Home » 2016

Yearly Archives: 2016

Please Welcome New Employee, Stephanie Riggle!

Stephanie Riggle recently joined BIT as an Accountant/Auditor I. Originally from Eagle Butte, Stephanie has lived in Dupree and Watertown – where she attended high school.

Stephanie earned her business degree online from the University of Phoenix where she studied business with an emphasis in accounting. Prior to working for BIT, Stephanie worked for the Bureau of Administration’s Division of Property Management as the asset accountant. Prior to that, she worked at Oahe Federal Credit Union as a loan officer.

Stephanie is most excited to expand her knowledge of the industry while working at BIT. When not taking care of her 4 month old, 8 year old daughter, and 10 year old stepdaughter, Stephanie enjoys reading, playing games, doing puzzles, scrapbooking and “of course cleaning.”

Welcome to BIT, Stephanie! We are happy to have you!

How To Share Microsoft Excel Spreadsheets


Have you ever been working with an Excel document that needed to be accessed by multiple people? Often it is possible to grant access to these people, but only one person is able to edit. Here’s a simple trick to avoid that problem!

Step 1:

  • In your Microsoft Excel document, click the File tab on the upper left hand corner of the screen and select Options from the left side menu.
  • A new tab will open. Select Trust Center and then Trust Center Settings.
  • A new tab will open. Select Privacy Options on the lower left hand of the column and then under Document-specific settings make sure “Remove personal information from file properties on save.” is unchecked. Press Ok.

Step 2:

  • Under the Review tab at the top of the Excel worksheet, click on Share Workbook.

  • A new tab will open. Make sure there is a check mark next to the box that states “Allow changes by more than one user at the same time.”


And there you have it! Now you can share Microsoft Excel spreadsheets without the worry of being unable to edit content due to multiple users at the same time!

New Device? Check Your CyberSecurity

From the Desk of Thomas F. Duffy, Chair

Last month, we talked about how you can minimize your risk of identity theft and malicious cyber activity while doing your online holiday shopping. In this month’s issue, we’ll focus on another aspect of the holiday season: that new device you get or give during the holidays. Whether it’s a smartphone, laptop, desktop, tablet, or another device, check out the below tips to help you protect your new technology and secure your personal data.
  • Configure your device with security in mind. The “out-of-the-box” configurations of many devices and software are default settings often geared more toward ease-of-use and extra features rather than securing your device to protect your information. Enable security settings, paying particular attention to those that control information sharing.
  • Change the device’s password – the default passwords for many brands of devices are well known to hackers. 
  • Remember to secure your Internet of Things (IoT) devices. Internet of Things devices include smart home thermostats, home surveillance cameras, smart refrigerators, lights, and many other examples. These need to be secured just like your phones, tablets, and laptops. One way to do this is to change the default password that comes pre-configured on the device to a strong password of your own choosing. This makes it much harder for cyber criminals to compromise your household devices.
  • Turn on your firewall. Firewalls provide an essential function of protecting your computer or device from potentially malicious actors. Without a firewall, you might be exposing your personal information to any computer on the internet.
  • Lock the device. Locking your device with a strong PIN or password makes unauthorized access to your information more difficult. Passwords are more secure than PINs and should be at least 8 characters long combining upper and lower case letters, numbers, and symbols. If you have an Android device and want to use a lock screen pattern, make sure the pattern includes at least 7 points and doubles back over itself (e.g. at least 2 turns). Additionally, make sure that your device automatically locks after a brief period of inactivity, preferably between 30 seconds and two minutes. This way, if you misplace your device, you minimize the opportunity for someone to access your personal information.
  • Regularly apply updates. Manufacturers and application developers update their code to fix weaknesses and push out the updates. Enable settings to automatically apply these updates to ensure that you’re fixing the identified weaknesses in the applications.
  • Install antivirus software. Install antivirus software if it is available for your device and enable automatic updating of the antivirus software to incorporate the most recently identified threats.
  • Disable unwanted and unneeded services. Capabilities such as Bluetooth, network connections, mobile wallets, and Near Field Communications provide ease and convenience in using your smartphone. They can also provide an easy way for a nearby, unauthorized user to gain access to your data. Turn these features off when they are not needed. Also consider disabling or uninstalling other features or apps that you no longer use.
  • Be careful when downloading apps. Apps provide a lot of wonderful capabilities for your device, but they are a common way that malicious actors disseminate malware or gather information about you. Always make sure you trust the app provider and download the app from the Google Play Store, Apple’s App Store, or other trusted source, as they proactively remove known malicious apps to protect users. Be proactive and make sure that you read the privacy statement, review permissions, check the app reviews, and look online to see if any security company has identified the app as malicious.
  • Set up a non-privileged account for general web use. Privileged (such as Administrator or Root) accounts allow you to make changes in how your device operates, but a compromised administrator account provides attackers with the authority to access anything on your device. Use a non-privileged account when browsing websites and checking emails.
  • Maintain your device’s security. Remember that setting your device to be secure is great, but you have to keep those settings, as well. It may be tempting to do away with some of the security, such as a lock screen password, or allowing the settings to change when you get an app update, but that puts your device and information at risk.
By using caution and following these tips, you can help secure your new device and protect your information. Have a safe, secure, and joyous holiday season!
Citation:

