Boost cybersecurity measures, Supreme Court orders judiciary personnel

MANILA, Philippines — The Supreme Court (SC) has ordered officials and personnel of the judiciary to strengthen cybersecurity measures to “minimize the risk of cyber threats” as it issued guidelines to be followed by courts on “proper cyber hygiene.”

The directive was in light of the recent data breach involving the Philippine Health Insurance Corp., where at least 13 million members have been affected.

Under Administrative Order No. 150-2023, the guidelines include actions to be followed on email safety, password security, software and system updates, data backup, safe internet usage, device security and suspicious activity reports.

To protect against phishing emails, which usually contain malicious links or attachments, the SC said judiciary personnel should examine carefully the sender’s email address and not open links and attachments unless these have been verified to be legitimate.

It added that personnel should check for misspellings or inconsistencies, typographical errors, grammatical errors, or awkward language.

The high court also suggested that judiciary personnel should never use personal information and dictionary words in creating passwords and instead use passphrases or a sequence of random words, use a password manager, and to enable a multi-factor authentication system in their accounts.

Judiciary officials and personnel were also directed to ensure the operating systems of their devices such as laptops, desktops, smartphones, tablets and other electronic devices are up to date.

The guidelines also recommend court officials and personnel follow the “3-2-1 backup rule” where users must maintain three separate copies of their data (original in their primary device and two additional copies in different locations; two backup media/formats; and one offsite backup).

This, the SC said, is “to ensure data redundancy and availability in case of hardware failure, data corruption, or other catastrophes.”

The high court also urged court officials and personnel to avoid visiting high-risk websites and downloading files from untrusted sources to protect their personal information, privacy and security.

The SC also recommended that they download files and software only from reputable sources and use only secure and judiciary-approved file-sharing platforms for work-related activities.

Court officials and personnel were also directed to lock their respective computers and devices when not in use, especially when in shared or public places.

They were also instructed to immediately report lost or stolen devices and suspicious emails, links, ads, or email attachments to the SC Management Information System Office “to prevent data leak and to maintain a safe online environment.”

The SC warned court officials and employees of the risks of using artificial intelligence in digital applications, particularly those that require users to submit several photos of themselves to generate enhanced portraits.

“These digital applications collect users’ data and create digital images that mimic an individual’s looks and  speech, which can be used to create fake profiles that can lead to identity  theft, social engineering, and phishing attacks,” it said.