Enter your email address:

Thursday, December 1, 2016

Make Your Agency's Intranet Page YOUR Home Page!

With the exception of a few agencies, when you open your internet browser you will be immediately directed to the State’s Home Page.

Recently, some agencies have been looking into the option of the internet browser defaulting to their agency’s intranet website. Department of Health happens to be one of the more recent agencies to make this conversion. When asked why they went this route, Barb Buhler explained:



“The goal of the switch is really to drive staff to the DOH Intranet and the resources that are posted there. We’ve made a concerted effort to add information staff need and have asked for (policies, fiscal forms, ACES guides, etc.) and wanted to make it as easy as possible for them to find it. Also, in spite of the fact there is a link to our Intranet in the footer of our main website, some staff commented it was hard to find. J This whole effort is just one part of a larger internal communications objective identified in our department strategic plan and our workgroup is continuing to look at expanding resources on the intranet.”

Barb later joked, “So far the response has been positive – one person commented they appreciate the easy access to our Intranet site but missed the “pretty pictures” on the state’s home page!”

While there might be a lot of other persuasive reasons to consider relinking your agency’s home page to it’s personal intranet- the point of this article is to inform you that the option exists! If you have further questions on how to go about this route, please contact your BIT Point of Contact (POC). They will be happy to assist you!


Tuesday, November 29, 2016

Employees of the Quarter!

Eric Swiggum

Eric Swiggum serves as a Database Administrator (DBA) focused on SQL database administration and support in the BIT Data Center DBA Team. Eric started with BIT in December 2012 as a SQL Server DBA and quickly learned the ropes in his new position. Eric came to BIT as an experienced technologist with a focus on database technology from the perspective of a business intelligence developer. Included in his background was a diverse knowledge in database technologies outside of SQL Server including IBM DB2, Oracle & Teradata. Eric also had prior experience administrating SQL Server, Informatica and enterprise scheduling software.

Over the past 20 months Eric has been converting workflow packages in SQL Server DTS* (Data Transformation Services packages) to SQL SSIS (Server Integration Services packages), working with developers as needed to get these packages converted. A majority of Eric’s efforts in this work have been focused on converting the legacy Visual Basic 6 script to Visual Basic .Net script. There were more than 450 packages to convert and this was a manual effort. A factor that increased the difficulty of this conversion was coordinating with all the different groups, developers and end-users. At times it was even difficult to find anyone in BIT that was familiar with the legacy DTS packages. Undaunted, he reached out to end users with knowledge of the processes involved to understand the business requirements of the code so that he could be sure to convert it while maintaining its functionality.

*DTS packages are a legacy facility replaced by SSIS packages and there is no automated migration available. 

The DTS to SSIS conversion is important as future versions of SQL Server will not support DTS packages. Normally this is the type of work a developer would take care of but development could not spare the resources for this project and the estimate provided by a service provider to perform the migration for BIT was nearly $200,000. Instead of costing the tax payers such a hefty fee, Eric volunteered to apply his development skills he brought to BIT and perform this work himself as time permitted, saving our citizens a tidy sum of money and allowing Development to stay focused on other client engagements.





Shawn England

Shawn England serves as a Technology Engineer III for the division of Telecommunications within the Bureau of Information and Telecommunications. Shawn began his journey with state government in September of 2009, briefly left for a couple of years to work for the Pierre School District, and was hired back at BIT in June of 2012.

Shawn’s primary focus as a Technology Engineer III consists of dealing with technology in schools, Fortinet, security, networking, servers, and wireless. About 2 years ago, Shawn proposed implementing a Border Gateway Protocol (BGP), which is a standardized exterior designed to exchange routing and reachability information which amount to autonomous systems (AS) on the Internet.

It was quite evident from the start that Shawn was willing to invest time into analyzing BIT's current technology as well as researching telecommunications provider technology. This solution came as part of the Communications Transport RFP which included connecting more than 800 sites to the DDN. Shawn evaluated features of network infrastructure hardware which allowed BIT to consolidate the on-site infrastructure from three devices to one. This effort has allowed BIT to save one-time and ongoing costs.

