Give Now

Data Loss Prevention

Data Loss Prevention

Spirion (formerly known as IdentityFinder) is a program that will scan your computer for protected information (e.g., Social Security numbers, Drivers' License numbers, credit card numbers). Once items are detected, the application provides several tools to assist with protecting or removing the sensitive data.  SMU encourages installing Spirion on any SMU owned computer to help identify and protect University data.

Spirion- Frequently Asked Questions

Spirion is a software tool that locates sensitive data (SSNs, credit card numbers, etc.) in files (word, excel, PDF, etc.) or email messages. In addition to locating sensitive data, it can also perform actions (shred, quarantine, scrub, etc.) on locations that contain sensitive data.

Data Loss and Identity theft is growing in frequency, and breaches happen all too often – especially in Higher Education. SMU is providing the Spirion tool to help individuals and departments proactively locate this data so it can be removed or secured.

A surprising amount of sensitive PII (e.g. credit card numbers, and Social Security number) may be retained on your computer just from daily use along with sensitive PII stored in personal and work files. If your computer is lost, stolen or compromised over the network, sensitive PII may be harvested from your compromised equipment. Having unprotected PIIs on computers is a security risk and liability to SMU. Thus by installing and using Spirion, you are protecting yourself as well as other university staff and students.

The installation is very quick – less than 5 minutes in most cases. You will find the application for installation on the Landesk Workspace beginning in October.

The first Spirion scan may take some time, depending on the size of the disk and the power of the computer, there should be little impact to system performance while the scan is running in the background. Subsequent scans are generally fast and do not materially affect system performance.  The length of time complete a scan depends on the amount of data being searched and your computer’s performance. You can continue to work on your computer while the scan is running.

Spirion is capable of finding a variety of identity types. The University is only interested in:
• Social Security Numbers
• Credit Card Numbers
So the university’s default policy is configured to look for only this information.

Yes, but it is not looking for anything other than a very specific set of number sequences formatted in a very specific way. Spirion is not reading your documents to find out anything about you other than if there is any personally identifiable information (PII) especially Social Security Numbers (SSN), and credit card information in the document.

You have access to the results of the scan through the desktop client.  The IT Security team will also have access to the results.  They will work with departments and individuals to address any major findings.  The Security team will not have access to any of the numbers that are found on your computer, only the last four digits of an SSN or credit card number will appear on the report.

  1. The location on your computer where the file containing PII was found.
  2. The name of the file.
  3. The last 4 digits of the SSN and last 6 digits of the credit card number found.
  4. The action you took against the PII.
  5. The date and time it was found.
  6. The type of PII it was (Credit Card number, SSN, etc…)
  7. The file format that it was found in.
  8. Number of instances of PII were found in each file.

The default policy, is configured to search only for SSNs, and Credit Card numbers stored in C:\Users folder. If drives such as BOX, Dropbox, etc are linked to user’s computer, then they would also exist in C:\Users\<user-id>\ folders, so they would also be included in the search. It also searches the user’s emails for PII.

The default policy will scan the system once when Spirion is installed. As the program matures, it will be configured to scan the system on a quarterly basis. If your computer is not switched on during that time, it will run the next time your computer is turned on.

If you have business reasons for storing PII, please contact OIT Security Office for securely storing and analyzing the information.

No, the purpose of this data loss prevention program is not to get users into trouble for having PII on their workstations. Most users are going to find some amount of PII and many times will not
have realized it was present. The goal is to empower SMU users to discover where sensitive data are and to provide the tools to manage it effectively.

Click here for details regarding the installation and use of Spirion.