Archive for the ‘Security and Compliance’ category

Hijacked website domains – keep control of your content

July 9th, 2020

An oversight has long plagued Azure-hosted sites. It was recently reported that 240 website subdomains belonging to organizations large and small, were hijacked to redirect netizens to malware, X-rated material, online gambling, and other unexpected content. All due to the way they were hosted in Microsoft’s Azure cloud. Those organisations include: Chevron, the Red Cross, UNESCO, 3M, Getty Images, Hawaiian Airlines, Arm, Warner Brothers, Honeywell, Autodesk, Toshiba, Xerox, the NHS, Siemens, Volvo, Clear Channel, Total, and more. Microsoft itself accidentally allowed some of its own long-forgotten subdomains to slip into the hands of spammers. It’s not that these organizations were hacked; they rented a corner of the internet, added their logo and name, and when they no longer needed that space, they emptied it but left the door open for others to enter and run a casino or a porno store at the same address under the same brand.

Xerox found that one of its subdomains, advanced.core.freeflow.xerox.com, was commandeered to host pages linking to websites advertising escorts, kitchenware, oil paintings, and more, in the hope that the reputation of xerox.com would boost the linked-to sites in web search engine rankings. At one point advanced.core.freeflow.xerox.com was hosted in the Microsoft cloud on a server named something along the lines of webserver9000.azurewebsites.net, chosen by Xerox’s IT admins. When whatever was living at advanced.core.freeflow.xerox.com was no longer needed, Xerox would have spun down webserver9000.azurewebsites.net, releasing it for others to use. The point is that advanced.core.freeflow.xerox.com still pointed to webserver9000.azurewebsites.net, so when someone else came along and spun up a virtual server using that hostname, they could control the content of advanced.core.freeflow.xerox.com.

This is doubly embarrassing for Xerox, because the Maze ransomware team also claims to have infiltrated the tech giant’s network and exfiltrated gigabytes of internal data, which will be leaked unless the extortionists are paid off.

The latest list of hijacked subdomains was drawn up by Zach Edwards, who reported the URLs at the end of June to Microsoft as well as the affected organizations,. He said he earlier reported two to three dozen commandeered government and university subdomains as a priority.

Many of these subdomain takeovers appear to be by a single group that has been active for years. Some pages redirect to malware, some redirect to porn or casinos or other potential clients that pay them for inbound links, some direct to malicious chrome extensions, or cracked software.

Crooks try to hide their presence once they’ve hijacked a subdomain, by making the root URL show a 404 or “coming soon” message. Further down the directory tree, however, are potentially thousands of files containing everything from malicious redirects through affiliate links to pages designed to trick people into installing malware to links to blogs and seedy sites to boost their rankings.

At the end of last month, Microsoft published a support article explaining to customers how to avoid losing control of their subdomain content.

IPaaS – Snaplogic for rapid integration – ask Synergy Software Systems

July 1st, 2020

Forrester TEI Report – contact us for a copy. Learn how Box easily integrated 30 apps and saved $1M

the latest additions to a growing liwt of awards.

KSA Higher Customs Duty June 2020

June 29th, 2020

The Kingdom of Saudi Arabia (KSA) has published the new list of goods on which higher customs duty rates which are effective from 20 June 2020.

Earlier the Customs duty increased was supposed to be effective from 10 June 2020.

Further, in view of the VAT rate increase to be effective 1st July 2020, it is recommended for the businesses operating in KSA to do an impact assessment to identify the impact of VAT and Customs duty increase on their business.

Outlook fails to start for some users after June 2020 upgrade

June 25th, 2020

Microsoft says in a support document recently published that Outlook will fail to start for some users, automatically displaying an error prompting the users to repair some inbox files. According to the company, all users who have updated Outlook to version 2005 Build 12827.20268 or higher will see an error prompt saying that “Something is wrong with one of your data files and Outlook needs to close. Outlook might be able to fix your file. Click OK to run the Inbox Repair Tool.”

Microsoft lists this known issue as being caused by the June 2020 updates on a support page with fixes and workarounds for recent issues affecting Outlook for PC.

After Outlook users click the “OK” button, the Inbox Repair Tool launches and walks them through the repair process. The next step is to reboot the computer to apply the fixes and, hopefully, have the issue resolved but, instead, Outlook will again display the same error.

No fix yet, workaround available
Microsoft says that an official fix is not yet available for customers using stable Outlook versions after updating to version 2005 Build 12827.20268 or later, however, an initial fix is being tested by users of Outlook Insider Beta version 13004.10000.
“The Outlook Team is investigating this issue with the Windows Team,” the support article reads. “We are not sure yet if the primary fix will come from Outlook or Windows. When we have more information on fix details we will add them here.”