In addition to heading this effort, Shawn has stepped into a leadership role in the security and network areas within the last year at BIT. Shawn is easy to work with and always willing to help, making him a perfect candidate for the employee of the quarter award.

Outside of work, Shawn enjoys playing trombone, shaving “old-school-style” with lather and a brush,

and bicycling. He can also be found building cardboard box forts with his daughter, Bentley, drinking cold brew coffee and discussing school politics.

Susan Dutt




Susan’s primary day-to-day responsibilities include development and support of several DOT applications. One of these is the Concept To Contract (C2C) app, which tracks construction projects from the cradle to the grave. If there’s a DOT construction project in progress, planned, or even completed many years ago, Susan can locate the associated information.

In the fall of 1986, Susan graduated from SDSM&T as a computer science major and became a full-time DOT application developer. This was also around the time the IBM 286 PC (with an actual hard drive) first hit the market. A hard drive was pretty high tech, so she settled with a machine with dual floppies instead.

Susan kept up with the ever changing application development landscape over the years. She started programming in Natural and COBOL, but moved to the cutting edge to develop apps using dbase and DOS commands. Some of her original systems have made the transition from dbase to Access and then to SQL.

While Susan may write or review code once in a while, her main focus over the last few years has been as an analyst and project manager. Understanding the client’s business needs, personalities, and workflows allows her to excel. Many times, she understands the application and workflows better than the people utilizing or requesting the application.

Recently, Susan has acquired the role of scrum master. The scrum master is the facilitator/coach of a team of developers that utilize the scrum development methodology for creating applications. Her most recent Scrum development project is an Environmental Tracking System for DOT. Even though resources have been pulled from the project, she still manages to keep the project pointed in a positive direction.

Susan grew up in Tolstoy, SD--go Greyhounds!--and still spends many weekends there with her mother and other family members to lend a helping hand. She also enjoys reading, cooking, gardening, crocheting, and the occasional cross stitch.

Congratulations Eric, Shawn, and Susan! BIT is happy to have you!



Monday, November 28, 2016

It's Cyber Monday! Are You Prepared?


How do attackers target online shoppers?
  • Creating fraudulent sites and email messages – Unlike traditional shopping, where you know that a store is actually the store it claims to be, attackers can create fraudulent, malicious websites or email messages that appear to be legitimate. Attackers may also misrepresent themselves as charities, especially after natural disasters or during holiday seasons. Attackers create these malicious sites and email messages to try to convince you to supply personal and financial information.
  • Intercepting insecure transactions – If a vendor does not use encryption, an attacker may be able to intercept your information as it is transmitted. This could include intercepting your name, address, and payment card information.
  • Targeting vulnerable computers – If you do not take steps to protect your computer from viruses, malware or other malicious code, an attacker may be able to gain access to your computer and all of the information on it. It is also important for vendors to protect their computers to prevent attackers from accessing customer databases.

How can you protect yourself?
  • Do business with reputable vendors.
  •  Make sure your information is being encrypted (SSL). Make sure the URL in your browser begins with https: 
  • Be wary of emails requesting personal, credit card, or email information. 
  • Use a credit card – In contrast to using a debit card, the money is subtracted from your bank account directly, making it very hard to get back. With a credit card, you can always dispute the charge.  
  • Check your shopping app settings – Apps on mobile devices sometimes request far too many permissions. Your shopping app wants to access your calendar? We don’t think so. 
  • Check your statements – After entering your credit card information online, most shoppers falsely assume the threat ends here. Unfortunately that’s not always the case. Merchants or someone else may use your information to make additional purchases or charges. · Check privacy policies – Most privacy policies provide an explanation about merchant policies in regards to sharing your data. 

Tuesday, November 15, 2016

Email Phishing Is Real And Very Dangerous!


