Share

Spirion Search and Remediation for Macintosh

These instructions are for scanning your Macintosh and any attached drives for Personally Identifiable Information (PII) and remediating scan results.

To combat the growing number of security threats today, Penn State requires that each of its units and campuses identity, remove, and/or protect Personally Identifiable Information (PII) on all Penn State desktops, laptops, and servers. PII  includes sensitive information such as Social Security Numbers, credit card numbers, driver's license numbers and bank account numbers. To aid in this effort, Penn State has obtained a university-wide license for the Identity Finder software.

It's important that you read and follow these instructions to properly remediate your computer. This document also assumes that the Identity Finder software has already been properly installed on your computer by your IT support staff. 

Terms Used

  • Personally Identifiable Information (PII) - Refers to information that can be used to uniquely identity, contact, or locate a single person or can be used with other sources to uniquely identity a single individual. Examples of such information are Social Security Numbers (SSN), Credit Card Numbers, Drivers License Numbers, and Bank Account Numbers that are associated with a person’s name or identity.
  • Client - Refers to the Spirion program you are currently using.
  • Results Pane - Located on the left of the Client, contains the results of a scan.
  • Preview Pane - Located on the right of the Client, contains a preview of the currently selected file.
  • Match - Located in the Results Pane, each row is a possible PII match. Could be a file, email message, database table, etc.
  • True Positives Matches that do contain PII that must be remediated.
  • False Positives - Matches that have been incorrectly marked as containing PII.
  • Remediation - The process of reviewing the scan results and securely and permanently removing PII.

Scanning - Local Computer

Every three weeks a Spirion scan will start automatically.  You may see the Spirion window pop up for a second but it should minimize into the taskbar at the top of your screen and continue running until done.

If the scan is running at an inconvenient time you can always open Spirion and click on the pause link in the top left to pause the scan an then hit the same button to resume at a later time.

If the scan is running and has not finished we recommend locking your computer instead of logging off to to keep the progress that was made scanning as well as letting the scan continue while you are away.


 When the scan has finished you will receive a message in your taskbar and the Spirion window will open up.

  1. When the search is complete, you can save your results before you move on toIDF-Save remediation. Saving your match data allows you to come back to it later for remediation without rescanning the entire computer again. This is especially helpful if you have a large number of results. To save your results, click the save / disk icon. Save the file wherever you normally save your files and give it a name such as PIIScan.idf or the date of the scan. You can then later come back to the client, open the file that you just saved, and continue remediation from where you left off.
  2. You should now move on to remediation before repeating the scanning process for any other drives.

 

Remediation

Once the scan is finished, you will be presented with a window containing a list of all files found that could contain Personally Identifiable Information (PII). Not all of these files will contain true PII; some will contain data that was incorrectly identified (a false positive).

The easiest way to determine if a file truly contains PII is to click the match and view the contents of the file in the Preview Pane (on the right side of the window). The preview pane will show you a preview of the match or matches within the file, with the suspected match highlighted. By viewing the file this way, you should be able to use your best judgment to determine if the number is true PII, or if it is a false positive.

A false positive could be things like ISBN numbers, research data, Penn State budget and account numbers, Zip Codes, or random strings of numbers that appear in the background code of some files.

If you are still unsure whether the file contains PII, you can double click the file name to open the file and review it. 

If you need assistance in determining which files contain PII, please contact Ag IT Support.

If the file DOES contain PII, you must perform one of these options:

  1. IDF-ShredSHRED the file. This will securely and permanently delete the file completely from your machine. This is the best option and will ensure that the PII is unrecoverable if your computer were to be compromised. If you no longer need the file, please select it or check the box next to it and click the "Shred" button.

    Special care should be given to data on shared drives as well as databases that may require remediation. Shredding files on a server or shared drive should be done in consultation with other associates who might have a need for those files. If you are not the owner or primary user of a file, please ask before you shred! Database files (such as FileMaker and Microsoft Access) that you wish to keep should be manually cleaned. Shredding a database file will permanently delete the file. 

    If you attempt to shred a file and Spirion displays a message indicating that it was unable to shred it, check that the file is not read-only. There is a checkbox in the bottom right corner of the Identity Finder window to turn off the read-only setting.

  2. If the file was saved in Office 2007 (XML-based format) or as a text file, you can REDACT the file. This is the process of overwriting or redacting the PII data from the file without losing the rest of the information in the file. Only use this option if it is necessary to retain the rest of the data in the document.
  3. CLEAN the file manually. This option involves manually editing and saving the file. Only use this option if it is necessary to retain the rest of the data in the document.
    • To clean the file, double-click to open it.
    • Delete the PII data from the file.
    • Choose "File > Save As" from the menu and rename the file to indicate that the PII was removed. We recommend that you use a file name such as "OriginalFileName_PII-Removed" so that you can easily tell which files have been cleaned.
    • Return to Spirion and Shred the original file (see Option #1 above for steps).

If the files DOES NOT contain PII, you can mark it to not be scanned/reported again:

IGNORE the file if you are sure that the file does not contain PII. The program will remember this file, so it will not show up the next time you scan your computer.

  1. IDF-IgnoreTo ignore the file, click the file name and click the "Ignore" button at the top of the window.
  2. In the drop-down list that appears, choose the first option: "This Item Location"

When you are finished with all the files in the list, you are done with the remediation. Simply click the X button to close the window. At this point, you can scan any other external or mapped drives that you may have or are responsible for scanning.

  • It is important that you clear the scan results window. Any items left in the scan results window will be redisplayed the next time you scan. 
  • Once you are done with remediation, you can delete the results file that you might have saved.