RCR 029: Data Classification (Part II) - CISSP Study and Training!

Description:

Shon Gerber from ShonGerber.com reveals to you the steps and the cybersecurity training you need to grow your Information Security career while protecting your business and reduce your company’s cyber risk. Shon utilizes his expansive knowledge while providing superior training from his years of cybersecurity experience.

In this episode, Shon will talk about recent security news: $20 Million Dollar Mexican Bank Heist; Global Cybersecurity Alliance and Mastercard Partnership – FREE Cybersecurity Toolkit; China Won’t Ask Chinese Companies to Spy.

Our Cybersecurity Training for the Week is:  Data Classification – Part II

As always, utilize Shon’s cybersecurity training to help fulfill your Continuing Education credits for your CISSP or other security certification.

Want to find Shon Gerber / Reduce Cyber Risk elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber

ReduceCyberRisk.com – https://reducecyberrisk.com/

Facebook – https://www.facebook.com/CyberRiskRed…

Transcript:

reduce cyber risk podcast for we provide you the training and tools you need for your cybersecurity career hi my name is Sean Gerber and I’m your host for the action-packed informative podcast join me each week and I provide you the information you need to grow your cybersecurity knowledge while taking practical and actionable steps to protect your business from the evil hacker horn all right hey Google reduce cyber risk podcast March 18th 2019 cyber risk and today’s podcast heading your way as a relates to cyber-security news and what’s going on in the world of cyber I’ll be around data classification part 2 by last week we had data classification part 1 this is the follow-on to that as Aldi’s Aldi’s the trains and I provide through do cyber risk are also a great source for you to be able to go out and help your company if you are a cybersecurity professional and you are looking to potentially even to work on your cissp is so great way that you can get the training you need to be successful. Mexican bank heist which that’s pretty good money next one is a global cyber Alliance working with MasterCard to create something for small medium sized businesses that is really cool the third one is China won’t ask any Chinese companies to spy for them interesting we’ll see how that plays out training for application 2D classification what part what was last week’s episode and that we kind of go into all the details around that and how important that is for an organization especially if you are a cyber security professional you definitely consider some level of data classification you start small but I highly recommend you do something for so it’s going to get right on into the podcast recent bank heist against the Mexican Banks notorious friends in the North Korean call Lazarus talked about this in the past few cast around the fact that to the Lazarus group arises from the dead in the Bible never die they just keep out our business lastly head to reduce cyber risk and look for the free stuff lots of free stuff and it’s only available for our email subscribers is growing each and every day thanks again for listening there stealing stuff all the time and there’s one thing that came out of recent conversations we that was in the news was around this group going in targeting companies to steal money so that they can help fund the North Korean government so it’s an active way of seeing how cyber Espionage and theft can work to help a nation-state be successful and in this case he attempted to steal at the beginning and this fail Caso de trying to bathe a wet bag they swing for the bleachers and they got a whiffer however because of that they made some choices they went after some smaller Banks and to be successful they hit about $50 and success and they were making money so hard about that is that the smaller banks at work targeted didn’t have some things in place that are actually kind of shocking from a bank standpoint but I guess it comes down to regulatory aspects as well but they noted was that the access to internal servers were available from the public internet that’s 101 bad thing to do especially if you’re a bank right I guess if you’ve got your big cache of kitty fuzzy kitty dice something that you can try to sell online and you want to have that available from the internet probably still a bad idea but not so bad 20 million dollars yeah that’s that’s some serious cashola and some big money I’m so that was kind of interesting aspect and they also found out that they did not have very strong security control imagine that it’s available from the little segmentation we talked about reduce Everest segmentations very good things to appropriately especially in the manufacturing space or in areas where you don’t want you want to limit access to individuals segmentation is a good at thing to do especially in the banking world have to do that so those are some things that didn’t have a place well because of that these guys got in they got in deep and they hung out which is a great technique to do if your a bad guy go in low and slow and hiding the noise well they set up a groundwork basically for cash grabbing and we were looking to see how they could get this money out another thing the smart thing they did I’m not saying that this is a good idea so if you are a bad guy trying to do this again you break big rocks into little rocks is not a good thing for stealing people’s money however the thought process is that you know what I’m going to go and quiet I’m going to try to steal the money as fast as I can or I can go in and going quiet and I can just trickle out the money there’s a movie out there about basically robbing a penny from individuals or from the stock market for every transaction that’s worth like $18 something like that but what they did small amounts it was a setup money so they are internal Network they had access to the network but rather to send it to their old bank account what they did was they sent they sent it from a phantom account that didn’t exist to a real account that was masked so that people wouldn’t get suspicious of the negativity Bill Smith write to Bill Smith’s a real client and they send it to Bill Smith’s account however they don’t send it to him they put a suit name on there so that Bill Smith wouldn’t get the wiser unless he really was looking deep into his account to see lots of money so they did that calls from the drug industry to do in this case the cash industry to go out and then take cash out of ATM to make withdrawal and they did this in small amounts from tends to 200,000 pesos 10000 set is not 10 