Spirion Identity Finder | Towson University

Spirion Identity Finder

FAQ

OTS Publication: idf02 • 04/25/2019 •

tra[email protected]u

NonCommercial-NoDerivs License.

Details available at http://www.towson.edu/OTStraining

Date made accessible

4/26/2019

What is Spirion Identity Finder?

Spirion Identity Finder is an application that runs on Windows or Mac that can scan for Personally Identifiable

Information (PII) on your local computer or on a shared network drive that you have access to. It also provides a

way to remediate such information once it is identified.

Why are we doing this?

Towson University, led by the Office of Information Security (OIS), has taken the initiative to identify where PII is

being stored and to either eliminate PII that isn’t necessary to keep, or store the PII in a more secure manner.

Spirion Identity Finder will enable departments and users to locate PII and remediate the risk of storing this data.

• Personally Identifiable Information (PII) is often stored on end-user computers and central network shared

storage

• Copies of the same sensitive file are often found on multiple systems

• Sensitive information tends to migrate with users when they are assigned a new computer or their

roles change within the organization

• Older, sensitive information is seldom securely deleted

Who should install Spirion Identity Finder?

All TU employees who work with PII are responsible for protecting the sensitive data and minimizing the risk

associated with accessing, processing or transferring such data. Likewise, if you have been designated as a

network ﬁle share owner or are responsible for managing a department wide network share (commonly the O:

drive), you are responsible for scanning the network share.

OTS will provide the following support:

• Spirion Identity Finder installation packages will be published in the Software Center for Windows and the

self-service app for Macs

• Documentation and Frequently Asked Questions (FAQs)

• Additional consultation and guidance as requested

Departments will be responsible for:

• Defining scanning frequency policies and scanning schedules

• Defining appropriate retention policies for PII

• Ensuring all PII is stored securely in an approved location (e.g. PeopleSoft, SecureShare)

Identity Finder: FAQ

How do I get started using Spirion Identity Finder?

To familiarize you with the basic functionality of this tool, OTS has created a self-help document titled: Spirion

Identity Finder: Performing a Scan.

http://www.towson.edu/technology/training/resources/documents/security/idf01-identity-ﬁnder.pdf

What information can Spirion Identity Finder locate?

The University requires searches for all PII data types as deﬁned by USM Security Standards:

• Social Security Numbers: Spirion Identity Finder searches for formatted SSNs (NNN-NN-NNNN) and

unformatted SSNs (NNNNNNNNN).

• Credit Card Numbers: Spirion Identity Finder searches for MasterCard, Visa, Discover, American Express,

Diners Club, and more.

• Driver’s License Numbers

• Passport Numbers

• Bank Account Numbers associated with an individual

Note: For your reference http://www.usmd.edu/usm/adminﬁnance/itcc/USMITSecurityStandards.pdf

section III.

Conﬁdential Information Standard

What is a false positive?

A false positive is a match in Identify Finder that may look like a SSN, credit card number, or passport number, but

is actually just a series of numbers in a similar format as the pattern of the search criteria. The numbers could be

the same length or start with the same set of numbers as, for example, credit cards.

You can “Ignore” false positives that have been conﬁrmed so that subsequent searches don’t display the false

results.

Where does Spirion Identity Finder search on my computer?

By default, Spirion Identity Finder for Windows and Mac will search all local storage attached to the computer.

However, you can conﬁgure Spirion Identity Finder to scan any ﬁle system that you have access to. In Windows,

you can also right click on any ﬁle, folder, or directory to initiate a scan from the submenu Search with Spirion

Identity Finder Endpoint.

Does Identify Finder search image ﬁles, e.g., scanned documents?

Spirion Identity Finder can search FAX images, PDF images, TIFs, JPGs, and almost all other major image formats

to accurately identify all sensitive information.

Optical Character Recognition (OCR) is used to search for text within images. The following ﬁle types are

supported: bmp, dcx, gif, jbig2, jp2, jpeg, jpf, jpg, jpg2000, jpm, jpx, max, pcx, png, tfx, tif, tiﬀ, xif, xiﬀ, and xps.

If the DPI of an image is less than 75 or greater than 2400, the recognition may fail and log an error.

Identity Finder: FAQ

I’m having technical problems with Spirion Identity Finder. Who

should I contact?

Contact the Faculty/Staff Help Center at 410-704-5151. You can also submit your own Service Request online

through TechHelp

I store many of my ﬁles on our network ﬁle shares. How will that

be scanned?

