CU Home Help
Columbia University Information Technology
 Service Alerts
 CUIT Service Catalog
 Get Help Now
 Manage My UNI
 Email
 CourseWorks
 Services Overview
 Network Overview
 Telecommunications
 Software
 Labs & Classrooms
 Printing
 Security
 Network Use Policy
 Copyright
 About CUIT
 CUIT Home


E-mail & Computing
Handling Personally Identifying Information and Confidential Data

This page provides information and software tools to identify, remediate, and secure sensitive personally identifiable information (PII) that could be resident on your computer.

The capture, storage and retention of confidential and sensitive information is permissible only if it is a University business requirement and complies with Columbia University's Social Security Number and Unique Person Number Usage policy, Data Classification policy and Encryption policy.

The "Workstation Security Best Practices - User Guide" provides ten technical and procedural steps for securing your computer and work environment. Please read the document and adhere to these best practices.


Social Security Number (SSN) Scanning software
Spider

Spider, the SSN scanning tool developed at Cornell University, can be used to scan a computer for Social Security Numbers and other sensitive information. Spider produces a list of files which appear to contain this information, and provides options for you to take immediate actions for remediation.

Verify each file that Spider finds. Due to the method Spider uses to discover potentially sensitive files, Spider produces false alarms. Each file must be opened and examined before decisions can be made concerning what to do with it.

There are several versions of Spider available for different operating systems. Please use the one that is applicable to your computer. For Windows users, please use Spider2008 because it offers a more user-friendly navigation panel.


File and Disk Encryption software

CAUTION: If you decide to use any of the encryption products below that require a password to encrypt and decrypt the information, please DO NOT lose the password. Once your files are encrypted with a password, you will not be able to access them unless you know that password.

It is a requirement to password protect any files that contain sensitive or confidential information before you transfer it to another party via email or any file transfer method.

WinZip
  • Website: http://www.winzip.com
  • Use: File and Folder Compression software
  • Current Version: 12.1 Pro
  • Cost: The Columbia University licensed copy is available free of charge to faculty and staff only
  • Encryption: Standard Zip 2.0 and AES-128 & 256 bit
  • Do not rely on Zip 2.0 encryption to provide strong data security
  • WinZip's implementation of the AES algorithm has been FIPS-197 certified by NIST
  • Password: Yes, files can be password protected

To download a licensed copy of WinZip that is available to Columbia University faculty and staff, go to the website: http://www.columbia.edu/acis/software/winzip/

WinZip provides two alternatives for encrypting files.

The most efficient way to encrypt files is to do so while you are adding them to a Zip archive (.zip or .zipx). To encrypt files while they are being added:

  1. Check the Encrypt added files check box in the Add dialog. Before adding the files, WinZip will display the Encrypt dialog
  2. Choose the password and desired encryption method

When you choose to add files to an existing archive, there is no Add dialog and therefore no opportunity to encrypt the files while they are being added. In these cases, you can encrypt files after they have been added. To do so:

  1. Open the Zip file in the Classic interface
  2. Click Encrypt on the Actions menu

OR

  1. Right click on the Zip file in My Computer, Windows Explorer, or Computer (in Vista)
  2. Select WinZip
  3. Select Encrypt

In either case, WinZip will ask for a password and encryption method and then encrypt all files currently in the Zip archive.

If a file in the Zip archive is already encrypted, it will first be decrypted and then re-encrypted using the password and encryption method you specified. WinZip will first try to decrypt the file using the current password. If the file cannot be decrypted with this password, WinZip will ask you for the correct password. If you are unable to supply the correct password, the file can be skipped, and it will remain unchanged in the Zip archive. The password you entered in the Encrypt dialog box will remain active until either you delete or replace it, or you close the archive.

7-Zip
  • Website: http://www.7-zip.org/
  • Use: File and Folder Compression software
  • Current Version: 4.65
  • Cost: Free
  • Encryption: AES-256 encryption in 7z and ZIP formats
  • Password: Yes, files can be password protected

By default, 7-Zip installs itself in a way that allows you to right click on items on the desktop or in Windows Explorer to compress files.

  1. Right click on the files or folder you wish to compress and encrypt, and select "Add to Archive"
  2. Change the archive format to Zip, or 7z if both you and your intended recipient use 7zip, then change the encryption method to AES-256, enter your password, and click OK
Truecrypt
  • Website: http://www.truecrypt.org/
  • Use: Disk encryption software for Windows Vista/XP, Mac OS X, and Linux
  • Current Version: 6.2a
  • Cost: Free/Open Source
  • Encryption: AES-256, Serpent, Twofish
  • Password: Yes, required to decrypt partitions/volumes

Please see vendor website documentation for usage details.

Microsoft Encrypting File System
  • Website: http://www.microsoft.com/
  • Use: File Encryption as part of Windows XP and later Operating Systems
  • Cost: n/a - Included in operating system
  • Encryption: 3DES, AES-256 (default), RSA Certificates, ECC
  • Password: Yes

Please see vendor website documentation for usage details http://support.microsoft.com/kb/223316/EN-US/.

Office 2007
  • Website: http://www.microsoft.com
  • Use: File Encryption
  • Current Version: 2007
  • Cost: n/a - Part of Office 2007
  • Encryption: AES-128/256 encryption
  • Password: Yes, files can be password protected

To encrypt a file with password protection in Word, Excel, or PowerPoint:

  1. Click the Microsoft Office button at the top-left corner of the Office program window
  2. Select Prepare and then Encrypt Document
  3. Enter a strong password into the Password field
  4. You can save the file in either the Office 2007 format (.docx, .xlsx, or .pptx) or in the Office 97-2003 format (.doc, .xls, or .ppt)

If you attempt to save in the older format, you'll see a dialog box asking if you want to convert to the XML-based format (Office 2007) to increase the security of the document. We STRONGLY encourage use of the 2007 format. The 97-2003 formats DO NOT meet the minimum standards for encryption. Please see vendor website documentation for usage details http://office.microsoft.com/en-us/help/HA101483331033.aspx.

FileVault
  • Website: http://www.apple.com
  • Use: Home Directory Encryption on Apple OS X V10.3 and later
  • Cost: n/a - Included in the operating system
  • Encryption: AES
  • Password: Key derived from user's login password

Please see vendor website documentation for usage details at http://docs.info.apple.com/article.html?path=Mac/10.5/en/8736.html.

Guardian Edge Hard Disk Encryption

In the event the encrypted password is forgotten, Guardian Edge provides a self-service mechanism to retrieve the lost password. This feature is only available in Guardian Edge, whereas in the free products mentioned above, if the password is lost, it can never be retrieved, and the encrypted information is inaccessible even to the legitimate users.

For more information on your requirement and usage, please contact the CUIT Security Office (CISO) at security@columbia.edu.


Supplemental Software
Savant Application Whitelist software

The Savant approach to whitelisting enables the device to control the execution of applications by establishing a unique key, or signature, for each application and device. Applications requiring the use of the CPU must present the unique pre-approved key to gain access to resources. If the key is not presented, the application cannot execute, and in the case of malware, it will be contained and cannot spread.

For more information on your requirement and usage, please contact the CUIT Security Office (CISO) at security@columbia.edu.



Reporting Security Problems

Send reports of security incidents, attacks, or questions to security@columbia.edu