Microsoft does provide a workaround that should make Outlook usable again for all users and it requires modifying the registry by deleting a number of keys related to the PST document format.

Another issue preventing Outlook and other Windows 10 programs from launching was fixed by Avast on June 13 after Avast and AVG security applications inadvertently set registry keys blocking executables from running on Windows 10 versions 2004, 1909, and 1903.

Earlier this month, Microsoft also issued the KB4484398 Microsoft Office non-security update to address an issue causing sporadic crashes in Outlook 2016 and shared folders to disappear from Favorites when customers started Outlook in an offline state.

In mid-May, Redmond also started rolling out a fix for Outlook search issues affecting clients updated to versions 2004 12730.20236 and 2004 12730.20250.

Economic Substance Regulation (ESR) in the U.A.E. ask Synergy Software Systems

June 16th, 2020

Existing companies should have complied with the regulations by now, since the starting date was 30th April 2019.

(If an entity fails to meet the requirements or if inaccurate information is given to the regulatory authority, annual administrative penalties of AED 10,000 to AED 300,000 will apply. If they fail to meet the requirements for consecutive years, the penalties will increase and might force the authorities to suspend, revoke or deny renewal of an entity’s license.)

(In the case of new entities, regulations must be complied with upon receiving its trade license.)

This legislation (collectively, referred to as the “Economic Substance Regulations“) were issued in response to the UAE’s inclusion in the European Union’s list of non-cooperative jurisdictions for tax purposes, and their aim is to facilitate tax transparency and fair tax competition in the UAE’ The Economic Substance Regulations apply to natural or juridical (legal) persons, including all UAE onshore and free zone companies, branches, foundations, non-profit organisations and partnerships (referred to as “Licensees“) that carry out one or more of the following “Relevant Activities” in the UAE -see below for the details. With the introduction of ESR, UAE has been removed from the blacklist of tax havens.

BEPS [Base Erosion Profit Shifting)] Base Erosion Profit Shifting directives are regulations issued by the Organization for Economic Cooperation and Development [OECD] to combat corporate policies for Tax Planning which would shift the profits of companies from low tax rate jurisdictions to high tax jurisdictions. Thus “eroding” the tax base in high tax jurisdictions.

The appropriate regulatory authority varies depending on the type of Relevant Activity and the location in which it is undertaken. Each regulatory authority will set out the form of the reports to be filed and the mechanisms for submitting such forms.

What is the economic substance test?
The economic substance test requires a Licensee to demonstrate that:
• the Licensee and the Relevant Activity are being directed and managed in the UAE;
• the relevant Core Income Generating Activities (“CIGAs“) are being conducted in the UAE; and
• the Licensee has an adequate number of employees and adequate physical assets and expenditure in the UAE.

Licensees carrying out a holding company business or a high risk IP business are subject to different economic substance test requirements.

See: https://www.mof.gov.ae/en/StrategicPartnerships/Pages/ESR.aspx for some useful documents including a flow chart.

The Regulations require UAE onshore and free zone companies and other UAE business forms that carry out any of the “Relevant Activities” listed below to maintain an adequate “economic presence” in the UAE relative to the activities they undertake.

Relevant Activities:
• Banking Business
• Insurance Business
• Investment Fund management Business
• Lease – Finance Business
• Headquarters Business
• Shipping Business
• Holding Company Business
• Intellectual property Business (“IP”)
• Distribution and Service Centre Business

The Regulations provide a definition to each of the above Activities. The provisions of the Regulations shall not apply to Companies in which the Federal Government of the UAE or the Government of any Emirate of the UAE, or any governmental authority or body or any of them has at least 51% direct or indirect ownership in their share capital.

Entities that are governed by the Regulations will need to submit a notification to their Regulatory Authority (defined under Cabinet Decision No (58) of 2019 issued on 4 September 2019) from 1 January 2020 onwards, and prepare and submit to the same Regulatory Authority an economic substance declaration within 12 months from the end of their financial year (e.g. 31 December 2020 for entities with a financial year ending 31 December 2019).

An entity is not required to meet the economic substance test and file an economic substance declaration for any financial period in which it has not earned income from a Relevant Activity. Failure by an entity to comply with the Regulations shall result in administrative penalties, spontaneous exchange of information with the Foreign Competent Authority (as defined in Article 1 of the Regulations), and potential suspension, revocation or non-renewal of its registration.

In the DIFC, the ESR will be administered by the Registrar of Companies (“Registrar”) for all DIFC entities, including entities that are regulated by the DFSA. Key points to note about ESR and how to prepare your business for it :
1. All DIFC entities are required to submit an economic substance notification by 30 June 2020 in the DIFC Client Portal
2. The UAE Ministry of Finance has issued a Relevant Activities Guide which should assist you in determining whether your business conducts a relevant activity and falls within the scope of the ESR.
3. Your business may also be required to file an economic substance return (“ES Return”), within 12 months of your financial year end, to demonstrate that your business meets the ESR requirements. Information relating to the ES Return will be issued in the second half of 2020.