pesos from 10,000 to 100000 pesos I wouldn’t attention and they would pay these individuals for their time at $250 per mule a bunch of cash and then they would pay him about 2 and fifty bucks so it was a good deal for them and they’re able to work this out and it basically Real Steel between 15 and 20 million. from Bank of Mexico life should not make Mexico but some smaller banks in Mexico and as always comes back to this it goes back to show me the money and follow the money as they follow the money these things are going to happen so the North Korean group they’re not going anywhere and they’re going to steal as much cash as they can if your networks aren’t tied down guess what it’s open game for these guys so just keep that in the back of your mind the next one is the global cyber Alliance working with MasterCard and I think this is really a genius way of doing business reduce our risk is brought to a birthday out of the Phoenix of the ashes of small medium-sized businesses in the goal of providing the training that I provide is for basically cissp individuals working Alex certified information security systems security professional certification has a mouthful cybersecurity professionals get smart on cybersecurity from an old crusty fart like myself and it’s also just to help small and medium-sized businesses to understand the cybersecurity space and this is a cool aspect around with a global cyber alliances doing with MasterCard in that it created toolkit to basically help businesses be successful in the cyberspace and why do small businesses especially don’t pay much attention to cyber well they should because bottom line is special for using MasterCard credit card companies certain level security around their products most of them they’re just trying to keep their businesses go or they don’t have time to learn the stuff they also can’t pay somebody security person probably demand for these small-time businesses and spice I reduce Everest came about and it’s so with this they actually have video guidance documentation tools available to business owners to basically set up their own understanding cybersecurity of their environment basically just going to see if I can provide any feedback for you all here on reduce ever risk but I think it’s a really good tool especially if you’re any sort of business it’s good to understand it and one of the things that we talked about in the previous news item was around Mexico and in the fact that they didn’t really use any sort of Frameworks that that are out there we talked about and reduce cyber risk theirs than this framework which the National Institute of Standards and Technology will their Frameworks are very helpful when setting up environment well the cool part about all this is that they use this tool kit with Frameworks to help you so answer really cool option for small and medium businesses especially since the finding a security professional can be a challenge and could be very cost-prohibitive factor that we talked about this well before but it’s an ecosystem so small businesses in many cases from manufacturing to chemicals to oil production to you name it they there is he’s third parties that help when I like the the little the ecosystem around the big mother beast that is that is the Enterprise and these guys are all servicing that well if you can help them secure their business and some many cases are very small mom-and-pop kind of businesses you now are also reducing the risk for your Enterprise as well so if you’re a large big time so kind of person listening to this podcast dwell here now you got something you probably haven’t heard before so I would recommend that you you definitely look at this as an option get with your legal folks to make sure that you can talk to your vendors about this product but I think it’s a really good way to offer up to your vendors hey this is an option to look at if you want to look at securing your company especially if you don’t know anything about security that’s all again that sounds pretty cool play tool kit. Org is where you’ll find it and that again it’s partnership with global cyber Alliance and MasterCard so go check it out I think it’s a really good option and tell your friends and Neighbors about this wonderful tool kit for early 1995 just kidding next one is no spying says China yeah so that could be the case and I think it’s but I would also say that you could also replace no spying says United States or wherever why what they’re saying is they’re not ghosts they’re never going to ask the firm’s I’d like to put an air quotes in the article never asked its firm to spy on other nations alligator going to ask for now that doesn’t mean they may not utilize the firm’s capabilities to spy on a nation but they won’t probably ever ask somebody hey yo way I want you to spy on United States ask them however they made imply that and say it doesn’t have access to your servers for a little bit again this is a interesting part I think it’s a public relations piece of this that is what the image play into stealing intellectual property have in the past and future who am I to say has the United States been involved in cyber aspects yes they have in the future yes they will the big difference is that you see a direct reflection upon Electro property stolen in China and then turn around and used in other products elf I was reading a book or recently around artificial intelligence and interesting concept for me I did not understand but the Chinese when I say this as a guy in United States and I have Chinese kids but that’s about the extent of it right so they they are not I’m not connected to the Chinese government or are the Chinese people and to be able to say this is true or not so disclaimers out there but everyone is booked he was talking about how the fact the Chinese are are as a people there ingrained on going out and getting ahead it so it’s a dog-eat-dog world there and you have to get take advantage liberating somebody’s intellectual property so you can get ahead is kind of a norm but that’s their culture in some cases that’s the guy in the book not me saying that however that being said is that they interesting part about that is China’s government this will not happen in this follows onto the highway and since we’re the CFO four-way was is actually been incarcerated or not like she’s on house arrest or something like that in Canada wedding Arrangement so we’ll see how that all plays out but it basically is going to affect way in the 5G space so as we all know five years coming big and bad and it’s going to make some people very very very very rich it’s also going to have a lot of control as we