department menu

Identity Finder Guide

Welcome to the Spirion Training Guide

Spirion (formerly know as 'Identity Finder') is a program that will scan your computer for protected information such as social security numbers, drivers license, credit card numbers, and more.  By default, Spirion only scans for social security numbers and driver's licenses.

A scan of all campus computer equipment is required to adhere to the policies and guidelines set forth by the CSU.  Spirion will automatically scan your computer every other Friday and present you with the results.

This webpage will serve as your guide for running the scan and processing the results.

Launching the Identity Finder Application for the First Time

Click Start, choose Programs, click the Identity Finder folder, and click on Identity Finder.

start_menu

Starting the Search

The Search Wizard is a quick way to begin using Identity Finder.  You can immediately start the search with the current settings by clicking the Start Search Now button.

search_wizard

Running a search on any system for the first time can take several hours.  You can continue to work while Identity Finder searches your computer, but it may slow your computer’s performance.  You may prefer to begin the scan at the end of the day and allow it run overnight. Your screen should be locked (Windows Key+L) while the scan is running and while you are away from your computer.

Identity finder will create a report that displays every file containing confidential identity information.  The Status Window, shown below, will display the current progress of the scan.

status

When the scan is finished the screen below will show.

summary

Reviewing Your Scan Results

From the Search Summary screen shown above, click Advanced and following window will open.

results

The section marked A is the Results Pane.  This will list all of the items that contain protected information found by Identity Finder.

The section marked B is the Preview Pane, where you can preview any documents containing protected information by clicking on the document in the results pane.

Section C is the Properties Pane, which provides information about the file that you have selected in the Results Pane.  For our purposes, the most important items in this area are the filepath and type of file.

When reviewing these results you should be looking for:

  • Social Security Numbers
  • Credit Card Numbers
  • Bank Account Numbers
  • Driver's License Numbers
  • Dates of Birth

False Positives

Not every result returned by Identity Finder is going to be protected data.  For example, on our campus student ID numbers are 9 digits long and can often be mistaken by Identity Finder as Social Security Numbers.  Therefore it is necessary for an individual to review each result of the Identity Finder scan.

Working with Your Results

For each result:

  1. Determine if the record flagged is a false positive or legitimately protected data (review the Data Classification Standard for examples of protected data)
  2. For records that are NOT false positives, determine if there is a business need for you to retain this data
  3. If there is a business need for you to retain the data, you must secure the file using Azure Information Protection or the Spirion "Secure" feature (WARNING - Files protected with Secure require a password.  If you lose this password, the file is unrecoverable, so it is highly recommended that you use Azure Information Protection instead.)
  4. If there is not a business need to retain the protected information, you can either delete the file entirely, or use the Spirion "Scrub" feature to remove the protected data.  Please note that the Scrub feature only works on editable documents, and only on the newest versions of Office files (.docx, .xlsx, etc.). 
  5. If the record flagged is a false positive, use the Spirion "Ignore" feature to add the item to the ignore list so that it is not flagged on subsequent scans.

Spirion Actions

  • Shred: deletes the file containing protected information from your computer
  • Scrub: will redact the protected information from the file, but leaves the file on your computer
  • Secure: password protects the file. 
  • Ignore: adds the item to a list of findings to ignore on subsequent searches

Shred

Shredding a file removes it completely from your computer.  This cannot be undone, so shred carefully!

Shredding a file containing protected information is the appropriate action to take when you no longer need the file or the protected information it contains.

To Shred a file, select the file in the Results Pane and click Shred in the Main ribbon.

shred

Scrub

Scrubbing a file removes the protected information from the file, but otherwise leaves the file intact on your computer.

Scrubbing a file containing protected information is the appropriate action when you no longer need the personal information but need to keep the file.

To Scrub a file, select the file in the Results Pane and click Scrub in the Main ribbon.

srub

Note: Scrubbing is not available for Email, PDF, or file types other than Word, Excel, and text files.

Secure

Secure password protects the file with a password chosen by you.

Secure should only be used as a last resort for files that contain protected information that you have a business need to retain.

To Secure a file, select the file in the Results Pane and click Secure in the Main ribbon.

secure

When you click Secure, you will be prompted to enter a password to secure the file.

WARNING! If the password used to secure a given file is lost, this file cannot be recovered!  You may write down any file passwords and the associated file name and deliver this list to the Information Security Team for safe keeping.  Again, if a file's password is lost, the file is NOT recoverable.

Ignore

Ignoring a file leaves the file and any protected information it may contain on your computer, and marks it to be ignored on subsequent searches. When Identity Finder identifies a ‘false positive’, you should utilize the Ignore feature.  Ignore should not be used for any other purpose that false positives.  If you still need access to any files containing protected information and you cannot either shred or scrub it, the file must be secured.

No Results Listed

If no results are found by Identity Finder this is a good thing.  However, this does not guarantee that your computer does not contain protected data. It simply means that the patterns used by Identity Finder to search your computer did not find any results. You still have a responsibility to safeguard any protected data you may handle or create during the course of your job duties.