WorkSmart
SEAL
NASA
Phishing
WorkSmart 365 hosts second Community Education Meeting
The second monthly meeting hosted by the WorkSmart 365 group was a discussion about SharePoint spaces.
Click below to view the last two meetings!
SharePoint spaces allows you to create and share mixed reality experiences on your Intranet or other SharePoint site. When you create a space, you choose options such as structure and background and then add web parts for your 3D objects, 360° images, 360° videos, 2D images, and more.
You can build one or more SharePoint spaces on a new or existing site. Spaces could be used for a variety of things at the state, including virtual tours of events, places, buildings, sites, etc.
Rollout has begun on Spaces, with a completion date of April.
How do I create a space?
- Go to the home page of the site where you want to build a space. If you don't already have a site you want to use, you can create a new one.
- Activate the spaces feature if it is not already activated:
- At the top left of the site, select Settings > Site information, and then select View all site settings.
- On the Site settings page, select Manage site features. Scroll down the page to Spaces, and then select Activate.
- On your site home page, select + New, and then select Space (Preview).
- Choose the type of space you’d like to create (you can change this later
Provide your space a Space name (required).
Provide your space a Space description (optional).
Select Create.
The State Earn and Learn program finds success
The State Earn and Learn IT program, a collaboration between the Indiana Office of Technology and the Department of Workforce Development, is a way to bring people in who are interested in the Information Technology field and train them for certifications for meaningful IT careers.
SEAL Director Jon Rogers (far right) partnered with DWD and Brooksource as a contract vendor to launch the program in March 2020.
“One of things we asked during the interview process is whether they can be flexible in uncertain circumstances, especially outside of their control,” Rogers said. “We just had no idea at the time that it was going to be related to a global pandemic and they had to work entirely from home.”
The first cadre of SEAL associates include Brandt Sagar (left) and John Froelich (middle).
“I saw this as a huge opportunity to not only work on getting IT certifications, but a pathway into getting on-the-job experience in the IT field and a future career,” Froelich said.
Sagar started his career in the hospital sector but was considering getting into the IT field when he heard of the program.
“I was lucky they were looking for unorthodox hires, which gave me a chance to get in the door,” Sagar said. “The opportunities you get from this program – the people you get to meet, the networking, every bit of it is a chance to further your career in the IT field.”
Froelich now is a Security Engineer, working with the IOT Security Team, and Sagar is a recently hired state employee working in the IOT Deployment Room.
Rogers agrees the SEAL program is a great opportunity for associates to have new and different opportunities in the IT field and hopes to one day be able to provide IT workers across our state agencies a program like this SEAL endeavor.
Tracy Barnes has a conversation with former NASA CIO Linda Y. Cureton
After recently announcing the State of Indiana’s Cyber Blog on its Cybersecurity Hub website, the blog now features an exciting interview with Chief Information Officer of NASA, Linda Y. Cureton.
Tracy Barnes, Chief Information Officer for the State of Indiana, spoke with Cureton, whose distinguished, 34-year career in civil service includes the distinction of serving as the first African American to serve as the Chief Information Officer at NASA.
“One of the foundations of Black History Month is celebrating the achievements of African Americans like Cureton,” Barnes said. “Speaking as a CIO, who is African American, there is a recognition for the responsibilities I possess and the path I’ve followed to make the decisions that best serve our employees, as well as serves the interests of all Hoosiers.”
In celebration of Black History Month – the 3-part Indiana Cyber Blog series will highlight the achievements of African Americans in cybersecurity and information technology. Go to the Indiana Cyber Blog at www.in.gov/cybersecurity/blog.htm.
Keeping you secure
At the forefront of the Office of Technology’s duties is to keep the state secure. The Information Sharing and Analysis Center, part of IOT, sends monthly security trainings on everything that has to do with keeping state employees secure. In January, IOT conducted an unannounced phishing exercise to test employee knowledge.
Test emails were sent to every state email address and thankfully we received a lot of reports from spam or heard from IT directors that we needed to do adjust our spam filter 😊, since they were unaware of the test. Results from phishing simulation tests were collected, and statewide there was a 10.3% fail rate. Though not uniform, there is a correlation between training completions and the simulation failure rate.
The State of Indiana workforce is regularly targeted with phishing messages. IOT has several different technologies in place to identify and stop phishing messages. These tools do a good job but hackers are creative and persistent. Their attacks occasionally find ways around our defenses and leave our workers as the last line of defense.
The ISAC will be working with all state agencies on their individual numbers soon and discuss beneficial decisions including specific trainings or additional phishing simulations for each agency.
What is phishing?
Phishing is a technique used to trick users into giving up their usernames, passwords, and/or PINs.
Fake websites, emails, and phone calls are some of the most common forms of phishing. These methods are designed to imitate a legitimate source in order to trick users into clicking a link, downloading a file, or giving away confidential credentials. Cybercriminals can use phishing websites in order to install malicious software on computers or obtain the username and passwords of users.
Real-world example on why we train:
Earlier this month, a hacker broke into a Florida water treatment plant and remotely increased the amount of lye in the water to extremely dangerous levels. Thankfully, the plant workers caught the change as it was happening, so no one became ill.
What to watch for in emails:
- Spelling or grammar mistakes - If an email you receive claims to be from a well-known source but has clearly not been spell-checked, then it is likely to be a phishing message.
- You can double-check whether a link is valid and will take you to the intended location by hovering your mouse over the link to see the address. If the address does not match the link, then it is not safe to click on.
- IOT places some security around all emails already, so when you hover over a link you will see it direct to fireeye.com. Look past that URL to see where the link is directed (see below)
- Threats are often used in phishing messages to create a sense of urgency and fear in the user and cause them to act quickly. For example, a message could be sent by a cybercriminal that appears to be from Microsoft, claiming that Windows has not been activated and that your computer will be shut down if you do not follow the link.
- Receiving an email with information regarding a free round-trip vacation or a $1,000 gift card is grounds for caution. It is highly advised to delete emails like these to avoid any chance of accidentally clicking on a malicious source.
- Report Spam by using the Report Message link in the top right of Outlook.