all know with the social media world it’s all about control and now if you control all the full-time access to 5G so I can see how that piece of it goes Chinese law that just recently came into effect and it basically obliges a Chinese companies to Aid the government on the National Security part about all that is that much would be knighted states or any other country I know during World War II there was a lot of aspects were companies came and rallied around you at the government’s within that area especially as it came to manufacturing weapons and so forth so I think that kind of Falls away with this it may be a little bit more over but there’s a lot of Tails and telltale signs that people kind of may have concern about working with the Chinese government so it’ll be how it goes but I know the Chinese government watch people to invest with in China and they know they have a bit of a bad taste in their mouths some of these companies do because they’re concerned about taking their super secret sauce over there so it’ll be interesting to see how this plays out and then now if you didn’t have to go to China you can have these 5G antennas sitting in your country I mean put it this way if your China what a great way to put intelligence within a country if you have all these all of these sensors sitting around other country you can listen to everything so yeah there there’s a lot of sensitivities here that you wouldn’t do before we’re in the past have a hard time getting into a room to put in a bun just a listen to conversations that were really inaudible and now you can have 5G antennas put anywhere around the country around the world and you could potentially listen to conversations it’s pretty cool. Good for everybody else to do it let’s go ahead and let’s roll into our training on data classification part 2 cuz we’re looking at criteria around data classification you first thing to do is identify a specific order for the data and this comes down to an individual who is ultimately responsible for the data and the protection of it now it could you could have two different people you could have a person who is the owner of the data and he he or she may not be the person that is actually overall responsible for securing the information but when it comes to Define who has the actual data that is the person that needs to deal with it doesn’t return my holiday will be classified and labeled so when it comes down to labeling the information what would you do around that how do you protect that information until that would be from a classified situation to an unclassified situation could be a situation where you have top-secret the secret you have a higher than secret for higher than top secret those are different pieces of as of Realtors related to data classification but one thing you may have from a business point of view you may have intellectual property and you may call that as a low medium or high or potentially even critical depending upon the situation of your company something to keep in mind though is the fact that the morgue labels that you put in here more the higher classifications the different tiers the more complex in the more challenging will be to manage long-term so you need to consider that before you end up putting all these labels in place she also need to classify the appropriate data nothing and some pudding and play something that would say you know what we’ve got it setup for just high medium and low that would be great your high aspects are going to have a certain protection and place and mediums a certain level and aloe is they basically could say it’s not protected at all but you have to come up with something and even if you went with high and low that is a great option to start with the key though is as keeping your high very small and succinct do not get caught over complicated with the number that you put in there from a high medium and low standpoint just because the simple fact of the matter is these different tears again later talked about previously it will be a bit of a child’s to manage and maintain you need to consider some level of an exemption process process would be put in place to cuz you’re going to have issues they’re going to come up you’re going to have people that are going to struggle with something they’re going to need that have an exemption exemption with and she’s going to have to have something in place to manage those exemptions to be used so this comes into where you have your high and let’s just say for example we’re going to go with low and high and you have already determined the exemption process you already know who the owner is you know them in case if someone has a high IP that you need to have protected or a high data whether it’s like pie or then what you’re going to have to decide is have the right controls and employ example you might want to say I have put in place access controls for this the high IP of the high information along with that we have put in level of encryption on the data itself so that’s protected just another barrier along with that you have added the access to a reduced because of access-control physically from getting into the building you can’t get into the building anymore so where you have only with certain ways you get in the building you may have it set up where if you are going to access specific High information remote access is not allowed so you can have these different controls in place to help reduce that German procedure to declaw information right so safer and since you have your high in IP or you have your a highly classified information that set up in the space how do you declassify a how do you take off that level of protection for that information and so that could also come down to is that who is the right or so is it a process in place where the owner can then send a link to somebody that saying yes I approve this or does it have to have a second party involved to remove the Protections in many cases like I’ve seen the past the individual who owns the data will say okay we need to remove this information from there and then an email is sent to maybe a Hyatt I can pee pee or maybe even the CEO depending upon the size of the company saying that I am going to remove the protections from this data then the CEO of that that next level person that allows that to occur once that happens then that is left to AIT and nit then takes the protection off now you can have it set up personal stream live or just the individual I’d highly recommend against having just one person who can remove and add the protections at a whim the reason is that if that person ever becomes compromised or that account that the