MANILA, Philippines — In the aftermath of the recent cyberattacks targeting government institutions, the Supreme Court has issued guidelines to strengthen the judiciary’s cybersecurity measures to protect sensitive data and minimize the risk of cyberthreats.
Administrative Order No. 150-2023, which was signed by Associate Justice Marvic Leonen, directed justices, judges, and other court officials and employees to observe and practice proper cyberhygiene.
It urged all judiciary officials and employees to observe strict security protocols, remain vigilant in identifying threats, and report suspicious cyberactivities.
The order also included guidelines to be followed on email safety, password security, software and system updates, data backup, safe internet usage, device security, and suspicious activity reports in order to enhance the courts’ cybersecurity practices.
To avoid ransomware attacks through phishing emails, the guidelines recommended that judiciary personnel examine carefully the legitimacy of the sender’s email address for misspellings or inconsistencies; protect personal information; verify links prior to clicking by checking if the uniform resource locator, or the web address matches the legitimate website’s address.
READ: Hackers attack PhilHealth’s website, systems
READ: Hackers deface website of House of Representatives
READ: Attempts to hack Senate website traced to PH, Germany and US
Awkward language
Judiciary personnel were also told to look for typographical or grammatical errors, or awkward language in an email and to be cautious with urgent messages, saying “phishers often create a sense of urgency in their emails.”
“Check for generic greetings; double-check email attachments by scanning the same for viruses; and report suspicious emails as spam,” the order said.
The guidelines also advised users never to share their passwords with others, even with those who claim to be from trusted institutions, and to make sure that any written passwords are stored in a secure place.
Court personnel were also directed to ensure that the operating systems of their devices such as laptops, desktops, smartphones, tablets and other electronic devices were up to date.
To protect important files and ensure their recovery in case of data loss, the guidelines recommended that court officials and personnel follow the “3-2-1 backup rule” to ensure data redundancy and availability in case of hardware failure, data corruption, or other catastrophes.
Court officials and personnel were also advised to avoid visiting high-risk websites and downloading files from untrusted sources in order to protect their personal information, privacy, and security.
Users were also directed to lock their respective computers and devices when not in use, especially when in shared or public spaces.
They were also instructed to immediately report lost or stolen devices as well as suspicious emails, links, ads, or email attachments to the Supreme Court Management Information System Office, to prevent data leak and to maintain a safe online environment.
The order added that judiciary employees must be careful when using artificial intelligence applications or software, as this can place their privacy at risk.
“Judiciary employees should be cautious when sharing their personal information online and they should only use applications from trusted sources,” Leonen said.
“Additionally, Judiciary employees should read the privacy policy of any application before using it and should be aware of how their data will be used. By taking these precautions, judiciary employees can help protect themselves from potential privacy and security risks,” he added.