Your H: drive or Home Share is your exclusive storage space, and therefore you are responsible for scanning and

managing that data. Your O: drive or Department Share and other network based ﬁle shares where many people

have access and share data all have a share owner identiﬁed for scanning and remediating PII. If you have not

been identiﬁed as the responsible owner or administrator of a network ﬁle share then we recommend not scanning

it. Excessive scanning against any particular network share could potentially cause performance issues. If you have

any questions related to your responsibility contact your supervisor.

Will a scan slow my computer?

The ﬁrst Spirion Identity Finder scan may take some time, depending on the size of the disk and the power of the

computer. We recommend starting the initial scan prior to leaving work for the day. Subsequent scans are

generally fast and do not materially aﬀect system performance.

How long does a scan take to complete?

The length of time to complete a scan depends on the amount of data being searched and your computer’s

performance.

I do University work on three computers. Should I scan all three?

Yes, scan all three to ensure University-owned sensitive information is not stored on the devices. Work with your

local IT support staﬀ to ensure the appropriate Spirion Identity Finder software is installed on all computers on

which you conduct University business.

How do I reset my Spirion Identity Finder proﬁle password?

Spirion Identity Finder provides the ability to save settings, conﬁguration information, and sensitive data across

sessions through the use of a proﬁle password. It is not possible to recover a lost password; however, it is possible

to delete a proﬁle and create a new one. When the proﬁle password is created, that password is used to encrypt

the proﬁle. The proﬁle password is not stored anywhere and therefore if it is lost or forgotten, all of the information

in the proﬁle will be lost.

Identity Finder: FAQ

The following data will be lost in Spirion Identity Finder when deleting a proﬁle:

• Custom Folders, Remote Computers and authentication credentials

• Only Find Identities

• Document Overview

• Ignore list entries

• Database connection information

• Websites list

Why is my virus scanner creating alerts during Spirion Identity

Finder searches?

During the course of a Spirion Identity Finder search, anti-virus applications may create an alert for ﬁles created in a

subfolder of IDFTmpDir located in the user proﬁle folder. This is not a problem with Spirion Identity Finder, but

rather indicates that the user’s system already contains one or more infected ﬁles.

The ﬁles in IDFTmpDir are created during a search, speciﬁcally and most commonly when extracting ﬁles from

archives (e.g., .zip ﬁles) or when detaching them from email messages. To search these ﬁles, Spirion Identity Finder

places them in a temporary folder and then attempts to open them for read access. If the ﬁle has a virus, the act of

extracting or detaching the ﬁle to the temporary folder and/or the attempt to read the ﬁle may trigger the anti-virus

application (depending on its conﬁguration). If Spirion Identity Finder is conﬁgured to log Locations Searched, you

may be able to determine the speciﬁc archives or messages that contain the infected ﬁle(s); however, in these

instances, it is recommended that you perform a full anti-virus scan of the user’s system ensuring a search within

archive ﬁles and email attachments.

For additional details on the location of the user proﬁle folder for each operating system, please refer to the

Windows or Macintosh conﬁguration guide

Why is Spirion Identity Finder identifying PII in Temporary Internet Files

after I run Peoplesoft queries and download to Excel?

This is default Internet Explorer behavior. Your PC must store the downloaded Excel ﬁle somewhere, and it doesn’t

delete it when you’re done. OIS is recommending a solution which will not prevent this behavior completely, but it

will limit the risk exposure by not retaining these ﬁles for longer than necessary. However, you will need to

understand the solution and act accordingly.

1. Always use Internet Explorer (IE) when accessing PeopleSoft.

2. Change you IE settings to ‘Empty Temporary Internet Files folder when browser is closed’

a. Internet optionsAdvanced.

b. Within the Settings window scroll down to the Security section.

Identity Finder: FAQ

c. Check the box for Empty Temporary Internet Files folder when browser is closed.

Figure 1

3. Now when you close your browser these files will be deleted. Please close your IE browser at least at the end

of every day or more frequently as you deem necessary.

Note: The Oﬃce of Technology Services (OTS) is testing our ability to set this conﬁguration on all TU PCs, but you

should conﬁgure this setting yourself if you’re experiencing this issue.

Why is Spirion Identity Finder identifying PII in ImageNow error logs?

The Oﬃce of Information Security (OIS) has conﬁrmed that these matches are in fact false positives. These

matches will be found in the following C:\users\$user\appdata\roaming\imagenow\log\errors\. The best way to

exclude this location from your searches is to create a Custom Folder search.

Figure 2

Identity Finder: FAQ

By searching Custom Folders instead of My Computer our Global Exclusion takes aﬀect and ignores the ImageNow

error logs. The example above will scan your local C:\ drive as well as your H:\.

Figure 3