Albania is under cyberattack! For several months, groups linked to geopolitical commitments have placed Albania at the center of their target. Although nothing can be 100% protected from cyberattacks, some work practices can help increase the protection of sensitive data of Albanian citizens.

Më poshtë disa praktika që mund të ndihmojnë në rritjen e sigurisë së faqeve qeveritare në Shqipëri:

Everything behind using a Virtual Private Network (VPN)​

In at least two of the recent incidents reported in Albania, the problems with penetration into the servers of Albanian public institutions occurred through the exploitation of a security point in Microsoft Exchange where the security update (patch) was not applied in a timely manner. See: Microsoft investigates Iranian attacks against the Albanian government

A key strategy in increasing security is implementing Virtual Private Networks (VPNs) to protect interfaces that should only be opened to authorized employees. A VPN serves as a secure tunnel for transmitting data over the internet, encrypting the data during transmission. For government offices, this means that all communications between digital system interfaces are protected from unauthorized access. This encryption is especially important considering the sensitive nature of government data, which often includes personal information, financial records, and national security details. By routing all customer interactions through a VPN, government offices can significantly reduce the risk of data breaches and cyber espionage, ensuring that sensitive information remains confidential and secure.

Dynamic website: The special part of the database

Most websites built today are based on dynamic solutions, offering the ability to update news and any component of the website with a few clicks. These websites often require a scripting engine, or a powerful platform that supports advanced communication languages. Often, especially for small agencies on websites, 90% of the content of the website remains unchanged until the moment the headline and the website page are changed. However, these websites are programmed as if every element of them can be changed at any moment.

Regarding security, before building a site, ask the webmaster if it is possible to create a platform where editing information is done in an area protected by a VPN, while publishing the site is a compiled HTML page, which does not need to exchange information with a database. A webserver created only to provide a page in HTML, without having to connect to a database (where other information and databases are often stored) is much more secure than a webserver that needs to connect to a database. You are trying to generate a simple page in HTML. If you are wondering, the page you are visiting is created only with HTML and has no connection to a database.

Hosting on dedicated or shared servers?​

Shared Hosting is very cheap, but it comes with the risk of being in an environment with other sites, and often, the webmasters of these sites themselves do not know where they got the scripts they are loading on the site. For security reasons, always look for hosting only on dedicated servers or VPS, which is a more economical version.

Përditësimet e sigurisë​

Maintaining the security and efficiency of a server is a key aspect of managing any online service or website. The process of installing and regularly updating your server is essential to protect against vulnerabilities, malware, and other cyber threats. Whether you should do the server upgrade yourself or hire an agency depends on various factors including your level of expertise, resource availability, and the complexity of your server environment. Let’s examine the benefits and disadvantages of both approaches.

Server update​

Përfitimet:

• Cost-effective: Doing it yourself can save money that would otherwise go to an agency. For small businesses or startups, this can be an important factor.
• Direct Control: You have direct control over the update process, including when and how updates are applied. This can be essential for custom configurations or specific compatibility requirements.
• Zhvillimi i Aftësive: Menaxhimi i sigurisë së serverit tuaj mund t’ju ndihmojë ju ose ekipin tuaj të zhvillojë aftësi teknike të vlefshme.

Disavantazhet:

• Time: Staying up to date with the latest vulnerabilities and updates can be time-consuming, especially for businesses without a dedicated IT department.
• Risk of Errors: Without the proper expertise, there is a higher risk of errors during the update process, which could lead to outages or security breaches.
• Resource Allocation: The time and effort spent on updating could be better invested in your core business activities.

Punësimi i një Agjencie​

Përfitimet:

• Ekspertiza: Agjencitë janë të specializuara në menaxhimin dhe sigurinë e serverit, duke sjellë një nivel ekspertize që mund të ulë ndjeshëm rrezikun e kërcënimeve kibernetike.
• Time Saving: Leasing server maintenance allows you to focus on your business instead of the technicalities of server management.
• Comprehensive services: Many agencies offer a range of services, including monitoring, backup, and recovery, providing a comprehensive server maintenance solution.

Disavantazhet:

• Kostoja: Punësimi i një agjencie është më i shtrenjtë se të bërit vetë, që mund të mos jetë e realizueshme për të gjitha bizneset.
• Less control: Leasing can result in less direct control over the update process and server configurations, which can be a concern for businesses with specific compliance or operational needs.
• Varësia: Mbështetja në një agjenci të jashtme për mirëmbajtjen e serverit mund të krijojë një varësi, që mund të shkaktojë probleme nëse niveli i shërbimit nuk përmbush pritshmëritë ose nëse disponueshmëria e agjencisë ndryshon.

Përfundim​

The decision to update your server yourself or hire an agency should be based on a careful assessment of your specific business needs, resources, and risk tolerance. For businesses with the technical skills and resources, self-updating can be a cost-effective way to keep your server secure. However, for organizations without dedicated IT staff or those who prefer to focus on their core operations, hiring an agency can provide flexibility, expertise, and more time to focus on growing your business. Ultimately, it is essential that your server is regularly updated and kept secure, regardless of the method you choose.