The Supreme Court has directed all judiciary officials and personnel to strengthen the courts’ cybersecurity measures to protect sensitive data and minimize the risk of cyber threats.
Acting Chief Justice Marvic M.V.F. Leonen issued the directive as Chief Justice Alexander G. Gesmundo is on official travel abroad, citing the recent data breach involving the Philippine Health Insurance Corporation or PhilHealth.
In Administrative Order 150-2023 on “Proper Cyber Hygiene in Judiciary,” the SC said, “One of the most common ways of ransomware attacks is done through phishing emails, which usually contain malicious links or attachments.”
The SC warned, “Do not open these links or attachments unless they have been verified to be legitimate.” Court officials and employees were advised to examine carefully the sender’s email address to avoid being victimized.
“Phishers often use email addresses that look similar to ones used by legitimate organizations but may have small misspellings or inconsistencies. Always take a close look at the sender’s display name when checking the legitimacy of an email,” the SC said.
Court officials and personnel were also instructed to protect personal information and double-check email attachments by scanning the same for viruses.
On password security, the SC suggested that “under no circumstances should judiciary personnel use personal information and dictionary words in creating passwords.”
Judiciary officials and employees were also urged to use a longer password containing numbers, symbols, and both uppercase and lowercase letters; to avoid the same password for multiple accounts; to consider passphrases or a sequence of random words instead of passwords; to use a password manager; and to enable a multifactor authentication system in their accounts.
They were advised never to share their passwords with others, even those who claim to be from trusted institutions, and to ensure that any written passwords are stored securely.
In protecting important files and ensuring their recovery in case of data loss, the guidelines recommend that court officials and personnel follow the “3-2-1 backup rule” to ensure data redundancy and availability in case of hardware failure, data corruption, or other catastrophes.
The rule requires users to keep three copies of their data on two different media types, with one copy stored offsite.