There is a requirement for a business to use the “Substance over Form” approach when evaluating whether they undertake a relevant activity or not. This means that companies will not only be evaluated on what activities are stated on their commercial license but their activities will be evaluated and ESR applied accordingly.

It is not a requirement that a UAE entity is directly engaged in the performance of a relevant activity directly. When an entity is earning income passively from a relevant activity, it will be sufficient for the application of Economic Substance Regulations [ESR].All Entities which assess that they are involved in the performance of a Relevant Activity will carry out the Economic Substance Test for Economic Substance Regulations [ESR].

The Economic Substance is composed of two parts:
1. The Direct and Managed Test:
The Entity needs to be directed and managed in the UAE with regards to the relevant activity carried out in the Emirates.

2. The Core Income Generated Activities Test [CIGA]:
1. The Entity that performs the relevant activities for the purpose of application of Economic Substance Regulations [ESR], need to demonstrate that the CIGA’s are undertaken in the UAE.The activity which constitutes as a CIGA varies with the activity being performed.

The Entities which exist in the United Arab Emirates and carry out relevant activities within its jurisdiction need to follow certainly and comply with certain reporting requirements. The entities will be required to submit an annual notice to their Regulatory Authority indicating that they are carrying out a Relevant Activity in the preceding Financial Year and whether there has been any Income from the Relevant activity that has been subject to Taxation outside the United Arab Emirates.

UAE entities that qualify for an exemption from the Economic Substance Regulations, or those that did not earn any income from their Relevant Activities will still be required to file a notification with the Relevant Authority.

UAE Entities which qualify for submission of notification, and those that earned any income from the same, will also be required to file an Annual Economic Substance Return. The purpose of the Return is to make an assessment of the requirements of economic substance regulations are met, the income earned, qualifications of the staff involved, and information about the premises and other assets used in carrying out the relevant activity.

What are the Penalties for Non-Compliance of [ESR]?
In addition to an exchange of information by the UAE with countries which are a member of Organization for Economic Cooperation and Development [OECD] to remove the possibility of Base Erosion and Profit Shifting, failure to comply will cause the levy of administrative penalties not less than 10,000 AED and not more than 50,000 AED for failure to comply for the first year. In case of failure to comply with ESR, the minimum amount of penalty will be increased to 50,000 AED and the maximum amount to 300,000 AED. In addition to this, additional penalties, such as suspending, revocation of UAE Trade License may also be levied.

Security, Agile and DevOps

June 13th, 2020

As we move to an era of no code citizen developers there is increasing risk that security remains an afterthought when organizations are building software. The latest Verizon threat report identified that web application attacks have doubled, and that cloud-based data is under attack. The surge in web app security breaches in 2019 further solidifies that ‘crowd funded’ testing is no substitute for proper QA. The whole agile /DevSecOps approach has done much to improve user feedback to developers to improve the functionality and speed to market of business solutions, but informal end user tests alone are not sufficient where security is concerned,

With the rush to embrace digital services, organizations are too often focused on the speed of release rather than on the quality of services. To accelerate the pace of digital transformation, security must be a fundamental part of software development. To develop code faster, you should also identify vulnerabilities sooner. Otherwise, you run the risk of DevOps, simply creating software with vulnerabilities, more quickly.Embed security within all aspects of your software deign and development process rather than expect it to be bolted on as an afterthought. The threat is real sophisticated and growing. Criminals also use automation and Machine intelligence to identify and to attack vulnerabilities faster.

Attackers recently hijacked powerful machine-learning clusters inside Microsoft’s Azure cloud-computing service so that they could mine cryptocurrency at the expense of the customers who rented services. The nodes, which were misconfigured by customers, made the perfect target for so-called cryptojacking schemes. Machine-learning tasks typically require vast amounts of computing resources. By redirecting thsoe to perform the compute-intensive workloads required to mine digital coins, the attackers found a means to generate large amounts of currency at little, or no cost.

The infected clusters were running Kubeflow, an open source framework for machine-learning applications in Kubernetes, which is itself an open source platform for deploying scalable applications across large numbers of computers. Microsoft said compromised clusters it discovered numbered in the “tens.” Many of those ran an image available from a public repository, apparently to save users the hassle of creating one themselves. Upon further inspection, Microsoft investigators discovered it contained code that surreptitiously mined the Monero cryptocurrency.

