and after the attack. For example, don’t disclose your insurance policy’s ransom coverage limit in a public board meeting discussing the community’s response options, or the attacker will increase their demand to match the policy limit. Social media comments by staff may worry your customers. So, consider also how you will handle communications to your trading partners.

As cybercrime becomes ever more targeted and resourced ensure you have a strategy in place- just in case. Review the security tools you use. Define policies and ensure they are followed for example:
• use of secure regularly changed passwords, or dual authentication passwords
• back ups
• training of new users, and refresher training

Install and use security systems e.g.
• Physical access controls
• Firewalls,
• Anti-malware tools
Consider whether cloud migration or managed services are a better option.

MrbMiner – act now to protect your SQL databases

October 3rd, 2020

MSSQL databases are under attack by a new devastating attack campaign. This time it is a dangerous malware called MrbMiner which is devised by an experienced hacking group. At this moment there is no information available about the identity of the criminals behind it. The name was given to the virus after one of the domain names which was registered to spread it.The attacks using a botnet approach — numerous computers and hacked hosts are tasked with the goal of automatically identifying accessible database servers on a given network. If such is found an automated script will be invoked which will attempt to leverage various security exploits. The main technique used is the brute force attempts that will use a dictionary or algorithm-based lists of usernames and passwords of the administrative users.A new malware gang has made a name for itself over the past few months by hacking into Microsoft SQL Servers (MSSQL) and installing a crypto-miner.

Thousands of MSSQL databases have been infected so far, according to the cybersecurity arm of Chinese tech giant Tencent.In a report published earlier this month, Tencent Security named this new malware gang MrbMiner, after one of the domains used by the group to host their malware. The Chinese company says the botnet has exclusively spread by scanning the internet for MSSQL servers and then performing brute-force attacks by repeatedly trying the admin account with various weak passwords.

Once the attackers gain a foothold on a system, they download an initial assm.exe file, which establishes a (re)boot persistence mechanism and adds a backdoor account for future access. Tencent says this account uses the username “Default” and a password of “@fg125kjnhn987.”

The last step of the infection process was to connect to the command and control server and download an app a Trojan module. that mines the Monero (XMR) cryptocurrency by abusing local server resources and generating XMR coins into accounts controlled by the attackers. It is used to keep a connection to the hacker-controlled server. It is used to take over control of the systems and steal any files and data from the hacked hosts. Usually, database servers are built on top of enterprise-grade and performance-optimized servers. For this reason, the hackers behind the ongoing campaign have implemented another dangerous action – to deploy a cryptocurrency miner. This is a script configured to download multiple performance-intensive complex tasks onto the infected servers. They will run automatically which will have a crippling effect on the usability of the systems. For every reported and completed the job the hackers will receive cryptocurrency assets as a reward.

The attacks will probably change in the near future. They are particularly useful for spreading dangerous malware such as the Qbot Trojan.

LINUX AND ARM VARIANTS ALSO DISCOVERED

The MrbMiner C&C server also contained versions of the group’s malware written to target Linux servers and ARM-based systems.
The Monero wallet used for the MbrMiner version deployed on MSSQL servers stored 7 XMR (~$630). While the two sums are small, crypto-mining gangs are known to use multiple wallets for their operations, and the group has most likely generated much larger profits.
For now, what system administrators need to do is to scan their MSSQL servers for the presence of the Default/@fg125kjnhn987 backdoor account. In case they find systems with this account configured, full network audits are recommended.

A T-SQL query that will collect data for you:

SELECT COUNT(*)
FROM sys.sql_logins AS s
WHERE s.[name] = ‘Default’
AND PWDCOMPARE(‘@fg125kjnhn987.’, s.password_hash) = 1

See this link for guidance on removal:

SSD performance degrades over time- prevent this with DymaxIO

September 29th, 2020

Can SSD performance degrade over time and is there a way to prevent this? The answer is YES and YES. the same solution that addresses the inefficiencies of iops in Windows , SQL and VMs can also help you to maintain the performance of your solid state disks.

