CU Home Help
Columbia University Information Technology
 Service Alerts
 CUIT Service Catalog
 Get Help Now
 Manage My UNI
 Email
 CourseWorks
 Services Overview
 Network Overview
 Telecommunications
 Software
 Labs & Classrooms
 Printing
 Security
 Network Use Policy
 Copyright
 About CUIT
 CUIT Home


E-mail & Computing
Handling Personally Identifying Information

This page provides information and software tools to identify, remediate, and secure sensitive personally identifiable information (PII) that could be resident on your computer.

The capture, storage and retention of confidential and sensitive information is permissible only if it is a University business requirement and complies with Columbia University's Social Security Number and Unique Person Number Usage policy, Data Classification policy and Encryption policy.

The "Workstation Security Best Practices - User Guide" provides ten technical and procedural steps for securing your computer and work environment. Please read the document and adhere to these best practices.


Social Security Number (SSN) Scanning software

CUSpider (required for SSN identification and remediation)
CUSpider is the application required for scanning your workstation for Social Securi ty Numbers and other PII.

CUSpider is a modification and repackaging of Spider2008 version 4.0.2 (Latrodectus), an open-source program PII-scanning program developed by Cornell University and Wyman Miles (that is also listed below). CUSpider has been customized for Columbia University usage.

CUSpider scans a computer for Social Security Numbers, produces a list of files, and provides options for you to take immediate actions for remediation.

Verify each file that CUSpider finds . Due to the method CUSpider uses to discover potentially sensitive files, CUSpider may produce false alarms. Each file must be opened and examined before decisions can be made concerning what actions must be taken.

CUSpider is only available for PC 's running Windows XP Service Pack 2, and requires .NET 2.0 or higher installed.

For Columbia University Central Administration areas there is a seperate version of the Spider software for centralized SSN scanning. For more information on the centralized Spider scanning software, please contact the CUIT Security Office (CISO) at security@columbia.edu.

Spider (original Cornell University version)

Spider, the original SSN scanning tool developed at Cornell University, can be used to scan a computer for Social Security Numbers and other sensitive information. Spider produces a list of files which appear to contain this information, and provides options for you to take immediate actions for remediation.

Verify each file that Spider finds. Due to the method Spider uses to discover potentially sensitive files, Spider may produce false alarms. Each file must be opened and examined before decisions can be made concerning what actions must be taken.

There are several versions of Spider available for different operating systems. Please use the one that is applicable to your computer. 

This version of Spider is NOT supported by CUIT


Disk and File Encryption software

CAUTION: When using any of the encryption products below that require a password to encrypt and decrypt the information, DO NOT forget or misplace the password. Once your files are encrypted with a password, you may not be able to access them unless you know that password.

It is a requirement to password protect (encrypt) any files that contain sensitive or confidential information before you transfer it to another party via email or any file transfer method.

Guardian Edge Hard Disk Encryption (required for full disk encryption, provides external storage encryption (USB drives, CD's, etc.))

In the event the encrypted password is forgotten, Guardian Edge provides a self-service mechanism to retrieve the lost password. This feature is only available in Guardian Edge, whereas in other products, if the password is lost, it can never be retrieved, and the encrypted information is inaccessible even to the legitimate users.

For more information on your requirement and usage, please contact the CUIT Security Office (CISO) at security@columbia.edu.

WinZip (required for encrypting email file attachments)
  • Vendor Website: http://www.winzip.com
  • Use: File and Folder Compression software
  • Current Version: 14 Pro
  • Cost: The Columbia University licensed copy is available free of charge to faculty and staff only
  • Encryption: Standard Zip 2.0 and AES-128 & 256 bit
  • Do not rely on Zip 2.0 encryption to provide strong data security

To download a licensed copy of WinZip that is available to Columbia University faculty and staff, go to the website: http://www.columbia.edu/acis/software/winzip/


Supplemental Software
Savant Application Whitelist software
  • Vendor Website: http://www.savantprotection.com/products.html
  • All purchases for this product must be done through CUIT
  • Use: Prevents unauthorized programs from running on your computer
  • Cost: Columbia University has limited licensed copy, may require cost for usage

The Savant approach to whitelisting enables the device to control the execution of applications by establishing a unique key, or signature, for each application and device. Applications requiring the use of the CPU must present the unique pre-approved key to gain access to resources. If the key is not presented, the application cannot execute, and in the case of malware, it will be contained and cannot spread.

For more information on your requirement and usage, please contact the CUIT Security Office (CISO) at security@columbia.edu.


To reach this page quickly in the future, use the keyword PII.



Reporting Security Problems

Send reports of security incidents, attacks, or questions to security@columbia.edu