After finding the infected clusters, investigators turned their attention to how the machines were compromised. For security, the dashboard that allows administrators to control Kubeflow is, by default, accessible only through istio ingress, a gateway that’s typically located at the edge of the cluster network. The default setting prevents people across the Internet from accessing the dashboard and making unauthorized changes to the cluster.

This week Yossi Weizman, a security-research software engineer in the Azure Security Center, said : “We believe that some users chose to do it for convenience. Without this action, accessing the dashboard requires tunneling through the Kubernetes API server and isn’t direct. By exposing the Service to the Internet, users can access the dashboard directly. However, this operation enables insecure access to the Kubeflow dashboard, which allows anyone to perform operations in Kubeflow, including deploying new containers in the cluster.”

Once attackers have access to the dashboard, they have multiple options for deploying backdoored containers in the cluster. For instance, attackers can create what’s known as a Jupyter Notebook server that runs on the cluster. They can then place a malicious image inside of the Jupyter Notebook. If a Jupyter Notebook is already installed, it can be maliciously modified.
Weizman wrote.:” Azure Security Center has detected multiple campaigns against Kubernetes clusters in the past that have a similar access vector: an exposed service to the Internet. However, this is the first time that we have identified an attack that targets Kubeflow environments specifically.”

SnapLogic May 2020 many enhancements – ask Synergy Software Systems

May 14th, 2020

We are thrilled to announce the general availability of the May 2020 release of the SnapLogic Intelligent Integration Platform (IIP).

New Iris artificial intelligence (AI) innovations within this release allow you to build painless integrations, increase collaboration within your organization with new Stickies, and automate workflows with new SAP S/4HANA Snaps, among many more.

New Mask Snap, powered by Iris AI: Simplify data masking!

As you work with a variety of data in your dev and test environments, it is always good practice to shield and protect sensitive information. Masking sensitive or personally identifiable information such as: social security numbers (SSN), email addresses, names, street addresses, and birthdates is easy with our new Mask Snap.

With the Mask Snap, Iris AI is embedded in every step :
- suggestions on the fields you should mask,
- recommended search mode,
- recommended match mode,
- recommended masking options

You can remove or mask fields, and it works with all data types, including highly-nested JSON.

We continue to enhance our industry-leading AI technology to make it easy for you to build integrations and automations, easily and painlessly. With the new May 2020 release, as you are configuring a database or an application Snap, Iris AI now provides configuration recommendations such as schema name, object name. To provide these recommendations, Iris employs over five years of metadata information and usage patterns to intelligently determine the most commonly used schemas and objects in your organization.

From source to destination, Iris AI continues to simplify schema mappings – map even complex schemas in minutes. With the May 2020 release, Iris now provides target recommendations in Mapper for exact matches between source and destination schemas.

Boost collaboration with peers using Stickies!
SnapLogic customers who have previewed our May 2020 release have embraced our new Stickies feature with great enthusiasm. Stickies enables better collaboration and documentation of your pipeline building efforts. Stickies allow you to create and post notes on the Designer canvas to annotate different parts of the pipeline and document the workings of a pipeline in detail.
Stickies provide a great collaboration tool between IT teams, who might create pipelines, and business teams, who might want to customize and run pipelines based on their specific needs.

Stickies reside at the pipeline level, thus, they complement the Snap level ‘note’ feature already present in the platform. Additionally, Stickies are part of a pipeline’s metadata – export stickies along with your pipelines.

Deeper operational insights with Insights dashboard and task monitoring

In the May 2020 release, to provide you with trends data on operational parameters and task level insights into your SnapLogic deployment, there are significant updates to the Dashboard tab.

USe the enhanced Insights tab to improve operational efficiency with a view of historic usage and trends across key performance indicators (KPIs) such as :
- documents processed,
- pipeline executions,
-Snap executions, etc.

Filter these KPIs by specific criteria and personalize the view stohave the most relevant visualizations at the top.

The May 2020 release introduces a new tab, called ‘Task’, to provide a task level view of your SnapLogic deployment. Monitor the performance and health of your tasks and drill down into historical information to identify where certain tasks are failing or underperforming. Significantly improve your efficiency as you troubleshoot the root cause of a dip in performance or failure.

Automate your customer journey with new SAP S/4HANA Snap Pack

Another key update in the May 2020 release is the new SAP S/4HANA Snap Pack. SAP S/4HANA, is a modern enterprise resource planning (ERP) system that leverages SAP HANA, an in-memory database. Here are a few key use cases k:

- Order-to-Cash from Salesforce to SAP S/4HANA
- Real-time inventory management from databases to SAP S/4HANA
- Advanced financial planning with data from SAP S/4HANA to Anaplan
- Managing and engaging talent with automations across Workday and SAP S/4 HANA
- Managing organizational spend across Coupa or SAP Ariba and SAP S/4HANA

The SAP S/4HANA Snap Pack provides Create, Delete, Read, and Update Snaps and massively simplifies data modeling as you build automated business processes to connect SAP S/4HANA with other systems.