The reason for this degradation is an undesirable SSD phenomenon called the Write Amplification Factor (WAF), . This is a numerical value that indicates the actual amount of data that was written to an SSD in relation to the amount of data that was requested to be written from the Host (i.e. Windows OS System)

WAF = the data written to the SSD / the data written by the host

For example, an application on the Windows Server system writes out 128kb of data to the SSD, but internally on the SSD, 512kb of data is written on the SSD for this to occur. This will degrade SSDs write performance.

In this example, the WAF = 512kb/128kb = 4 ! This is bad, a 128kb write from the host that resulted in 512kb of internal writes on the SSD

Ideally, you want a WAF = 128KB/128KB = 1

Why does this occur. Unlike HDDs, data cannot be directly overwritten on a disk. On SSDs, data can only be written to erased spaces. When you have a brand new initialized SSD, all of the pages are in a free/erased state, and there is no problem for it to find free/erased spaces to write new data. But as the SSD starts to fill up with data, resulting in erased spaces having to be created that causes the WAF to increase. I can go into more detail on this but will save it for another time. Suffice to say, a higher WAF value means SSD performance degradation.

Do SSDs degrade over time?

The answer is YES but this has to do more with the SSDs filling up over time. Some recommendations on the web advise to keep free space on SSDs anywhere from 10% to 30% to avoid this degradation. With less free space on a highly I/O intensive system, a couple of things occur:

-There are less free spaces to write to, extra overhead may have to occur like block erasures to allow the new updates to occur. This increases the WAF – Not a good thing.
- With less free space, file data may get spread out to different locations on the SSD. For example, in the best case, 10 pages of file data that is being updated are all on the same block.
- When the block needs to be erased to be updated, then just that one block needs to be updated. If those 10 pages are on 10 different blocks, then in the worst case, those 10 blocks have to be erased and re-written – More overhead and a higher WAF.

The result is

➣SSDs are overprovisioned. For example, a 1TB SSD actually contains 1.1TB of data space. This extra space (seen only by the SSD internals) helps to allow the WAF to remain low.
➣SSD Garbage collection and Trim. Both of these processes include freeing/erasing spaces in the background so new writes can occur quickly on these newly erased spaces.

How doies DymaxIO™ help with SSDs Degrading?

DymaxIO has technology to keep the WAF low.

The patented IntelliWrite® technology enforces efficient Sequential Writes to occur rather than smaller Random Writes from the Windows Host. Sequential writes are more likely to place data in the same blocks which can decrease the WAF

Optimization engines keep the free space contiguous when needed on the host logical side. This will help enforce larger sequential writes to occur which decrease the WAF.

There are also a few more benefits of enforcing larger sequential writes.
- Sequential I/Os out-perform Random I/Os on storage, both HDDs and SSDs, so this ensures you are getting the optimal performance from your storage.
- Keeping the WAF low and writes lower on the SSD helps to extend the lifetime of the SSD.

IntelliWrite technology in DymaxIO does both of these functions automatically
- Keep sufficient free space on your SSDs
- Enforce Sequential Writes rather than Random Writes.

Fix at the source. 2X SQL application performance, accelerate Windows throughput 40+%, extend hardware life 2 to 3 years, reduce timeouts, crashes, and more. A software solution to software problems Just install, DymaxIOno code changes, no reboot necessary.

Call Synergy Software Systems 0097143365589

Zerologon – critical to patch now – especially for those with Windows Server 2008R2 or earlier versions

September 26th, 2020

One of the highest-impact Windows vulnerabilities patched this year is now under active exploitation by malicious hackers, Microsoft warned overnight, in a development that puts increasing pressure on laggards to update now. The Zerologon micropatch is ‘primarily targeted at Windows Server 2008 R2 users without Extended Security Updates’

CVE-2020-1472, as the vulnerability is tracked, allows hackers to instantly take control of the Active Directory, a Windows server resource that acts as an all-powerful gatekeeper for all machines connected to a network. Researchers have dubbed the vulnerability Zerologon, because it allows attackers with only minimal access to a vulnerable network to login to the Active Directory by sending a string of zeros in messages that use the Netlogon protocol. The entire attack is very fast and can last up to three seconds, at most. In addition, there are no limits to how an attacker can use the Zerologon attack. For example, the attacker could also pose as the domain controller itself and change its password, allowing the hacker to take over the entire corporate network.