Make Your Agency’s Intranet Page YOUR Home Page!

With the exception of a few agencies, when you open your internet browser you will be immediately directed to the State’s Home Page.

Recently, some agencies have been looking into the option of the internet browser defaulting to their agency’s intranet website. Department of Health happens to be one of the more recent agencies to make this conversion. When asked why they went this route, Barb Buhler explained:

“The goal of the switch is really to drive staff to the DOH Intranet and the resources that are posted there. We’ve made a concerted effort to add information staff need and have asked for (policies, fiscal forms, ACES guides, etc.) and wanted to make it as easy as possible for them to find it. Also, in spite of the fact there is a link to our Intranet in the footer of our main website, some staff commented it was hard to find. J This whole effort is just one part of a larger internal communications objective identified in our department strategic plan and our workgroup is continuing to look at expanding resources on the intranet.”

Barb later joked, “So far the response has been positive – one person commented they appreciate the easy access to our Intranet site but missed the “pretty pictures” on the state’s home page!”

While there might be a lot of other persuasive reasons to consider relinking your agency’s home page to it’s personal intranet- the point of this article is to inform you that the option exists! If you have further questions on how to go about this route, please contact your BIT Point of Contact (POC). They will be happy to assist you!

Employees of the Quarter!

Eric Swiggum

Eric Swiggum serves as a Database Administrator (DBA) focused on SQL database administration and support in the BIT Data Center DBA Team. Eric started with BIT in December 2012 as a SQL Server DBA and quickly learned the ropes in his new position. Eric came to BIT as an experienced technologist with a focus on database technology from the perspective of a business intelligence developer. Included in his background was a diverse knowledge in database technologies outside of SQL Server including IBM DB2, Oracle & Teradata. Eric also had prior experience administrating SQL Server, Informatica and enterprise scheduling software.

Over the past 20 months Eric has been converting workflow packages in SQL Server DTS* (Data Transformation Services packages) to SQL SSIS (Server Integration Services packages), working with developers as needed to get these packages converted. A majority of Eric’s efforts in this work have been focused on converting the legacy Visual Basic 6 script to Visual Basic .Net script. There were more than 450 packages to convert and this was a manual effort. A factor that increased the difficulty of this conversion was coordinating with all the different groups, developers and end-users. At times it was even difficult to find anyone in BIT that was familiar with the legacy DTS packages. Undaunted, he reached out to end users with knowledge of the processes involved to understand the business requirements of the code so that he could be sure to convert it while maintaining its functionality.

*DTS packages are a legacy facility replaced by SSIS packages and there is no automated migration available. 

The DTS to SSIS conversion is important as future versions of SQL Server will not support DTS packages. Normally this is the type of work a developer would take care of but development could not spare the resources for this project and the estimate provided by a service provider to perform the migration for BIT was nearly $200,000. Instead of costing the tax payers such a hefty fee, Eric volunteered to apply his development skills he brought to BIT and perform this work himself as time permitted, saving our citizens a tidy sum of money and allowing Development to stay focused on other client engagements.

Shawn England


Shawn England serves as a Technology Engineer III for the division of Telecommunications within the Bureau of Information and Telecommunications. Shawn began his journey with state government in September of 2009, briefly left for a couple of years to work for the Pierre School District, and was hired back at BIT in June of 2012.