Build a single source of truth for your customer profile data inAdobe Experience Platform

We have updated the Adobe Experience Platform,( previously referred to as Adobe Cloud Platform Snap Pack). Use it as the single source of truth for your customer profile data. Update and maintain customer data in real-time to power accurate, up-to-the-moment, insights for your sales, marketing, and support teams. This Snap Pack update consists of a Write Snap, an S3 connector, and an AEP File Generator to leverage the capabilities of the Adobe Experience Platform and eliminate data silos for your customer profile data.

Connect with other Snap updates with confidence

Cassandra Snap Pack: now updated to support v3, with an updated JDBC driver
Snowflake Snap Pack: updated to JDBC driver version 3.12.3.
ServiceNow Snaps: now certified against Madrid, Orlando, and New York versions.
Oracle Snaps now supports version 19c.

SnapLogic eXtreme enhancements

Offering enhanced account encryption and cross-account IAM roles, SnapLogic eXtreme gets a big security boost with this release. These two new enhancements help your organization improve its security posture while delegating access to AWS EMR resources that SnapLogic eXtreme leverages to execute Spark-based pipelines.

Enhanced Account Encryption leverages Amazon KMS asymmetric keys– you no longer need to put in the secret key associated with your account in the SnapLogic UI.

Cross-Account IAM Role enables SnapLogic to assume an authorized role for the purpose of managing the lifecycle of Amazon EMR clusters that run Spark mode data transformations, so you don’t have to do it..

SnapLogic eXtreme is broadly applicable with support for any JDBC compliant data store.

Use a Spark mode pipeline to read from or to write to any JDBC compliant database.

Important for big data workloads – no longer need to use a data lake like S3 for staging.

COVID-19 the fight back with RPA and UiPath. Ask Synergy Software Systems

April 17th, 2020

Synergy Support during covid-19 lockdown

April 6th, 2020

As a precautionary measure instructed by our Government for COVID-19 to be Safe at Home to protect our staff and to protect the community Synergy, consultants are instructed to work from home for at east the next two weeks.

To help us to provide continuous support please follow these guidelines to ensure our queries are recorded and assigned to be addressed in addressed as soon as possible.:

1. Send an email with a clear description in the email Subject line”, which will be helpful to track the email chain.
2. Please mention any internal issue/ticket number assigned, the user, and as much detail as possible e.g. transaction detail such as: order number, vendor code, item code – take a screenshot – copy any error message and attach those details to the email. Better still record the steps e.g. with e.g. webex, or task recorder.
3. If you are not on your work telephone number, or email, e,g when working from home yourself, then ensure you provide contact information for us to reach you.
4. To understand the issue, we may need to connect to the user PC through a screen sharing app such as Microsoft TEAMS, or Go To Meeting. Please ask your admin take appropriate action to ensure we can dial in remotely to your systems if needed, Even when located elsewhere they will also able to join such sessions.
5. Every request is given a ticket number and is then assigned to a consultant. For follow up communication please mention the ticket number. That will make it easier for us to find and review the details and actions to date. It’s possible that more than one consultant may be involved and they will be working remote from each other. This will save time for everyone .
6. Once the support request/ issue is resolved, upon receipt of confirmation email, the request will be closed.
7. When needed to discuss pending issues we will also be available to have a conference call via Microsoft Teams. issues @ mutual agreed time.
6. All support request to be sent to Axapta.support@synergy-software.com and we suggest copy in the lead consultant and account manager with whom you normally deal’
7. Please circulate this information to respective users and department heads, so that everyone working from home is aware that we are still available to support you as best we can and that they know how to help us, to help them.

Another security breach affecting millions.

April 2nd, 2020

The personal information of as many as 5.2 million Marriott guests may have been illegally accessed online, in the hotel group’s second major data breach in less than two years. The firm revealed Tuesday that information may have included names, phone numbers, birthdays, loyalty information and room preferences.

Marriott spotted an ‘unexpected amount’ of guest information had been accessed at the end of February using login credentials of two employees at a franchised property. whose logins have since been disabled while the group assists authorities with their investigation to track down the digital thieves. ‘The company believes that this activity started in mid-January 2020,’ Marriott shared in a statement.

In November 2018, the firm announced that 500 million guests’ data may have been exposed in breaches of the system for its Starwood portfolio that began in 2014. The recent data breach, according to Marriott, did not seem to include credit card information, passport numbers or driver’s license information. it is is offering affected guests free enrollment in a personal information monitoring service for up to one year.

