Information security basics for company + checklist for checking information security of organizations. - Tutorials - CryptoTalk.Org Jump to content

Information security basics for company + checklist for checking information security of organizations.

Recommended Posts

Information security basics for company + checklist for checking information security of organizations.


Businesses need to know this or the basics of information security!
In this article, I would like to talk about information that needs to be protected from attackers planning to harm your business. Please note that we will not be talking about the technical part of companies' operations, but about social engineering aimed at the vulnerabilities of your employees.
We added a free for public use "CHECKLIST FOR CHECKING THE INFORMATION SECURITY OF ORGANIZATIONS". We hope that this checklist and the information in this article will add peace of mind and information security to your organization.
You can read the checklist at the end of the article.


Businesses need to know this or the basics of information security!
More often than not, email is the main entry point into the secrets of your company and its personal staff. Every official company website contains contact information that includes an email address with the company domain. For example, or

This is consistent with business ethics, but in today's Internet there are a huge number of tools (e.g. Google Dorks,, etc) that, using the domain, collect other addresses that the organization may not have wanted to publish to the general public. This might reveal something like,,

The mere presence of a work e-mail not only gives the opportunity to establish direct contact with the employee bypassing the public relations department, but also allows colleagues to misuse it, namely to register accounts in social networks, order deliveries and so on, so on, so on. All of this subsequently gets ducked. With such email addresses, we can find a lot of interesting personal information that is useful for hackers and cyber blackmailers.


Employee photos on the company website

Businesses need to know this or the basics of information security!
Yes, photos on a company's website can help find your employees' social media accounts. In most cases, this information has no commercial value, but it is a great opportunity to gather information about an employee's private life, which can result in such a well-built social engineering campaign that the attacker will not even notice the catch.
By the way, there are quite a few tools for searching social media accounts by face. For example, FindClone, SearchForFace, and even simple
Public activity

In reality, photos and public activity are not as critical vulnerabilities as personal data that can be gleaned from email addresses. To exclude a company's public activity is to cut off 80% of marketing. Some things are worth publicizing and some are not.

An example of a social engineering attack would be a text like this: "Good afternoon, I saw you at the conference "Legends of SOC - 2023". We liked your presentation very much. We would like to propose cooperation. Terms and conditions and a detailed offer are in the attachment". Agree, tempting! Especially if your company slightly underpays a sysadmin, and he is in search of a more favorable offer. There is a high probability that even an experienced IT specialist will first open the attachment and only then think about it.


Files on the company website

Businesses need to know this or the basics of information security!
You may think that you have hidden all the unnecessary files, but Google search robots have indexed everything carefully. It is very easy to check this. For example, your website is: Type in the search bar google: filetype: (here without a space file format -- pdf, doc, docx, xls, txt) Next, we check that nothing unnecessary is suddenly not in the public domain.

There are a number of documents that a legal entity cannot not publish, but what is not included in this list, it is better to clean, because unnecessary information about your employees, counterparties, financial assets - all this is excellent food for a potential attack.


We also want to pay attention to which employees pose the greatest threat to the information security of companies.

Businesses need to know this or the basics of information security!
Most information security studies indicate that the weakest link in security measures is the employees, as they are the ones who have full access to all the resources and documents of the organizations.
New IT employee
A new IT employee can inadvertently cause huge damage to a company's security. Today, hackers are using more and more sophisticated methods to infiltrate internal company resources, such as social engineering. A newly hired IT employee is unfamiliar with the protocols and processes responsible for the secure transfer of files over a network, and is therefore an extremely attractive target for cybercriminals looking to gain full access to corporate information.

System administrator

In many companies, system administrators handle the main information security issues. A sysadmin doesn't just handle the technical aspects, but has a huge responsibility for the tangible and intangible assets and reputation of the organization. Moreover, he knows almost everything about the company, has access to all confidential data, so under certain circumstances he can be subjected to pressure from cybercriminals.

Top management

Rather oddly, a company's CEO is actually often a huge threat to the company's information security. According to the Ponemon Institute, more than half of the leaks involving employees are caused by top management. Such losses are clear proof that hackers see not only middle managers but also top management as their targets. Executive assistants are also the carriers of very valuable corporate information. They have access to all credentials, passwords, financial reports and internal documentation. This is what makes them a particularly attractive target for hackers.

Security Consultant

If your organization needs a complex, multi-stage security system, be prepared to partner with a variety of service providers from this field. Remember, however, that an external security consultant brought in to determine the current level of security and set goals for the organization's IS direction has full access to all internal company resources and sensitive data, which hackers are well aware of.

External vendor

Large companies often utilize multiple external vendors at once. Daily hacker attacks confirm that once vendors gain access to a company's internal systems and networks, those systems and networks are particularly vulnerable to cyber threats. To protect themselves, companies must give vendors limited, controlled access.

Fired employee

A fatal mistake many companies make is neglecting to close access to internal resources and networks to former employees. By making this mistake, organizations become even more susceptible to cyberattacks. The only true solution is to immediately delete all accounts of employees who are no longer with the company. Moreover, former employees can easily take databases of potential and current customers and other confidential information with them and put it freely available online.