Simply put Zerologon lets anyone with a network toehold obtain the domain-controller password

“A security update was released in August 2020. Customers who apply the update, or have automatic updates enabled, will be protected.” Microsoft statement

Organizations with vulnerable servers should muster whatever resources they need to make sure this patch is installed sooner rather than later.

https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc

A test tool form Secura on Github, which you can download here: https://github.com/SecuraBV/CVE-2020-1472 can tell you whether a domain controller is vulnerable or not.

We advise readers ‘not to be the organisation that made the headlines because it failed to patch.”

It cannot be used to take over Windows Servers from outside the network. An attacker first needs a foothold inside a network. However, when this condition is met, Satnam Narang, staff research engineer at Tenable, described Zerologon as a “game over” situation for any organisation unlucky or foolhardy enough to fall victim to it, and urged prompt attention.

This bug is also a boon for malware and ransomware gangs, which often rely on infecting one computer inside a company’s network and then spreading to multiple others. With Zerologon, this task has been considerably simplified.

0patch, issued a “micropatch” of its own for the bug. “Our micropatch was made for Windows Server 2008 R2, which reached end-of-support this January and stopped receiving Windows updates” 0patch is also porting the micropatch to various still-supported Windows Servers for customers who for various reasons can’t apply the Microsoft patch, he added.

Zerologon carries a critical severity rating from Microsoft as well as a maximum of 10 under the Common Vulnerability Scoring System. Despite the high rating, the escalation-of-privileges vulnerability received scant, if any, attention when Microsoft patched it in August, and Microsoft deemed the chances of actual exploitation “less likely.”

The security world finally took notice last week with the release of several proof-of-concept exploits and a detailed writeup, which demonstrated the severity of the vulnerability and the relative ease in exploiting it.
All hands on deck. On Wednesday evening, Microsoft issued a series of tweets that Zerologon was now being exploited in the wild.
“Microsoft is actively tracking threat actor activity using exploits for the CVE-2020-1472 Netlogon EoP vulnerability, dubbed Zerologon,” Microsoft representatives wrote. “We have observed attacks where public exploits have been incorporated into attacker playbooks.”

The company provided several digital signatures of files used in the attacks, but it didn’t publicly provide additional details. Microsoft has published a threat analytics report that’s designed to help administrators assess the vulnerability of their networks, but it’s available only to Office 365 subscribers..

It’s hard to overstate the severity of an exploit that makes it possible to take control of an Active Directory using several dozen lines of code. Active Directories (and the domain controller servers they run on) are the resources most cherished by ransomware attackers. With control over the central provisioning directory, they can infect entire fleets of machines within minutes. Nation-sponsored hackers performing surgical-precision espionage campaigns also prize such access because it allows them to control specific network resources of interest.

There may also be ways to exploit Zerologon directly from the Internet with no previous access. Internet searches and now more than 33,000 and 3 million networks are exposing domain controllers and Remote Procedure Call login servers to the public Internet. In the event a single network is exposing both resources, the combination may leave a network wide open with no other requirements.

The risk posed by Zerologon isn’t just that of facing a catastrophic hack. There’s also the threat of applying a patch that breaks a network’s most sensitive resource. Late last week, the cybersecurity arm of the Department of Homeland Security mandated agencies to either apply the patch by Monday night or remove domain controllers from the Internet. Less than three days later exploits are in the wild, so it’s clear there was good reason for the directive.

Patching Zerologon was no easy task for Microsoft, as the company had to modify how billions of devices are connecting to corporate networks, effectively disrupting the operations of countless of companies. This patching process is scheduled to take place over two phases. The first one took place last month, when Microsoft released a temporary fix for the Zerologon attack.
This temporary patch made the Netlogon security features (that Zerologon was disabling) mandatory for all Netlogon authentications, effectively breaking Zerologon attacks.
Nonetheless, a more complete patch is scheduled for February 2021, just in case attackers find a way around the August patches. Unfortunately, Microsoft anticipates that this later patch will end up breaking authentication on some devices. Some details about this second patch have been described here https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472

Note if you use Samba for domain control then that is also impacted and there is a patch available.