Synergy support during lockdown -IT continuity guidance

March 29th, 2020

Despite the necessary lockdown we are still providing support , as best we can using a range of technologies. Microsoft Teams is helping members of practice to collaborate and assist each other.

Other than for emergencies Site visits will cease for this week, however we will be available for screen sharing sessions and conference calls.

We understand these are difficult times. You may be faced with staff absence due to illness due difficulty with travel. Ensure there is a disaster recover/continuity plan in action. Intermittent social distancing approach might be the normal way we live for at least 12-18 months.

Cybercrime is also likely to increase with new scams.

Help us to help you.

Consider shift working or staggered hours or hybrid office and home working as means to social distancing.

What if your available staff was cut by 50% for two weeks, or by 25% for 2 months? Consider if your System Admin is not there and your staff are home working.?

Improve your defences: Get servers, desktops, etc cleaned up of old temp files, update key patches and antivirus, clean down log files, review back up strategy and what is the current state of backups e.g on user laptops.
Write-up a list of your critical business services and applications that are essential to keep your company operating. Record the supplier and what you understand about their availability for remote working, for example:
- Main telephone line
- Email
- Database Applications
- Specialist “Line of Business’ applications (e.g. accountancy, architectural, legal)
- File Share and Documents
-Printers and Copiers.
Do you need additional flash storage to move or to back up data?
Who can give us access rights to dial into your system when needed?.
Who can add and suspend users?
Who can check backups?
Who can check logs?
Are key passwords securely stored?
What will be your procedure for support when your staff work from home?
Can staff take laptops home?
How will they dial into your network?
Data privacy laws
What new tools do you need? e.g.
- remote dial in connectivity e.g. to access a file on a network store
- enhanced security -you may have reduced staff to deal with any attack
- monitoring software
- central mobile network management e.g.to patch a device without needing it to come back to office.

Identify home-workers who are already set-up to work from home
Your business will already have users who regularly work from home. They will have some kind of mobile computer device that can access business cloud services or have secure access (VPN) into the office network to access on-premise services. These individuals are invariably set and ready to work from home.

Identify users that may access some business services available when out of the office (e.g. email on smartphone). These users may access certain business services, such as email, on a smartphone or home PC (webmail). However, is this be enough for them to do their jobs effectively. Identify what services they would need access to be fully productive if they were forced to work from home.

Identify users that have never accessed business technology system from anywhere but at the place of work. These users will likely work from a desktop computer in the office. They also have no remote working facility and may not even have a smartphone or home computer that can access business systems. Confirm that your users have working broadband Internet connection at their home
- Don’t take for granted that your users have broadband Internet at their homes or can get access to a good-quality connection.
- Is it adequate to access your business’ cloud and office systems.
- Confirm that your existing remote-working technology has the capacity to accommodate all of your users working remotely at the same time
- Even if you have the capability for remote working for all of users, have they all worked remotely simultaneously and can your business IT infrastructure handle this?
-Do they need any extra training to work this way?

- Speak to your IT team to ensure the equipment and bandwidth can withstand your entire organisation working from home.
- Speak to your telecoms providers and determine whether you have a cloud-based system. – If you have a cloud-based telecoms system then the likelihood of being able to setup remote extensions to manage your calls is very likely. Alternatively, you should very easily be able to divert your numbers online (via a portal).

If you have a fixed-line system, ask your provider how long it will take to setup a divert at the local telephone exchange and what is the process.

How will you leave policy be affected?

- Will there be return flights?
– What if staff are returning from an infected area?
- how much leave can they bring forward to supervise children off school or care for a sick relative?
How much can they defer because they can;t travel?

Travel Policy?
Airports, railway stations and other busy hubs almost certainly carry a higher risk than working in the office.

It may be a good idea to reduce face to face meetings and use online services like Teams to reduce travel risks.

Medical
Be ready for a rush of insurance claims.

Remote and home working

March 25th, 2020

Remote work is ever more popular due to the rapid technological

Organizations that adopt this model must allow their resources to be accessed by employees remotely. I

Benefits of remote work opportunities
This model has opened a range of benefits for both employees and employers. This model provides a suitable work-life balance for employees. The productivity of the employees sometimes increases substantially when they can work within their comfort zone. and are not fatigued with rush hour traffic. Collaborative working is much easier for dispersed groups with solutions like Microsoft Teams.Teams has already sold more than 1 million licences this year, as the coronavirus makes remote working a necessity.

Enabling remote work options to employees, a business can reduce risk of virus spread and shut down offices or skeleton staff and save on infrastructure and utility expenses.

Employees save on commuting expenses and reduce exposure to the virus or risk of transmitting to others. With schools closed for an uncertain period, and flights to and from home countries curtailed, right now it a necessity for many to work from home

Challenges with working remotely
There are a few common concerns with remote work. One of the concerns is the difficulty in managing remote workers and their work, as without direct supervision.

