INTRODUCTION
1. The NTU Mail Service allows users to access NTU emails and calendars via mobile phone connection (GPRS/3G) and Wi-Fi from Mobile Devices such as personal digital assistants (PDAs), Smartphone's, Palm Devices etc..
2. Since Mobile Devices have a very small form-factor, the probability of losing a device while on travel or transit is also very high . There is also a likelihood that sensitive, confidential Email, documents and data getting lost with the device or more information getting into the wrong hands. Thus, it is very crucial that security measures are put in place and user to exercise caution while using such devices for transmitting sensitive and confidential information.
3. This document states the security requirements that must be in place for the use of NTU's mail Service and the management cum usage of Mobile Devices used to access NTU's Mail Service.
SCOPE
4. This policy applies to all NTU Users who use NTU Mail Service over Mobile Devices such devices are Blackberry handheld, Windows Mobile 5 devices, Palm devices, Symbian Phones, PocketPC etc. The policy applies to all such devices which are referred to in this document as Mobile Devices in short. Such devices may be NTU-furnished or self purchased.
USER RESPONSIBILITIES
5. Users shall not loan their Mobile Devices to friends as the devices may contains sensitive and/or confidential emails and documents.
6. Users shall set different passwords for the Mobile Device and external storage card(s) used in the Device so that data on the Device and the storage card(s) cannot be compromised at the same time.
7. Users shall not store any Sensitive documents in the Mobile Device or on external storage card(s) used in the Devices as the security encryption software is only suitable for encrypting data classified up to Confidential.
8. Users shall turn off or disable Infra-Red, Bluetooth and Wi-Fi services when these services are not in use to prevent potential malicious attacks via these connectivity services.
9. Users shall include the words "Sent Using My Mobile Device" or equivalent in their signatures when using the NTU email services over Mobile Devices to clearly distinguish emails sent from those sent through other mode of access.
10. Users shall change the password of the Mobile Device before handing over the Device to support staff to prevent the support staff from knowing the usual passwords of Users. Users shall also change the Device password immediately after getting the Device back from the support staff to prevent any potential unauthorized access to the Device by the support and repair staff.
11. Users shall ensure that no confidential data is stored on the Device and external storage card(s) before handing over the Device to the support staff.
12. Before sending the Mobile Device to external parties for repair or maintenance, Users shall perform the below steps to prevent the compromise of confidential data:
a. Perform a hard-reset of the Device;
b. Delete all files stored in the persistent memory of the Device; and
c. Remove all external storage card(s) from the Device.
13. Users shall perform a hard-reset of the Mobile Device after collecting the Device from the external repair or maintenance centre in case malicious software, such as keyloggers, has been installed on the Devices.
14. When discovering the loss of Mobile Device, users shall immediately inform Helpdesk of Centre for IT Services at 6790HELP (4357) (email: helpdesk@ntu.edu.sg, fax number : 67910688, Operating Hours: 7.00AM to 11.00 PM everyday) so that necessary actions to terminate the corresponding NTU Mobile email account can be swiftly taken.
Dated 1 October 2007
