In view of the recent ransomware attacks targeting government institutions, Supreme Court (SC) acting chief justice Marvic Leonen on Friday, Oct. 20, directed all court personnel to observe strict security protocols and adopt a set of guidelines on the observance of proper cyber hygiene.
Through Administrative Order No. 150-2023, Leonen issued guidelines to be followed on email safety, password security, software and system updates, data backup, safe Internet usage, device security, and suspicious activity reports in order to enhance the courts’ cybersecurity practices, protect sensitive data, and minimize the risk of cyber threats.
Email safety
To avoid ransomware attacks through phishing emails, the guidelines recommend that judiciary personnel examine carefully following:
- legitimacy of the sender’s email address for misspellings or inconsistencies;
- protect personal information;
- verify links prior to clicking by checking if the uniform resource locator (URL), or the Web address, matches the legitimate website’s address;
- look for typographical errors, grammatical errors, or awkward language in the email;
- be cautious with urgent messages, as phishers often create a sense of urgency in their emails; check for generic greetings;
- double-check email attachments by scanning the same for viruses; and
- report suspicious emails as spam.
Password security
The guidelines suggest that under no circumstances should judiciary personnel use personal information and dictionary words in creating passwords.
Judiciary officials and employees are also urged to use a longer password containing numbers, symbols, and both uppercase and lowercase letters; to avoid the same password for multiple accounts; to consider passphrases or a sequence of random words instead of passwords; to use a password manager; and to enable a multi-factor authentication system in their accounts.
The guidelines also advise users to never share their passwords with others, even with those who claim to be from trusted institutions, and to make sure that any written passwords are stored in a secure place.
Software and system updates
Court personnel are also directed to ensure that the operating systems of their devices such as laptops, desktops, smartphones, tablets, and other electronic devices are up to date.
In this light, the guidelines provided a step-by-step guide on how to check for system updates for both Windows and Apple/Mac users. The guidelines also list free third-party anti-virus applications that may be downloaded and installed by court personnel in their devices.
Data backup
To protect important files and ensure their recovery in case of data loss, the guidelines recommend that court officials and personnel follow the “3-2-1 backup rule” to ensure data redundancy and availability in case of hardware failure, data corruption, or other catastrophes.
Under the “3-2-1 backup rule,” users must maintain three separate copies of their data (original in their primary device and two additional copies in different locations of media); two backup media/formats (i.e., one copy in an external drive and another in cloud storage); and one offsite backup, or a physical location different from both the primary data and its backup.
Safe Internet usage and device security
Court officials and personnel are urged to avoid visiting high-risk websites and downloading files from untrusted sources in order to protect their personal information, privacy, and security.
The guidelines recommended that court officials and personnel download files and software only from reputable sources and utilize only secure and judiciary-approved file-sharing platforms for work-related activities.
Users are also directed to lock their respective computers and devices when not in use, especially when in shared or public spaces. They are also instructed to immediately report lost or stolen devices as well as suspicious emails, links, ads, or email attachments to the Supreme Court Management Information System Office (MISO), to prevent data leak and to maintain a safe online environment.
AI image generators
Court officials and employees were likewise warned of the risks of using artificial intelligence (AI) in digital applications, particularly those which require users to submit several photos of themselves to generate, through AI, enhanced portraits.
These digital applications collect users’ data and create digital images that mimic an individual’s looks and speech, which can be used to create fake profiles that can lead to identity theft, social engineering, and phishing attacks.
“Judiciary employees should be cautious when sharing their personal information online and they should only use applications from trusted sources,” said Leonen.
“Additionally, Judiciary employees should read the privacy policy of any application before using it and should be aware of how their data will be used. By taking these precautions, Judiciary employees can help protect themselves from potential privacy and security risks,” he added.