on your desktop named Find_SSNs.html and Find_SSNs.txt. It is recommend to use
3) There could be a yellow
information bar near the top of the page.
On the right side of the information bar click on .Click here for options..
4)This will open up a small options menu. Click on .Allow Blocked Content."
5) Another Security Warning window opens. Click Yes to allow the file to run active content.
6)Now you should see a window that looks something like the example below. This report is the result of
searching for Social Security number (SSN) in the .My Documents. folder. The first line of the Find_SSNs
report has a file that contains information about the time and date of scan, host information and file paths.
The report table lists all the files in which the Find_SSNs program located a string that matches the
following formats for Social Security numbers:
(Where N is a number, and the numbers as a whole are validated as a potential SSN)
Unfortunately, the two views do not arrange themselves in
the same order. Clicking on a file link in the Suspect Number Count (left) column will bring up a list of all files in a text format.
Clicking on a file link in the Suspect Number Count (left) column will bring up a list of all files in a text format.
Getting the Most out of the Find_SSNs
False positives occur when the search tools identify files as containing SSN information, when they in fact they do not.
This is especially true of files in the Temp and Temporary Internet Folders directories. Find_SSNs is designed to be as
accurate as possible, however, there will always be false positives as many times valid SSNs or credit card numbers are
often used in other contexts. For example,
123456789 is a valid SSN and because it's in this html page, it would be listed
in a Find_SSNs search.
The goal of Find_SSNs program is to identify files that contain SSNs to enable users to delete the files (if they are no longer needed),
or store them securely and encrypt them to limit and/or prevent protected information exposure.
Listed below are actions you might take (in order of most secure to least) to appropriately secure SSN information from desktops:
1. Delete the
file. If you no longer need the file(s) containing the SSN
information, delete it.
4. Move the file to a secure file server. Have your IT support staff work with the server administrator to create a directory on the
5. Confirm the desktop has a host firewall turned on. For an added layer of protection to the desktop, the host firewall should be
7. Remove email and email attachments. Many of the findings may be in email. We should not be emailing SSN information.
8. Empty the trash. Many of the findings may show files still in the trash. Work with your IT support staff for automated controls
9. Remove old profiles. Some findings may indicate that old user information, possibly unrelated to the current user and their job,
10. Delete the Find_SSNs.txt and Find_SSNs,html files. Once you have handled all the findings from the Find_SSNs search,
More Program Information
Most file formats can be searched for protected information. Searchable file formats include Microsoft Word, Excel and Access as well
as file formats that store data in plain text. The OASIS Open Document XML format (Open Office 2) and the Microsoft Office 2007
Open XML format are also supported. The Find_SSNs program searches for protected information such as:
The program cannot search files with the following extensions; .exe, .bin, .com, .dll and .cpp.
Remember to delete the reports then empty your trash when you are finished.