Shawn’s primary focus as a Technology Engineer III consists of dealing with technology in schools, Fortinet, security, networking, servers, and wireless. About 2 years ago, Shawn proposed implementing a Border Gateway Protocol (BGP), which is a standardized exterior designed to exchange routing and reachability information which amount to autonomous systems (AS) on the Internet.

It was quite evident from the start that Shawn was willing to invest time into analyzing BIT’s current technology as well as researching telecommunications provider technology. This solution came as part of the Communications Transport RFP which included connecting more than 800 sites to the DDN. Shawn evaluated features of network infrastructure hardware which allowed BIT to consolidate the on-site infrastructure from three devices to one. This effort has allowed BIT to save one-time and ongoing costs.

In addition to heading this effort, Shawn has stepped into a leadership role in the security and network areas within the last year at BIT. Shawn is easy to work with and always willing to help, making him a perfect candidate for the employee of the quarter award.

Outside of work, Shawn enjoys playing trombone, shaving “old-school-style” with lather and a brush,

and bicycling. He can also be found building cardboard box forts with his daughter, Bentley, drinking cold brew coffee and discussing school politics.

Susan Dutt

Susan’s primary day-to-day responsibilities include development and support of several DOT applications. One of these is the Concept To Contract (C2C) app, which tracks construction projects from the cradle to the grave. If there’s a DOT construction project in progress, planned, or even completed many years ago, Susan can locate the associated information.

In the fall of 1986, Susan graduated from SDSM&T as a computer science major and became a full-time DOT application developer. This was also around the time the IBM 286 PC (with an actual hard drive) first hit the market. A hard drive was pretty high tech, so she settled with a machine with dual floppies instead.

Susan kept up with the ever changing application development landscape over the years. She started programming in Natural and COBOL, but moved to the cutting edge to develop apps using dbase and DOS commands. Some of her original systems have made the transition from dbase to Access and then to SQL.

While Susan may write or review code once in a while, her main focus over the last few years has been as an analyst and project manager. Understanding the client’s business needs, personalities, and workflows allows her to excel. Many times, she understands the application and workflows better than the people utilizing or requesting the application.

Recently, Susan has acquired the role of scrum master. The scrum master is the facilitator/coach of a team of developers that utilize the scrum development methodology for creating applications. Her most recent Scrum development project is an Environmental Tracking System for DOT. Even though resources have been pulled from the project, she still manages to keep the project pointed in a positive direction.

Susan grew up in Tolstoy, SD–go Greyhounds!–and still spends many weekends there with her mother and other family members to lend a helping hand. She also enjoys reading, cooking, gardening, crocheting, and the occasional cross stitch.

Congratulations Eric, Shawn, and Susan! BIT is happy to have you!

It’s Cyber Monday! Are You Prepared?


How do attackers target online shoppers?

  • Creating fraudulent sites and email messages – Unlike traditional shopping, where you know that a store is actually the store it claims to be, attackers can create fraudulent, malicious websites or email messages that appear to be legitimate. Attackers may also misrepresent themselves as charities, especially after natural disasters or during holiday seasons. Attackers create these malicious sites and email messages to try to convince you to supply personal and financial information.
  • Intercepting insecure transactions – If a vendor does not use encryption, an attacker may be able to intercept your information as it is transmitted. This could include intercepting your name, address, and payment card information.
  • Targeting vulnerable computers – If you do not take steps to protect your computer from viruses, malware or other malicious code, an attacker may be able to gain access to your computer and all of the information on it. It is also important for vendors to protect their computers to prevent attackers from accessing customer databases.


How can you protect yourself?

  • Do business with reputable vendors.
  •  Make sure your information is being encrypted (SSL). Make sure the URL in your browser begins with https: 
  • Be wary of emails requesting personal, credit card, or email information. 
  • Use a credit card – In contrast to using a debit card, the money is subtracted from your bank account directly, making it very hard to get back. With a credit card, you can always dispute the charge.  
  • Check your shopping app settings – Apps on mobile devices sometimes request far too many permissions. Your shopping app wants to access your calendar? We don’t think so. 
  • Check your statements – After entering your credit card information online, most shoppers falsely assume the threat ends here. Unfortunately that’s not always the case. Merchants or someone else may use your information to make additional purchases or charges. · Check privacy policies – Most privacy policies provide an explanation about merchant policies in regards to sharing your data. 

Email Phishing Is Real And Very Dangerous!


