Staff members use personal smart phones to run Microsoft applications for business communications and collaborations. In most cases documents sent via Office email will be downloaded to personal mobile phones via Outlook.
Sensitive business information or invaluable research data, may be intentionally or unintentionally stored on personal mobile phones exposing attack surface of university information asset.
- Lack of device lock (e.g., PIN) on personal smart phone: If a mobile phone does not have a security lock enabled, anyone can simply turn on the device and gain direct access to the University data stored on it.
- Loss or theft of mobile devices: If a mobile device is lost or fallen into the hands of third parties with knowledge on rooting device, there is potential to extract data from the phone, even if mobile phone lock is in place.
- Potential malicious apps and trojan: The personal device might be running other mobile apps or used to surf other websites that might download and implant adware, malware and malicious trojan that could scan data stored on phone with the goal to gain financial benefits.
- Jailbroken or rooted mobile devices: Security risks are significantly heightened if staff members use mobile devices that have been jailbroken or rooted, as these modifications bypass the devices’ built-in security measures and expose it to various vulnerabilities.
To address the potential risks associated with using personal mobile phone for handling sensitive University data, ITS has implemented a new service called Mobile Application Management (MAM). This service provides an additional layer of protection for the University's data stored on staff members' personal mobile phone, while ensuring that their personal information remains unaffected.
With MAM, we can enforce security policies and restrictions specifically on a set of mobile apps used for business purpose say Microsoft Outlook, Microsoft Teams etc. installed on staff’s personal mobile phones. University's data within Outlook, Teams includes security protection such as data encryption, access controls, and remote wipe* capabilities in case of device loss or theft.
MAM security measures only apply to specific business apps and do not interfere with all other apps and data running on the mobile phone, respecting staff privacy and maintaining a clear separation between work and personal data.
By implementing the MAM service, we aim to strike a balance between the convenience of using personal mobile phone for work and the need to protect sensitive University data. Staff members can continue to leverage the capabilities of their personal mobile phone while having the peace of mind that University-related data is being safeguarded by robust security measures.
The following business-related mobile apps can be covered by MAM:
- Microsoft Edge
- Microsoft Excel
- Microsoft Office
- Microsoft OneDrive
- Microsoft OneNote
- Microsoft Outlook
- Microsoft PowerPoint
- Microsoft SharePoint
- Microsoft Teams
- Microsoft To Do
- Microsoft Word
This service is available to all full-time permanent staff. For more details, please refer to the service webpage and contact our IT HelpCentre (Tel: 2766 5900, WhatsApp/ WeChat: 6577 9669).
*Remote wipe only removed MAM protected app data on phone, emails, documents saved on Outlook, OneDrive and Teams site on O365 Cloud will not be affected.