SnapLogic and Data Interchange for iPaas and EDI

August 20th, 2020

SnapLogic and Data Interchange have joined forces to bring together market leading iPaaS and EDI solutions
SnapLogic provides the #1 Intelligent Integration Platform.

The company’s AI-powered workflows and self-service integration capabilities make it fast and easy for organizations to manage:
- all their application integration,
- data integration,
- API management,
- B2B integration, a
- data engineering projects on a single, scalable platform.

Hundreds of Global 2000 customers — including Adobe, AstraZeneca, Box, Emirates, Schneider Electric, and Wendy’s — rely on SnapLogic to automate business processes, accelerate analytics, and drive digital transformation.

This new partnership will combine SnapLogic’s award winning Intelligent Integration Platform, with Data Interchange’s cloud based EDI solutions – Web EDI, and DiNet –to enable forward-thinking customers to drive internal digital transformation processes from a central platform, providing self-service integration up to ten times faster than other existing technologies.

Robert Steiner, CEO, Data Interchange commented:

“A partnership between SnapLogic and Data Interchange is a win/win. Many organisations not only have the need for strong and reliable integration systems, but they also need a good EDI partner with state-of-the-art functionality and their own VAN. Combining SnapLogic’s self-service iPaaS platform with our own self-service cloud based EDI platform and VAN provides customers with everything they need,”
“Working with SnapLogic has also enabled us to expand our market reach and capabilities. Integration is not only about application to application communication but also about automated data flows and supply chain management.”
Through the new partnership customers will be able to combine the trading world of EDI, including communication protocols like AS2 and OFTP, as well as a VAN, with a modern JSON, API-first platform. This ensures customers are able to push forward with their transformation initiatives using a single augmented, integrated platform covering EDI, data integration, AI/ML, application integration and streaming. Taking this approach means more re-use, reduced IT debt, faster time-to-market, and increased transformational agility with deeper and wider connectivity.

Roger Coles, Channel and Alliances Director EMEA at SnapLogic commented on the partnership:

“EDI has become increasingly important within organisations today, as they seek to streamline processes and automate various functions with the business. So we are excited to be announcing this new partnership with Data Interchange. By combining our two best-in-class solutions we will be able to provide a combine offering which we feel will be well received by our customers thanks to the unrivalled depth and breadth of functionality Data Interchange provides through its EDI solutions.”

If you need a faster and more robust way to develop, manage and maintain interfaces, with pre-built ‘snaps’, ETL, and streaming data callus ot learn more: 0097143365589

Microsoft’s storage compliance within Dynamics 365 and the Power Platform be aware.

August 19th, 2020

Microsoft’s storage compliance within Dynamics 365 and the Power Platform has operated to date primarily on a trust basis.
From 10 August 2020, the first restriction for those tenants over their limits comes into effect.

It is little surprise that Microsoft have begun to enforce storage compliance and it is important for businesses to ensure they are under their own quotas should the need to restore or copy data arise.

Further enforcement restrictions may be put in place in due course, so it is better to be aware of any issues now.

What is the restriction?
For administrators looking to copy or to restore an environment, this will no longer be possible if the tenant is over its storage quota.

The ability to be able to restore from backups is a key feature of the Power Platform Admin Center, particularly after any important data loss, so it will now be important to maintain storage levels under the quota to ensure this feature remains available.

How can you check my current storage levels?
Administrators can access the Capacity page of the Power Platform Admin Center via this link or by browsing to Resources>Capacity within the Power Platform Admin Center itself. From here, you will be presented with two diagrams; te first showing the current Storage Capacity Usage:

and the second showing the Storage Capacity By Source:

This table shows how your available storage is calculated and will vary depending on the licences your organisation has purchased.

I’m currently over my storage quota(s) – what can I do?
There are two routes to take when it comes to managing storage:
1. Delete unused data that may be unnecessarily taking up storage space. Microsoft have their own guide on how to achieve this but it is important to proceed with caution to prevent the deletion of business-critical data.
2. Purchase additional storage.