In August of 2016 29% of state government employees failed an authorized internal phishing. Nearly 30% of the set of employees tested clicked on a fake link that could have downloaded malware to their computer or compromised it in some manner. This is a serious problem!

The magnitude of this failure indicates we need to increase efforts to educate and inform employees of the significant risks associated with a simple email message. In a typical month, state government receives nearly 10 million email messages, of which over 80% are identified as spam or malicious and are automatically blocked. 8 million are blocked by technical processes! But our automated defenses are insufficient to block all nefarious messages. It is imperative that every employee with an email box be consciously aware of a message before clicking on it and any contents within or attached to the message. The phishing threat occurs within state government every day!

Yes – a simple email message can put at risk all of that confidential data entrusted to us. We must be smart with every message we receive.

Phishing is defined as sending a malicious electronic communication, e-mail, text, etc., and is recognized as the most common attack vector in cyber-crime today. A variation of phishing, spear-phishing, is a more targeted phishing attack aimed at specific organization or group of individuals. The attackers research the organization, seeking names of departments and managers, and use this information to construct emails which appear to be legitimate and authentic.

The very recent data exfiltration’s from the Democratic National Committee and presidential campaign are rumored to have been initiated with a Gmail phishing message. Once the foothold from downloaded malware or compromised credentials is achieved, hackers can ‘leap frog’ from computer to computer looking for valuable data.

Whaling, yet another form of phishing, targets high-level executives with more focused and topically-researched malicious emails. State government has experienced very specific whaling messages being delivered to senior level departmental executives within the past month. Again, the threat is at our front door.

Please, be particularly wary of unexpected emails relating to local, national, and world natural disasters. Hackers frequently use headline-causing events as the subject of their malicious emails, seeking to capitalize on people’s curiosity and empathy. They will construct messages that appear to originate from a charitable organization, but the only people they are interested in helping is themselves.

Telltale signs of a potential phishing email or message include messages from companies you don’t have accounts with, spelling or grammatical mistakes, messages from the wrong email address (e.g. info@yourbank.fakewebsite.com instead of info@yourbank.com), generic greetings (e.g. “Dear user” instead of your name), and unexpected messages with a sense of urgency designed to prompt you into responding quickly providing you no time to verify the information. “Resume” and “Unpaid Invoice” are popular attachments used in phishing campaigns.

Easy tips to protect yourself from phishing:

  • Do not follow links embedded in an unsolicited email. Instead type in the address yourself. Better yet, look up the organization’s main URL and go directly there. Be especially wary of “tiny links”. Very short URLs are commonly used by hackers to hide the actual destination site.
  •  ALWAYS hover over URLs to verify they represent the site they purport to denote. In the example below, the message claims to be from Apple asking the user if a purchase was legitimate. Of course they make it sound like the transaction should be canceled. If you hover over the link of apple.com though, you see the true link for the URL is diligentproperty.com. It is NOT apple.com. 
  • Only open email attachments you’re expecting, even if the email came from your friend. They may already be infected and this could be a malicious email sent by the malware infecting their machine. 
  • Be cautious about container files, such as .zip files, as malicious files could be packed inside. Those files are extremely dangerous and should not be opened. 
  • To verify a suspicious email and/or attachment – forward it to the BIT ReportSpam@state.sd.us mailbox, and we will safely evaluate the contents. 
  • Use antivirus software to detect and disable malicious programs, such as spyware or backdoor Trojans, which may be included in phishing emails. Your state computer is regularly updated with new definitions and features. To facilitate timely installation of these updates, do not delay when you are asked to “Restart” your computer; please do so that day. 
  • Be suspicious of unsolicited emails, text messages, and phone callers. Use discretion when providing information to unsolicited phone callers, and never provide sensitive personal or account information via email. 
  • If you want to verify a suspicious email, contact the organization directly with a known phone number. Do not call the number provided in the email. Or, have the company send you something through the US mail (which scammers won’t do). 
  • Do not send any sensitive personal information via email. Legitimate organizations will not ask users to send information this way. 

Dan Maxfield, State Disc Golf Champion!

On September 17th and 18th our fellow BIT employee Dan Maxfield participated in the 2016 State Disc Golf Championship Tournament hosted in Pierre by the Sharpe Shooters Disc Golf Club.

