Given how integral theyve become to daily life, it should come as no surprise that the typical personal or business computer is a treasure trove of sensitive personal information. Should a system be accessed without authorization infected by malware, for example that data can be stolen and used to perpetrate identity theft. This scenario can have serious consequences not only for the person whose information it is but also for any small business that may be subject to regulations regarding the privacy of employee or customer records.
Identity Finders streamlined search wizard lets you define and conduct searches without too many configuration options.
(Click for larger image).
Unearthing all the personal data lurking on a computer would seem a daunting proposition, but Identity Finders same-name software makes the task quite manageable. Identity Finder Professional 4 ($34.95 for Windows Vista/XP/2000) will scan your system for myriad forms of at-risk data, then give you options to redress it.
Digging for Data
Navigating Identity Finder is done via a straightforward ribbon-style interface that will be familiar to anyone whos used Microsoft Office 2007. In many cases, youll be able to take advantage of the programs well-designed search wizard to streamline the process of defining and conducting a reasonably thorough search without being bogged down by too many configuration options.
Identity Finder can hunt for a host of information types ranging from highly intimate bits like Social Security, credit card, or bank account numbers to more casual ones such as phone numbers, e-mail addresses, and dates of birth. To keep you from drowning in endless irrelevant results, an OnlyFind option lets you limit searches for certain items to one or more specific pieces of info--a particular phone number or address of interest, for example. Though you cant do it from the wizard, Identity Finder also lets you search for custom pieces of information by keyword.
After youve decided what to look for, you tell Identity Finder where you want to look. You can choose to scan only the current users documents and settings, a specific folder, or the entire system (including removable drives, but not network folders). The software can dig through files (including compressed ones) Internet Explorer and Firefox browser data, the Windows Registry, and POP e-mail messages (plus attachments, contact, and calendar entries) for Microsoft Outlook, Outlook Express, Windows Mail, and Mozilla Thunderbird.
Identity Finders scan of our test system, which we limited to the My Documents folder, took around a half hour (more comprehensive searches can take significantly longer) and produced a list of 522 identity matches. The software found a diverse mix of items including credit card numbers embedded within browser forms, passwords contained in e-mail messages (lots and lots of those), account numbers from bank statements, and social security numbers listed on saved tax returns.
For each match, Identity Finder reports the specific personal information it found alongside the file type and location, and a preview pane lets you view an items offending data within the context of the entire document without having to open the application used to create it.
Identity Finder does a pretty good job of discerning truly sensitive information from that which merely appears to be. Although it naturally looks at the ostensible signs that data is sensitive (e.g. anything following the words username or password is a no-brainer), when appropriate its detection algorithm checks what it finds against a database of data types. As a result, it doesnt automatically assume that a 16-digit number is a credit card number, or that a nine-digit one formatted as xxx-xx-xxxx is necessarily a Social Security ID.
Of the five hundred-plus matches Identity Finder found on our system, around a dozen could be considered false positives. These mainly involved vendor account numbers (e.g. FedEx, UPS, various stores) misidentified as bank or Social Security account numbers. When we tried to trip up the software by placing conspicuously labeled but made-up Social Security and credit card numbers alongside real ones inside several documents, Identity Finder always flagged the real numbers but ignored the ersatz ones.
Identity Finder's scan results can include credit card numbers, passwords and social security numbers, to name a few.
(Click for larger image).
Purge or Protect
Once Identity Finder inventories all the personal data on your system, there are several ways to deal with the results depending on the type of file involved in each case, and the software provides a results wizard that lets you deal with batches of similar files/items so you dont have to address each individual item individually.
The available options are Shred, Scrub, Secure and Quarantine. The Shred option is the most draconian as it irretrievably deletes a file according to Department of Defense standards, while the related Quarantine option lets you retain a copy of the file by moving it to a secure location that you specify before shredding the original. By contrast, the secure option encrypts and password-protects a file in its current location, using either the host applications built-in security capability or Identity Finders own built-in File Vault encryption feature. (Incidentally, Identity Finder installs a right-click menu option that lets you shred or secure a file from anywhere within Windows, regardless of whether it contains sensitive info.)
Finally, the scrub option can cleanse a file of sensitive data by redacting it (replacing it with characters of your choice) but its only available for plain text or XML-based Office 2007 files--not those created by earlier Office versions. You can save Identity Finders search results for later perusal as a secure password-protected file, or export them to an HTML or CSV file (though it rightly warns you that both formats are inherently insecure).
You cant download a trial version of Identity Finder Professional, though there is a limited-function free version available. In addition to the single-user version of Identity Finder Professional, there are also three-, five-, or seven-license packs available for $59.97, $99.95, and $139.93, respectively.
Identity Finder also comes in an Enterprise version (starting at $5,000) that adds a number of notable features not available in the Professional edition but that some firms might need to conduct a comprehensive search. They include the ability to scan network folders, Web/database servers and Microsoft Exchange mailboxes/public folders (as well as the inclusion of a remote management console).
You probably dont know how much personal information your computers are putting at risk. Identity Finder offers a way to find out and keep it from falling into the wrong hands.
Price: $34.95 (for one user; volume discounts available)
Pros: Finds instances of personal information stored in files, browser data, e-mail, etc.; securely deletes sensitive data or protects it with encryption
Cons: Scanning servers or IMAP/Microsoft Exchange mailboxes requires pricier Enterprise version
Joe Moran spent six years as an editor and analyst with Ziff-Davis Publishing and several more as a freelance product reviewer. He's also worked in technology public relations and as a corporate IT manager, and he's currently principal of Neighborhood Techs, a technology service firm in Naples, Fla. He holds several industry certifications, including Microsoft Certified Systems Engineer (MCSE) and Cisco Certified Network Associate (CCNA).
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!|