Clients of Synergy Software systems with existing support agreements who need assistance with reviewing their storage quota or wish to discuss the purchasing of additional storage, please get in touch. 0097143365589

Dynamics 365 HR and Payroll for the G.C.C. – ask Synergy Software Systems

August 19th, 2020

Microsoft rebranded Dynamics 365 Talent as Dynamics 365 Human Resources.( Dynamics 365 Talent is no longer sold -see our February 2020 post. The Attract and Onboard service will be available until 1 February 2022, or until your contract ends, whichever occurs first. LinkedIn is taking the lead on Talent Acquisition, Learning and People Success applications. Linked Talent Hub is a new applicant tracking system (ATS) that became available on 26 September 2019. LinkedIn Learning and Glint complete the portfolio of Talent Management solutions. Microsoft will offer a migration path to LinkedIn Talent Hub. The initial release of LinkedIn Talent Hub supports customers with less than 1000 employees. Data export tools will be available from within Attract to help customers transition to the Talent Acquisition solution of their choosing. Eligible customers using the Talent Onboard app may continue to use it through 1 February 2022 or until the end of their most recent Dynamics 365 contract or renewal, whichever occurs first. Migration tools will be provided within the Onboard app to help customers export onboarding guides.

Core HR – is now Dynamics 365 Human Resources

The key features include:

A central database for staff, with automatic updates.
The ability to set up and run benefit policies.
Automated absence monitoring and time management tracking.
Full CPD management, including performance reviews, matching competencies to job roles and target tracking.
Creation and delivery of training courses, including analysis of outcomes.
A questionnaire feature for gathering feedback and insight from employees. These are conducted digitally, with responses automatically linking to staff records and triggering suggestions for updating policies and strategies.

When you set up a Dynamics 365 Human Resources account, the first stage is to create an HR strategy on the platform. This will provide the overarching structure for how human capital is managed in your organisation, and includes things like specifying whether processes will be managed by department, by jobs or by positions.

Set up plans to guide day-to-day management of your HR operation through Microsoft Dynamics 365 Human Resources. These might be compensation and incentive plans for rewarding strong performance, or they might be training plans which link development to key strategic goals for the business overall.

An advantage of Microsoft Dynamics 365 Human Resources is how all of the data that is linked to plans is centrally stored and automatically updated. When you create a scheme for staff benefits such as a company laptop, phone or a car, then logging of data about upgrades and replacements is automated. The same applies to company incentive schemes like health insurance or pensions, which saves huge amounts of time in administration data maintenance work.

Dynamics 365 Human Resources supports compliance with employment laws in different jurisdictions. It will, for example, suggest complying with equality and disability laws, making recommendations based on personnel data.

Dynamics 365 Human Resources Employee Self Service allows employees to view and manage their core data via employee self-service. This ranges from the ability to view and manage personal details, bank information and competencies to compensation, leave & absence and benefits taking the load off from HR personnel making sure they can stay focused working on higher priority tasks.

Managers are also empowered to view and handle processes directly from Manager self-service and do not have to reach out to HR to manage tasks such as team’s to manage their team’s leave & absence, performance, to approve relevant requests or to view their team members’ position or compensation related information.

Leave & Absence in D365 HR was recently enhanced and allows HR to configure and manage as many leave & absence plans as needed and specify multiple details for each plan such as accruals, carry over amounts, how and when the balances are calculated and pro-rata rules to name a few. In addition, time off can be requested from employee self-service or manager self-service and the requests can be viewed in a calendar view format making it easy for manager or HR to assess the situation for any given period of time.

The HR team can effectively manage core processes related to hiring, transferring and terminating employees optionally supported by workflows to ensure that any required approvals are obtained before the processes can be finalised. These processes can be also enriched by utilising Task management in the form of checklists to make sure, that any related activities needed to be completed are distributed to relevant parties to action.

Dynamics 365 Human Resources makes it simple to configure compensation programs your organisation needs to support any plans and guidelines to ensure salaries are recorded properly. Any variable compensation such as bonuses or shares can be also easily recorded and managed within D365 HR to store the information in one place for comprehensive reporting and data management.