The tournament took place at Oahe Downstream and Steamboat Park, along with a temporary course at Hilger’s Gulch. The tournament consists of multiple divisions, opening it up to all ages to participate. The attendance for the past 2 years has been about 138 players.

Dan was able to walk away as this year’s state champion! He explained that he has played disc golf for about six years; however, this is his first ever state championship. When asked what his favorite part of playing disc golf was, he explained:

The best part is playing disc golf with my son, Matt. I started playing with my son about six years ago. We bought a couple of discs and went to a local disc golf park in Rapid City. We love playing the game together and traveling statewide to compete in disc golf tournaments every year. We usually compete in 6-10 tournaments annually. Disc Golf is also a good way to meet new people, Matt and I have made some good friends all over the state because of this sport.

When asked for advice he would give to someone thinking about picking up the sport, Dan said:

My advice to anyone thinking of starting would be to do some research on the types of discs out there and to buy discs that are specifically designed for a beginner. Some of my early frustrations with the sport was that I would buy a disc and would not be able to throw it right and then later on would find out that the disc was designed for a more advanced player. A person can get started with as little as one disc but some companies sell beginner kits that have a driver, mid-range, and putter to make it easier to get started buying discs. Also getting involved with a local disc golf club and ask questions, our club is a very open group that welcomes new players and offers any advice to help a new player. Our club the Sharpe Shooters Disc Golf club, which also works with the YMCA to run a disc golf league that starts in June to promote the sport and is designed for all ages and levels of players.

A New Hacking Trend? USB Drives


If you receive a mysterious USB drive in your mailbox- don’t open it!

In Australia, residents have been receiving unmarked USB drives in their mailboxes. Upon plugging in these drives, users see what appears to be a promotional offer from Netflix or another streaming service.

Those who proceeded with the installation found that it didn’t contain free entertainment, but rather infectious ransomware.

In more recent years, ransomware has become an ever-increasing threat. Viruses are used to steal data and use IT machines for nefarious purposes. Ransomware can give criminals an immediate payday when someone is successfully infected. Ransomware works by encrypting files stored on the machine and unlocking payment methods stored within the machine.

Moral of the story: If you receive an unmarked USB in your mailbox… Throw it away!

Citations

http://www.extremetech.com/computing/236157-australian-police-warn-of-ransomware-usb-drives-showing-up-in-mailboxes

Обзор сайта feko.com.ua

Медные трубы сегодня используются в системах охладительного оборудования, кондиционерах, небольших радиаторах, для транспортировки определённых типов жидких агентов. По большому счету преимущество данного материала заключается в технических характеристиках и физических свойствах меди. В первую очередь и самое главное, материал быстро нагревается и легко отдает температуру, забирая ее от рабочего агента, движущегося по системе. Таким образом, целесообразно использовать данные системы в специальных радиаторах и системах охлаждения. Качественная медная труба цены на нее составляют довольно высокие показатели, но стоит отметить, что данный металл не ржавеет. При правильном использовании он прослужит в несколько раз, чем железная вариация. По большому счету современные компании и поставщики предоставляют своим клиентам взаимовыгодное сотрудничество при покупке. В настоящее время интернет магазин поставляет качественные трубы и фитинги по всей Украине. В наличие имеется запорная арматура, системы трубопроводов и множество других изделий. Если вы заинтересованы в сотрудничестве с нами, то можете воспользоваться уникальным интернет каталогом. Здесь множество интересных и перспективных вариаций товаров по самым выгодным ценам. Современные медные трубки используют для транспортировки агрессивных агентов, которые разъедают железо. Также данные модели отлично подвергаются токарным работам и можно нарезать резьбу в считанные секунды. Гибкость еще одно из преимуществ медных трубок. Поэтому приобретая данные изделия, вы всегда можете их использовать при ремонтных и восстановительных работах. Наш интернет магазин довольно длительное время работает на отечественном рынке и отлично себя зарекомендовал. С помощью наших услуг можно добиться высоких технических показателей. В электронном каталоге представлен огромнейший выбор, который вам даст возможность ремонтировать сантехнические и прочие блоки. Медные трубки понадобятся при техническом обслуживании систем кондиционирования. Мы занимаем лидирующие позиции и сотрудничаем с зарубежными поставщиками. Все товары отличаются надежностью и качеством. Получить более подробную информацию можно на официальной интернет странице проекта. Компания отлично себя зарекомендовала, и каждый день прогрессирует в данном направлении.