Temporary employee

Temporary employment is a very common phenomenon, especially in the service and sales industry. The IT sector is no exception, as very often employees are needed here on a temporary basis to help close some tasks. These employees are given access to various corporate portals and systems where the company's most important information and data is stored. Moreover, temporary employees are given the use of corporate laptops, tablets and smartphones. This is why these employees should be considered full-fledged in the organization and protected from information security threats. I would like to finish this article with a quote from Bruce Schneier: "In terms of security, the mathematical apparatus is flawless, computers are vulnerable, networks are lousy, and people are disgusting."

Remember that it is employees and their negligence towards security measures that pose a huge threat to a company's IT security.





Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Topics

  • Сообщения

    • Власти Китая намерены бороться с растущей преступностью в сфере блокчейна и метавселенной   Верховная прокуратура Китая выступила с предупреждением в отношении преступников, использующих технологию блокчейн и проекты метавселенной для незаконных действий. В ходе пресс-конференции 23 февраля официальный представитель Ли Сюэхуй подчеркнул растущее распространение киберпреступности, ссылаясь на использование криптовалюты для отмывания денег.   Директор Четвертой прокуратуры Верховной прокуратуры Китая Чжан Сяоджин выделил риски, связанные с инвестиционными мошенничествами. Он предупредил граждан и пользователей цифровых активов о необходимости оставаться бдительными перед изменяющимися криминальными стратегиями. Одной из таких является "резка свиней", которая включает привлечение жертв к инвестированию в мошеннические проекты или обменники цифровых активов. В прошлом году американские власти конфисковали свыше $9 миллионов в стейблкоине Tether USDT, связанных с этой схемой.   В 2023 году китайские власти привлекли к уголовной ответственности более 42 000 лиц, замешанных в электронных мошенничествах и криптообманных схемах. Впереди органы прокуратуры намерены реализовать указания 20-го съезда Коммунистической партии Китая, сосредотачиваясь на содействии интернет-правовой работе и формировании позитивной интернет-экологии.
    • Мы рады объявить, что поддерживаем BOND на нашей платформе!   BarnBridge (BOND) — это проект в сфере DeFi, созданный для снижения рыночной волатильности путем токенизации рисков, привлекающий внимание своим инновационным подходом к управлению рисками. Проект заметил увеличение стоимости токена после усилий по соответствию регуляциям Комиссии по ценным бумагам и биржам (SEC), подчеркивая свою приверженность соблюдению регуляторных требований. BarnBridge стремится сделать пространство DeFi более доступным и безопасным для инвесторов, предлагая продукты, которые удовлетворяют различные аппетиты к риску, подкрепляя свою полезность на быстро развивающемся рынке криптовалют.   Обменивайте BOND по лучшим курсам на: 👈  
    • We are excited to announce that we support BOND on our platform!   BarnBridge (BOND) is a DeFi project designed to mitigate market volatility by tokenizing risks, gaining attention for its innovative approach to risk management. The project saw an increase in token value following efforts to comply with SEC regulations, highlighting its commitment to regulatory adherence. BarnBridge aims to make the DeFi space more accessible and safer for investors by offering products that cater to varying risk appetites, underpinning its utility in the rapidly evolving cryptocurrency market.   Exchange BOND at the best rates at: 👈  
    • Вот это уже второй прокол по дропам! Эти нехорошие люди кинули кучу людей, отсеяв их по неизвестным нам критериям, причем даже тех, кто с самого начала активничал и довольно серьезно.... Да, в дропах стало слишком много нехороших типов разного сорта
    • Вот так все и получилось...  Но вроде как что-то обдумывается и планируется, так что надо ждать и держать до конца наши талки, зачем торопиться их сливать... Надо верить в лучшее)
    • Это точно! Никогда не говори никогда)) Смена рулевого и приоритетов может возродить что угодно и кого угодно... Но мне лично подобные моменты не очень как-то заходят, сомнения  по полной...
    • Эти представители парнокопытных тоже испортили ландшафт своими волюнтаристскими решениями по отсечению даже тех, кто с самого начала работал, подогнал по максимуму рефов, прокачал по полной котика! Не показали по какой схеме все пересчитано и каков критерий отсечения и пр., и пр. (((
    • Доказано, что... Наши прокси улучшают показатели траста аккаунтов. Меньше расходов и повышенный ROI обеспечены 🥰 Сайт🙂 Телеграм❤️ Вконтакте 🤧 Поддержка 🤩Твой промокод CRYPTO_LAB
    • вопрос в том, уже отыгран факт халвинга в цене биткоина или нет? если уже да, то вряд ли можно ожидать сильного роста, скорее надо ждать коррекции сразу после самого события.
    • Трамп чтит все, что ему приносит деньги. на нфт он уже заработал, теперь наверное считает, что на битке тоже сможет. тем более, что ему штрафов еще немало платить.
  • Create New...