In August of 2016 29% of state government employees failed an authorized internal phishing. Nearly 30% of the set of employees tested clicked on a fake link that could have downloaded malware to their computer or compromised it in some manner. This is a serious problem!

The magnitude of this failure indicates we need to increase efforts to educate and inform employees of the significant risks associated with a simple email message. In a typical month, state government receives nearly 10 million email messages, of which over 80% are identified as spam or malicious and are automatically blocked. 8 million are blocked by technical processes! But our automated defenses are insufficient to block all nefarious messages. It is imperative that every employee with an email box be consciously aware of a message before clicking on it and any contents within or attached to the message. The phishing threat occurs within state government every day!

Yes – a simple email message can put at risk all of that confidential data entrusted to us. We must be smart with every message we receive.

Phishing is defined as sending a malicious electronic communication, e-mail, text, etc., and is recognized as the most common attack vector in cyber-crime today. A variation of phishing, spear-phishing, is a more targeted phishing attack aimed at specific organization or group of individuals. The attackers research the organization, seeking names of departments and managers, and use this information to construct emails which appear to be legitimate and authentic.

The very recent data exfiltration’s from the Democratic National Committee and presidential campaign are rumored to have been initiated with a Gmail phishing message. Once the foothold from downloaded malware or compromised credentials is achieved, hackers can ‘leap frog’ from computer to computer looking for valuable data.

Whaling, yet another form of phishing, targets high-level executives with more focused and topically-researched malicious emails. State government has experienced very specific whaling messages being delivered to senior level departmental executives within the past month. Again, the threat is at our front door.

Please, be particularly wary of unexpected emails relating to local, national, and world natural disasters. Hackers frequently use headline-causing events as the subject of their malicious emails, seeking to capitalize on people’s curiosity and empathy. They will construct messages that appear to originate from a charitable organization, but the only people they are interested in helping is themselves.

Telltale signs of a potential phishing email or message include messages from companies you don’t have accounts with, spelling or grammatical mistakes, messages from the wrong email address (e.g. info@yourbank.fakewebsite.com instead of info@yourbank.com), generic greetings (e.g. “Dear user” instead of your name), and unexpected messages with a sense of urgency designed to prompt you into responding quickly providing you no time to verify the information. “Resume” and “Unpaid Invoice” are popular attachments used in phishing campaigns.

Easy tips to protect yourself from phishing:
  • Do not follow links embedded in an unsolicited email. Instead type in the address yourself. Better yet, look up the organization’s main URL and go directly there. Be especially wary of “tiny links”. Very short URLs are commonly used by hackers to hide the actual destination site.
  •  ALWAYS hover over URLs to verify they represent the site they purport to denote. In the example below, the message claims to be from Apple asking the user if a purchase was legitimate. Of course they make it sound like the transaction should be canceled. If you hover over the link of apple.com though, you see the true link for the URL is diligentproperty.com. It is NOT apple.com. 
  • Only open email attachments you’re expecting, even if the email came from your friend. They may already be infected and this could be a malicious email sent by the malware infecting their machine. 
  • Be cautious about container files, such as .zip files, as malicious files could be packed inside. Those files are extremely dangerous and should not be opened. 
  • To verify a suspicious email and/or attachment – forward it to the BIT ReportSpam@state.sd.us mailbox, and we will safely evaluate the contents. 
  • Use antivirus software to detect and disable malicious programs, such as spyware or backdoor Trojans, which may be included in phishing emails. Your state computer is regularly updated with new definitions and features. To facilitate timely installation of these updates, do not delay when you are asked to “Restart” your computer; please do so that day. 
  • Be suspicious of unsolicited emails, text messages, and phone callers. Use discretion when providing information to unsolicited phone callers, and never provide sensitive personal or account information via email. 
  • If you want to verify a suspicious email, contact the organization directly with a known phone number. Do not call the number provided in the email. Or, have the company send you something through the US mail (which scammers won’t do). 
  • Do not send any sensitive personal information via email. Legitimate organizations will not ask users to send information this way. 

