Title: Supreme Court Adopts Cybersecurity Guidelines to Safeguard Sensitive Data and Counter Ransomware Attacks
The Supreme Court has taken decisive action to protect the integrity of its sensitive data and combat the escalating threat of ransomware attacks by implementing comprehensive cybersecurity guidelines. Aimed at bolstering the court’s cybersecurity practices, these guidelines serve to mitigate cyber threats, enhance data protection, and minimize the risk of online security breaches.
Administrative Order No. 150-2023, titled Proper Cyber Hygiene in Judiciary, was issued by Acting Chief Justice Marvic Leonen as a proactive measure against potential vulnerabilities. The guidelines encompass various key areas, including email safety, password security, software and system updates, data backup, safe internet usage, device security, and the reporting of suspicious activity.
In addition to addressing existing vulnerabilities, the Supreme Court has raised concerns regarding the use of digital applications employing artificial intelligence (AI) to enhance users’ portraits. Such applications pose a significant risk as they collect user data and generate digital images that can be exploited to create fake profiles, leading to identity theft, social engineering, and phishing attacks. To counteract these threats, court officials and employees are advised to exercise caution when using such applications and to remain vigilant against potential risks.
The Court’s warning follows a similar memorandum issued by Defense Secretary Gilberto Teodoro Jr. to members of the defense-security establishment, underlining the widespread need for cybersecurity measures across various sectors.
The guidelines emphasize the importance of email safety and recommend that all court personnel scrutinize sender email addresses meticulously. Additionally, individuals are urged to adopt longer passwords, ensure regular updates of their device operating systems, and maintain regular data backups to safeguard against potential data loss.
To counter phishing attacks, the guidelines stress the necessity of verifying the legitimacy of sender email addresses, checking for misspellings or inconsistencies, and verifying links before clicking on them. Employees are also advised to exercise caution with urgent messages, scrutinize generic greetings, and scan email attachments for potential viruses. Any suspicious emails should be reported as spam, reducing the risk of falling victim to cyber threats.
Regarding password security, court officials and personnel are instructed to steer clear of using personal information or common dictionary words. Instead, they are encouraged to create longer passwords comprising a combination of numbers, symbols, uppercase and lowercase letters. Passphrases or sequences of random words are presented as a viable alternative to traditional passwords. The use of password managers and enabling multifactor authentication systems is also highly recommended.
Furthermore, the Supreme Court has highlighted the significance of routinely updating the operating systems of devices used by court personnel, including laptops, desktops, smartphones, tablets, and other electronic devices. Detailed step-by-step instructions are provided for both Windows and Apple/Mac users, ensuring seamless integration of system updates.
To guarantee data redundancy and availability in the event of hardware failure or data corruption, court officials and personnel are advised to adhere to the 3-2-1 backup rule. This rule dictates maintaining three separate copies of data, two backup media/formats in different locations, and at least one offsite backup.
To maintain safe internet usage and device security, the Supreme Court emphasizes the importance of downloading files and software only from reputable sources. Secure and judiciary-approved file-sharing platforms should be exclusively utilized for work-related activities.
It is noteworthy that Chief Justice Alexander Gesmundo is currently on official travel abroad, indicating the commitment of the Supreme Court to addressing these critical cybersecurity concerns.
In light of the recent ransomware attacks targeting the Philippine Health Insurance Corporation (PhilHealth), these guidelines are a welcome development in fortifying the country’s overall cybersecurity framework. By prioritizing data protection, employing best practices related to email safety, password security, system updates, and safe internet usage, the Supreme Court is taking proactive steps towards safeguarding sensitive information, ensuring a resilient judiciary system, and promoting a secure digital ecosystem.