Any communication or access issues to the company application tools and software for remote workers can cause a sense of isolation and frustration for the employees.

Data security is another area of concern when company mission-critical applications are hosted in the Cloud for remote access. In this regard, the virtualization of applications and desktop environments creates easier and safer ways of remote access without the chance of critical data being compromised. However, not every virtualization solution is feature-rich, cost-effective, and at the same time easy to install.

Parallels® Remote Application Server (RAS) is a cost-effective virtualization software solution to deliver mission-critical virtual applications and desktop environments to end-user devices anywhere in the world.

We offer a FAST TRACK package to enable you to deploy Parallels RAS and extend remote access to any users in your organization,to maintain business continuity. You can quickly:

- Utilize Remote PC functionality in Parallels RAS.

- Use Parallels RAS out-of-the-box with multi-cloud deployments to publish virtual apps and desktops, such as Microsoft Azure and Amazon Web Services (AWS).

- Leverage on-premises infrastructure to quickly publish applications and desktops using our RD Session Host configuration wizard.

- Intuitive and seamless user experience (UX) on any device, allowing employees to access their workspace from anywhere, on any device, anytime.

- Enhanced data security with tools to help your organization monitor and secure applications, desktops and data in multi-cloud environments.

- Scale your IT infrastructure on-demand - quickly adapt to continuous workplace changes and demands for new applications or desktop types.

Supports multi-cloud deployments by offering fast, scalable, and reliable access to corporate applications from virtually anywhere.

The FAST TRACK package:

- Will not auto-renew unless you want to extend its use
- Will auto-expire at the end of term

A best-in-class user experience on any device—including HTML5 browsers, iOS and Android—retains your workforce productivity even on the go.

Parallels Client provides a local workspace–like experience on any device, keeping employees' productivity high no matter the device they use. Enable employees on the move to use the native touch gestures they know—swipe, drag, tap to click, zoom—with any Windows application on their mobile devices.

Parallels HTML5 Client provides a rich workspace experience, including support for local peripherals and file drag-and-drop. Employees can continue working on active applications and desktops even when switching networks. The HTML5 Client can be customized to fit specific departments or user demands.

Parallels Client permits multiple applications to run on your device. Different files can be kept open, allowing you to switch between them on demand. Functionality such as copy and paste can be used, including native gestures like swiping left or right to switch between applications and files.

Parallels RAS enables printing from any device, utilizing local printers without any configuration needed. The universal printer driver receives the printing job, compresses it and sends it back to the local device. There is no need to install local printer drivers when using Parallels RAS Universal Printing.

href="http://www.synergy-software.com/blog/wp-content/uploads/2020/03/parallels1.png">

- 24/7 access to your applications and files. Because the unexpected happens all the time.

- One simple tap on your mobile device, and you’re connected reliably to your computer.

- Access it from any other computer through a browser and your secure Parallels account.

- Navigate your hard drive easily to find a file or photo, then copy or open it with a tap.

Test the seamless web access UX on our HTML5 Live Demo.

Contact us now for more information. 009714365589

COVID -19 – Synergy Software Systems

March 23rd, 2020

Its a difficult time for all.
We continue to provide the best support service we can taking into account the safety of our staff, compliance with local health and statutory authorities, and the impacts of travel disruption for consulting assignments outside the U.A,E, or those returning from holiday.

Where possible please engage with us by email and telephone rand fax rather than seek face to face meetings.’

In most case support cases can be dealt with by screen sharing internet sessions. Similarly for training or for virtual meetings.

Any meeting should involve minimal travel, meeting duration, and minimum number of people and ensure appropriate social distancing and dispensing with shaking hands.

Please note that our building management are no longer allowing visitors to our building.

You may find yourself short of staff due to absence, or staff who cannot return from holiday. Consider engaging us to provide a limited set of managed services for essential tasks that can be done remotely e.g checking backups are complete, managing log files, adding new users.

In Lombardy’s northeastern city of Bergamo, 134 family doctors out of 600 – or 22% – had fallen sick or were quarantined, Guido Marinoni, the head of the local association of general practitioners, said….
“…….like fighting a war with a toy gun. I hope the rest of Europe learn from the good things Italy did, but also from our mistakes.”

Dr Hugh Montgomery, chairman of intensive care medicine at University College London, explained why Covid-19 is so infectious and why it’s so important to stop it as early as possible.
“If I get normal flu, I am going to infect on average between 1.3 and 1.4 people. When those 1.3, 1.4 people gave it to the next lot, that is the second time it gets passed on. By the time that is happening 10 times, I’ve been responsible for about 14 cases of flu.