Thursday, November 3, 2016

Dan Maxfield, State Disc Golf Champion!


On September 17th and 18th our fellow BIT employee Dan Maxfield participated in the 2016 State Disc Golf Championship Tournament hosted in Pierre by the Sharpe Shooters Disc Golf Club.

The tournament took place at Oahe Downstream and Steamboat Park, along with a temporary course at Hilger's Gulch. The tournament consists of multiple divisions, opening it up to all ages to participate. The attendance for the past 2 years has been about 138 players.

Dan was able to walk away as this year's state champion! He explained that he has played disc golf for about six years; however, this is his first ever state championship. When asked what his favorite part of playing disc golf was, he explained:
The best part is playing disc golf with my son, Matt. I started playing with my son about six years ago. We bought a couple of discs and went to a local disc golf park in Rapid City. We love playing the game together and traveling statewide to compete in disc golf tournaments every year. We usually compete in 6-10 tournaments annually. Disc Golf is also a good way to meet new people, Matt and I have made some good friends all over the state because of this sport.
When asked for advice he would give to someone thinking about picking up the sport, Dan said:
My advice to anyone thinking of starting would be to do some research on the types of discs out there and to buy discs that are specifically designed for a beginner. Some of my early frustrations with the sport was that I would buy a disc and would not be able to throw it right and then later on would find out that the disc was designed for a more advanced player. A person can get started with as little as one disc but some companies sell beginner kits that have a driver, mid-range, and putter to make it easier to get started buying discs. Also getting involved with a local disc golf club and ask questions, our club is a very open group that welcomes new players and offers any advice to help a new player. Our club the Sharpe Shooters Disc Golf club, which also works with the YMCA to run a disc golf league that starts in June to promote the sport and is designed for all ages and levels of players.

Tuesday, October 18, 2016

A New Hacking Trend? USB Drives


If you receive a mysterious USB drive in your mailbox- don’t open it!

In Australia, residents have been receiving unmarked USB drives in their mailboxes. Upon plugging in these drives, users see what appears to be a promotional offer from Netflix or another streaming service.

Those who proceeded with the installation found that it didn’t contain free entertainment, but rather infectious ransomware.

In more recent years, ransomware has become an ever-increasing threat. Viruses are used to steal data and use IT machines for nefarious purposes. Ransomware can give criminals an immediate payday when someone is successfully infected. Ransomware works by encrypting files stored on the machine and unlocking payment methods stored within the machine.

Moral of the story: If you receive an unmarked USB in your mailbox… Throw it away!

Citations

http://www.extremetech.com/computing/236157-australian-police-warn-of-ransomware-usb-drives-showing-up-in-mailboxes

Friday, October 14, 2016

October: National Cyber Security Month

The popularity of social networking sites continues to increase, especially among teenagers and young adults. The nature of these sites introduces security risks, so you should take certain precautions.

While the majority of people using these sites do not pose a threat, malicious people may be drawn to them due to the accessibility and amount of personal information that's available. The more information malicious people have about you, the easier it is for them to take advantage of you. Predators may form relationships online, and then convince unsuspecting individuals to meet them in person. That could lead to a dangerous situation. The personal information can also be used to conduct a social engineering attack. Using information that you provide about your location, travel plans, hobbies, interests, and friends, a malicious person could impersonate a trusted friend or convince you that they have the authority to access other personal or financial data.

What can you do?
  • Limit the amount of personal information you post
  • Remember that the Internet is a public resource 
  • Be wary of strangers
  • Be skeptical
  • Evaluate your settings and privacy policies - Take advantage of a site's privacy settings.
  • Be wary of third-party applications
  • Use strong passwords, and change them frequently
  • Keep software, particularly your web browser, up to date
  • Use and Maintain anti-virus software · Be cognizant of the company you keep. If you receive strange or unusual requests from ‘friends’ it is possible their account may have been compromised or cloned.