Performance management in D365 HR offers the ability to configure and manage reviews and goals accompanied by the option to record activities actioned or to be actioned during the review period. In addition, reviews and goals templates can be constructed to support your business and provide managers and employees with a starting point and a guiding framework to follow during the review process. Support each review by a different workflow to ensure the manager’s and employee’s approvals are in place before the review process is finished.

Dynamics 365 Human Resources allows HR users to schedule courses for which employees can be allowed to be signed up to via employee self-service. Skills and competencies recorded against the course and the course can be transferred to the employee’s record upon completion. HR and Managers can utilise skill assessment and skill to job analysis to see what competencies are needed and potentially missing when compared to required job-related competencies.

Synergy Software Systems has been implementing localied HR and Payroll and T@A systems in the UAE for over 20 years.
Our GCC localised HR admin and Payroll module for Dynamics 365 further extends and automates the core features with extensive workflows, reports and Power Bi dashboards.

Contact us on 009714 3365589

Modernise sales with Synergy Software Systems.

August 13th, 2020

Did you know that 55% of sales reps think their company’s sales tools are an obstacle instead of a facilitator?

Technology has rapidly changed the way customers buy. Customers now have more options on how when and where to buy, access to greater amounts of information, and communication channels have multiplied. As the complexity of sales increases, managing the sales process across multiple accounts can be challenging for sales teams. To better manage this complexity and help their sellers get more done, innovative organizations are modernizing their sales productivity.

Sales force automation and AI capabilities enable sellers to better manage lead. These intelligent solutions accelerate deals with an end-to-end, immersive experience for opportunity management; and integration with familiar tools—like Dynamics, Teams, Excel and Outlook—into their workflows to help increase collaboration and productivity.

- Focus on what’s most important and tailor interactions with your customers
– Streamline seller workflows, and get more done with integrations with familiar tools, like Office 365, that make work easier and faster
– Start with a sales solution that meets your needs and grows with your business

All of this means that sellers can spend less time on administrative work and more time meeting and communicating with customers, which leads to better solution design, more deals, higher revenue, and happier customers.

Please contact us to learn more about how Synergy Software Systems can help boost your revenue through modernizing your sales productivity with the latest automation tools.

callus on 0097143365589

Why do data warehouses fail? ask Synergy Software Systems for the latest research report

August 6th, 2020

Organizations are increasing their data warehouse investments, however, the process of identifying and moving data into a data warehouse is not always straightforward.

IT leaders report that organizational and technical challenges are hindering success, according to new research from SnapLogic and Vanson Bourne. This research firm surveyed hundreds of IT decision makers (ITDMs) and recently published their findings.

Key findings:

• Nearly nine in ten (88%) of ITDMs experience challenges trying to load data into data warehouses, major inhibitors are: legacy technology, complex data types and formats, data silos, and data access issues tied to regulatory requirements
• The average enterprise has 115 distinct applications and data sources, with almost half of those (49%) siloed and disconnected from one another
• 89% of ITDMs are worried about those data silos.
• ITDMs report that, on average, 42% of data management processes that could be automated are currently being done manually, taking up valuable time and resources
• As a result, almost all respondents (93%) believe improvements are needed in how they collect, manage, store, and analyze data

Building a data warehouse is one thing. continuously updating it with high data volumes, and rapidly and easily maintaining and updating multiple interfaces with low risk as software updates and business and regulatory requirements change is an ongoing challenge.

Find out how prebuilt snaps, data management tools, data streaming, and low code rapid integration development are supported with an integration platform as a service iPaaS.

Contact us today for a copy of the report and to see demo of Snap logic. 0097143365589

Dynamics Ax 2009, Ax 2012, and Windows 2008 all coming to end of life.

July 27th, 2020

Are you still running your business on Microsoft Dynamics AX 2009 or 2012?
Both versions are approaching the end of their life-cycles.
Microsoft is ending Mainstream Support for Dynamics AX 2009, AX 2012, and AX 2012 R2 this year and for AX 2012 R3 in 2021. That means no more security updates, hotfixes, warranty claims, design changes, features requests, and self-service support.