This coronavirus is very, very infectious, so every person passes it on to 3 others.Now that doesn’t sound like much of a difference, but if each of those three passes it to three, and that happens at 10 levels of contact then I have been responsible for infecting 59,000 people.”

Grim and terrifying news – that starkly exposes the seriousness of the problem we all face. A Frontline Doctor For The Mail On Sunday

https://www.msn.com/en-gb/health/medical/the-look-of-panic-among-medics-patients-failing-to-get-oxygen-in-their-lungs-and-dangerous-under-dressing-of-staff-frontline-nhs-doctor-reveals-how-coronavirus-has-unleashed-terror-in-hospital/ar-BB11w4yB

Stay safe.

U.A.E. National Nutrition Guidelines ask Synergy Software Systems

March 18th, 2020

Ministry of Health and Prevention (MoHaP) launched the National Nutrition Guidelines (to serve as a unified national reference on food and nutrition education in the UAE’s community and health institutions. The guideline aims to:

- improve the nutritional status of the UAE’s community and raise awareness about healthy eating behaviour and lifestyle-related diseases
- reduce the prevalence of chronic and malnutrition diseases such as:obesity, diabetes, hypertension, heart disease, anemia, osteoporosis and vitamin deficiency
- scale down non-communicable diseases and mortality rates
- encourage individuals to engage in physical activities for better health.

The guidelines consist of six guides. These are:

- to support and promote a healthy living system through healthy food and physical activity
- to maintain healthy food intake at all stages of life
- to reduce calories resulting from high sugar, saturated and trans fats and to reduce salt intake
- to eat variety of diet food and drinks that are rich in nutrients and high in nutritional intensity
- to adopt healthy food patterns
-to achieve food safety.

The National Nutrition Guidelines were developed in collaboration with the U.A.E’s Food Security Office, the World Health Organization (WHO), the Gulf Nutrition Committee and the local government bodies across the U.A.E.

If you are involved in food preparation and menu planning and need access to comprehensive nutritional databases and easy to use software then callus and ask about our Nutrition solution.

Counterstrike against Necurs, a massive botnet

March 12th, 2020

Microsoft and an international consortium of partners this week launched a counterstrike against Necurs, a massive botnet that Microsoft had been observing and analyzing for nearly eight years.

Botnets are packs of hundreds, thousands or millions of PCs, sometimes called zombies, that have been infected with malware and are under the command and control of malicious actors. Under-patched and out-of-support Windows 7 computer can be infected with a Trojan that enlists that computer in various nefarious schemes. The zombie PC’s owner may notice nothing at all, or sometimes suspect a decline in performance. According to Microsoft, Necurs has had a role in a lot of those nefarious schemes.

Believed to be controlled by criminals in Russia, the botnet is also thought to have been used directly by its owners, as well as rented out as a botnet-as-a-service fy. One of its highest-profile roles was aiding in distribution of the GameOver Zeus banking trojan.

In the years since it first came to the attention of security researchers in 2012, the network has infected as many as 9 million computers globally. It has left its nasty digital fingerprints on pump-and-dump stock scams, fake pharmaceutical spam, Russian dating scams, Internet-based computer attacks, credential theft schemes, data theft attempts, cryptomining and, of course, ransomware. While botnets can be a key component of distributed denial-of-service (DDoS) attacks and Necurs has DDoS capabilities, Microsoft says that particular use for the botnet has not been documented.

BitSight, a cyber risk management platform provider that worked closely with Microsoft on the Necurs problem. alleged “From 2016 to 2019, it was the most prominent method to deliver spam and malware by criminals and was responsible for 90% of the malware spread by email worldwide,”

Microsoft on March 5 got an order from the U.S. District Court for the Eastern District of New York to take over the systems inside the United States that are used by Necurs for malware distribution and computer infections.

Microsoft and its partners crafted a sophisticated response built on the technical specifics of the Necurs botnet. Having studied the algorithm that Necurs uses to generate new domains, Microsoft used its considerable technical resources to jump ahead of the botnet .e to accurately predict over six million unique domains that would be created in the next 25 months,”wrote Tom Burt, Microsoft corporate vice president for customer security and trust, in a blog post.

The main counterstrike was launched Tuesday from what a detailed New York Times account described as an “eerily empty Microsoft campus” due to most workers having been ordered home to prevent the spread of the coronavirus.

” “Microsoft is also taking the additional step of partnering with Internet Service Providers (ISPs) and others around the world to rid their customers’ computers of malware associated with the Necurs botnet.”

As a concrete step, Microsoft is pointing users to the Microsoft Safety Scanner to help wipe their computers of malware, including Necurs.

Microsoft executives were resigned that any drops in spam, malware and cyberattacks would be temporary at best. In the NYT article, executives described the effort — sadly and accurately — as a game of whack-a-mole.