What is Spirion?
Spirion is a software package that is licensed by Carleton that scan machines for PII (Personally Identifiable Information). PII includes data such as credit card numbers, birth dates, SSN, etc. We don't want any such information on computers around campus, nor do we want such information on network drives that are not properly secured.
When we run a Spirion scan, we typically scan C, H (home) and I (collab). If files are found with PII, they can either be deleted or secured in an appropriate manner. Most of the time, securing the files involves mapping the new Protected drive and moving them there.
Once Spirion is installed on your machine, you'll typically want to run it at least once a month. It's easy to run and can be run on your machine while you are doing other things, with the exception of email. You'll want to have your email closed so that those files get properly scanned by Spirion.
Installation Instructions for Windows
To install Spirion on a college-owned Windows computer:
- Log in to the KBOX User Portal (https://k1000.carleton.edu/)
- Click on the blue "Want software?" button, then type in Spirion in the search box and press Return
- Click "Windows: Spirion Identity Finder 10.0.6.0 (2018.10.04)," then click the "Run Now" button
- Wait patiently while the installer downloads
- You will see a Spirion Endpoint installation progress window
- When the install is finished, there will be a shortcut to Spirion on your desktop
First Time Running Spirion
The first time Spirion is run, it will ask for a password. This password is extremely important and should be something that you will not forget. It is used in accessing Spirion and when accessing files that have been secured by Spirion. If you lose this password and have files that were secured using Spirion, the files will not be recoverable. You may also skip this option and sign in as a guest. However, settings will not be retained and when securing locations, an individual password would need to be used.
Once you've chosen a password or bypassed and are using guest access, you may review any custom locations in which you would like scanned. Review the directions in the next section "Adding a Custom Folder location to scan." Once you're ready, click on the 'Start' button.
Adding a Custom Folder location to scan:
In addition to scanning your C: drive, we recommend adding other attached Network Drives or connected hard drives (USB for example). You can add them once, and Spirion will remember that you've added them and it will get scanned each time you run Spirion. Here are the steps to add locations:
- Click on the Locations menu option.
- Click on the Custom Folders icon and click "Enable Custom Folder Search" if it does not already have a check mark next to it to enable.
- Click on the Custom Folders icon and choose "Customize Folder List" to be able to add new folders to scan.
- Click on the ... button at the end of the "Folder:" text box.
- Scroll down until you find your (H:) drive. Select that line, and click OK.
- Click on the Add button to add that drive letter. Click OK to close the Settings box.
When finished, it may look like this image, before you click OK to close the box:
In addition to adding to scanning C, you will want to have at least one person in your area designated to scan network drives you have access to, such as the Protected drive. While the Protected drive is a a more secure space, it is still important to know what data is being stored there so decisions can be made about data retention.
What to do when you find Personal Information using IdentityFinder
When a location has sensitive identity match information in it and you wish to remove it from your computer, you should utilize the Shred feature. Shred is great when you no longer need the personal information or any other data in the item.
The Shred button is located on the Main ribbon and is enabled for all types of result; however, depending on the location of the result, Shred behaves differently. For files, Shred utilizes a secure United States Department of Defense wiping standard known as DOD 5220.22-M. For other locations, Shred removes the information from your computer using other, appropriate methods.
Note: It is not possible to "undo" a Shred. Shredded results cannot be recovered. Once you shred something, it is gone!!
There are three ways to Shred a location:
1. Single click the result with the left mouse button to highlight it and click the Shred button on the Main ribbon.
2. Single click the result with the right mouse button to highlight it and bring up a context menu, then highlight and left-click on Shred.
3. Highlight the result by single clicking with the left mouse button or by using the arrow keys and then press the Delete key on your keyboard.
If you are shredding a Web Browser item, you will be given the option to also add the password to your Password Vault.
If you choose Shred and Securely Add to Password Vault, the location and password will be saved securely within the Password Vault for you to reference later. Only you have access to your Password Vault because it is only accessible if you authenticate to Spirion and load your Profile. If you choose Shred but Do Not Add to Password Vault, the password will be shredded and not added to your vault.
Shred is effective at protecting your identity because it is permanent. While this means you can never get your data back, it also means a hacker or malicious intruder also cannot get your data back. For files, Shred utilizes a very secure United States Department of Defense wiping standard known as DOD 5220.22-M. For other locations, Shred removes the information from your computer's hard drive or memory using other, appropriate methods.
When a location has sensitive identity match information in it and you wish to keep the item but remove the personal information only, you should utilize the Redact feature. Redact is great when you no longer need the personal information but want to keep the original item.
The Redact button is located on the Main ribbon and is enabled for certain file types. You may only Redact Office 2007 files (e.g., docx, xlsx, pptx) and text files (i.e., *.txt, *.log, *.ini). If you would like to add additional extensions to be considered text, like *.bak, you may override default search filters so that those file types are treated as text. See the Override Default Search Filters help topic for more information. The Override Default Search Filters dialog box lets you add additional extensions assuming they are not already handled by Spirion as another file type.
There are two ways to Redact a location:
1. Single click the result with the left mouse button to highlight it and click the Redact button on the Main ribbon.
2. Single click the result with the right mouse button to highlight it and bring up a context menu, then highlight and left-click on Redact.
When a location has sensitive identity match information in it and you wish to keep the item and securely keep the personal information, you should utilize the Encrypt feature. Encrypt is great when you still need the personal information and original item.
There are two ways to Encrypt a location:
1. Single click the result with the left mouse button to highlight it and click the Encrypt button on the Main ribbon.
2. Single click the result with the right mouse button to highlight it and bring up a context menu, then highlight and left-click on Encrypt.
When a file has sensitive identity match information in it and you wish to securely move the file to another location, you should utilize the Quarantine feature. Quarantine will move your file and then shred the original so that it cannot be recovered by anyone who gains access to your computer. It is important that you quarantine files to a location that is highly secure, such as an encrypted drive or a storage device to which unauthorized individuals do not have access.
There are two ways to quarantine a single file:
1. Single click the file result with the left mouse button to highlight it and click the Quarantine button on the Main ribbon.
2. Single click the file result with the right mouse button to highlight it and bring up a context menu, then highlight and left-click on Quarantine.
To quarantine multiple files at one time, check the checkbox of each file and then choose one of the methods described above to begin quarantining the files. After clicking Quarantine, a dialog box will open with your available options.
Files may be moved to a default location, which can be specified in Settings, or to another location that you can set within the dialog box. The Quarantine Folder Location setting specifies where the default location for a file you decide to quarantine will be securely moved. This location should be a secure folder on your computer, such as an encrypted drive or one to which unauthorized individuals cannot gain access.
Carleton employees often keep portable, external drives for various purposes. You can have a 'flash drive' that you use to carry files with you. You can have an external hard drive onto which you back up important files. Whatever your portable drive type you might have, it is extremely important to keep the information on these drives safe! The fact that they are portable makes them extremely vulnerable.
You can scan these drives in the same way you can scan your C or H drives; add them to the custom folder list while you have them inserted into your computer.
If you find PII in the files on your portable drive, you need to either shred the file, quarantine it to the protected drive, or you need to encrypt the portable drive.
Installing the Protected "S" drive (Optional)
We have a special network drive for documents that require additional security, such as documents that contain privileged or confidential information. This is the "S" drive (think "S" for "Secure"). If you do not yet have this drive mapped on your work computer, follow these steps:
- Right-click My Computer, and select Map network drive...
- Select the letter "S" for this network drive
- In the Folder field, type \\protected.ads.carleton.edu\protected
- Make sure that the box marked Reconnect at logon is checked.
- Click Finish.