CUSpider - Tips for Remediation
The purpose of remediation is to rid your computer of any exposed Personally Identifiable Information (PII) by either redaction or secure deletion. The settings included in this distribution of Spider specifically search for only one type of PII, Social Security Numbers.
As you go over each of the search results, ask yourself two key questions:
- Do I need to keep this file for my job?
- (refer to the Columbia University Social Security Number and Unique Person Number Usage policy, Data Classification policy and the Encryption policy on appropriate and justified storage of PII/SSN for approved business purposes)
- Do I need the actual PII kept in the file for my job?
The ideal method for eliminating the risk posed by PII/SSNs is to securely delete the files containing them. Securely deleting a file differs from "regular" deletion in that it overwrites the physical area of the disc where the bytes comprising the file were stored. Overwriting those specific bytes ensures that the file cannot be retrieved or recompiled after deletion by most forensic or retrieval programs. CUSpider offers a powerful Secure Erase option (accessible from within the search results) that is recommended by the CUIT Infosec team as the primary means of securing exposed data.
If you find that you do require the file for your duties, consider redaction, or removal of JUST the PII/SSN, as an option. Removing the PII/SSN from the file provides an acceptable measure of security while also letting you keep the rest of the file. CUSpider provides a redaction option for a number of file types from within the application.
If you find you do need the PII/SSN itself for your work, you must encrypt the file. Please consult this webpage of recommended encryption software for the solution that best balances your duties with the university's security concerns. You can also contact us at email@example.com for consultations on how best to mitigate the risk.