Even paid for extended support for AX 2009, AX 2012, and AX 2012 R2 ends in 2021.
For AX 2012 R3, it will be available until 2023.

ADOPT THE CLOUD, GET EXTENDED SUPPORT, OR DO NOTHING?
A custom support contract will extend the life of your ERP system beyond those dates. but it would mean significant expense. Generally, those support options could cost you between $50,000 and $150,000 per year. Is it really worth committing that kind of budget?

What are the options? If Dynamics AX 2009 or 2012 is working well for you and provides all the functionality you need, at a performance standard you like, then taking no action is one route. If you are not expecting dramatic growth or major changes in the way the company operates, and you have a good relationship with a Dynamics partner who can help you resolve any issues or make tweaks to the system then to do nothing it might be a short term option..

Don’t forget what you might be missing – the third option, is to upgrade to Dynamics 365 on the Azure cloud.

BUILD A BUSINESS CASE FOR THE CLOUD.
For many clients, the advantages of moving to the cloud are already compelling. . Once you’re in the cloud, you get periodic, largely automatic upgrades that require minimal IT involvement. Data protection and disaster recovery measures on Azure are state-of-the-art.

There are different costs and economies when moving to the cloud. You pay subscription fees instead of license and support investment in software. You no longer need worry about Windows and SQL licences and upgrades, and will see a reduction in server room utility bills.

We can help you to transition to cloud ERP. But, before you make any decision and pursue its realization, you should have a solid business case. An ERP upgrade is a major project and resource commitment even when it’s managed elegantly and efficiently. It’s worth it to be thorough in comparing the current and long-term benefits and costs of extending the life of your current AX solution, on the present or a modernized hardware and network infrastructure, or transitioning to Dynamics 365.
The whole architecture of the system has changed and migrating high volume, complex data, and custom code across an enterprise is not as simple as cloud advocates may claim. Its a whole new paradigm to support a digital revolution to a more agile. mobile world.

We can help you identify possible cloud ERP benefits that might not have been top-of-mind but are nonetheless highly advantageous. New approaches to automation, collaborations and communications with trading partners and customers can become more productive and faster in a cloud environment.

To gain better business insight or need to accommodate larger masses of data, the analytics and information management tools on Azure are powerful and can easily integrate with Dynamics 365. Any time, anywhere any device mobile access to ERP capabilities allows n ways of working.

Synergy software Systems is one of the oldest and most reputable Dynamics partners in the world. When it’s time to anticipate and prepare for the practicalities of your Dynamics 365 upgrade, we will work through them with you. We help you make sense of the licensing and figure out the most advantageous schedule. Engage with us to assess the effectiveness of your current processes, model possible improvements following the Dynamics 365 deployment, and prioritize the best sequence for bringing them into reality.

call us 0097143365589

https://docs.microsoft.com/en-us/dynamics365/fin-ops-core/fin-ops/get-started/mainstream-support-ax-2009-2012

https://docs.microsoft.com/en-us/lifecycle/

https://support.microsoft.com/en-gb/help/4456235/end-of-support-for-windows-server-2008-and-windows-server-2008-r2

UiPath attracts further $225m funding

July 20th, 2020

UiPath on Monday announced a $225 million Series E round, pushing its valuation to $10.2 billion.

Founded in 2005, UiPath builds technology called Robotic Process Automation, or RPA. It involves systems that use AI to learn and then take over routine and mundane software processes and business workflows from human workers. The company has more than $400 million in annual recurring revenue.

“COVID-19 has heightened the critical need of automation to address challenges and create value in days and weeks, not months and years,” UiPath CEO Daniel Dines said in a statement. “We are committed to working harder to help our customers evolve, transform, and succeed fast in the new normal.”

UiPath has a R&D hub in Bellevue, Wash., nearby Microsoft’s headquarters.

Synergy Software is the only MEA based UI Path Gold Partner. Let us show you how to streamline and automate process to reduce costs, and free up staff for higher value tasks, and reduce risk of fraud and data entry error.