person uses becomes compromised then they could end up turn around and turning off the protections on your information and then it can be sent wherever you want so I would avoid that if all possible have some level Enterprise awareness around what you’re trying to accomplish need to talk to individuals company managing your intellectual property and what should they do to to deal with it how how do they manage this the IP and also for the procedures basically from out of the begin the Electoral property at button or the classification process how do they transfer the information however the exemption processes and what is the destruction process all of those key aspects need to be created from beginning to end I need to teach people how this works just basically because if you don’t do that was going to happen is they’re going to go out and make all kinds of crazy changes to your environment and it will affect your overall protection of your IP hiking so here’s an effective metadata strategy that you can use or your company’s well you can basically add metadata to your IP or to your data and this from a data classification standpoint you can also search on this metadata you may and many cases not expose the actual sensitive information by using this metadata the challenge of it is out is that it can contain some very sensitive information so if you use it just know and keep in mind that if you’re exposing this information to the outside world there could be sensitive information which would give somebody the data that they might want to do water sources within your environment example in a previous life and I’d find out metadata had the super secret sauce that was there no say it didn’t have the super secret sauce in the metadata at cell but it told me the file names that were associated with the super secret socks if you do that then what ends up happening is his now as an attacker gets within your environment they now can use those keywords off of that metadata to search within the environment which is so could add some level of risk and think about that is that a viable option to continue and if it isn’t but I would recommend you utilize some level of you just needed to find how much of an information do you want to maintain within your data structure and with your data classification environment now there’s two types there’s a structured and unstructured data 80% of your data is most likely considered unstructured and that’s just basically hanging out there right updated it’s always use and that most of that data it would be considered unstructured it business has little exist probably doesn’t even know it is just it’s created by your people when they’re doing their daily activities but it’s not as in a structured high or low IP type of solution or Harlow now what was interesting concept I thought was forced to research head out there about is about 100 billion documents each and every day that are created through from from people just creating stuff out of the world a hundred million diamonds are created every day you think about that can’t even comprehend how much information is put out about these individual companies and in many cases there is some sensitive information that’s within these documents on a daily basis so having a good day to classification process in place is extremely important but you need to do it from the beginning and also incorporate these various tools so you know understand what your data is right so what is most important you have controls and place on your data you’ve defined what these control with the classification scheme is you implement these controls on your data classification scheme you utilize metadata to help you make a searchable but you have a good plan around your metadata and then you also are focused on only the structured data at the unstructured data you’re not because it’s just too much so the point of that there was by educating which we talked about earlier is that by educating employees you now can get into a good strategy around protecting this information otherwise what’s going to happen is you’ll say and you have to educate them to go okay this is intellectual property highly sensitive information this is information that is dealing with Personnel you need to protect it in this matter if you don’t do that what’s going to happen you’re all kinds of data going to go everywhere from Alachua property type stuff to AutoCAD to medical files to financial records you name it it’s all out there and especially as you get into having employee data within an Erp solution which is like your enterprise resource planning solution sap is other companies out there that have some more options to it but basically is what it comes out to all of your information is stored Within These Solutions was her first or with any solutions one they have gobs and gobs of data about your company about your employees and are a very lucrative Target for hackers and so therefore when is it happening is is many people lose fat side of the fact that they have this data may be protected in the certain individual spots but when it goes into these Erp solutions they don’t have the information protected as you’re dealing with around tagging the information lifecycle management is it you need to really take a tiered approach as you’re approaching this and the reason I ask that is why I say that is because it is going to have a situation where this going to be information is less important in a certain location than in another location but I would recommend that you store this information in one location or in a structure plant around where you store this information some people take the attitude that will have put on my highest IP or my most sensitive information one location much simpler for an attacker hacker to get access to this information rather than having it if it’s spread around then they can’t find all this information it’s true in the fact that it’s it’s now in one Central spot and it’s easier for a hacker to potentially get however it’s also easier for you to protect Monitor and watch if you’re not doing that what ends up happening is is your data can get all spread everywhere you even know where it’s at and if you don’t know where it’s at then it’s really hard to protect something or you don’t know where it lives so it’s imperative that you put some together some level of a tiered approach and is storing this data in a different locate in one specific location and so therefore it also you could able to watch and monitor who can control an access this information Army information might be available to individual and now it’s in one specific spot so now I can go I have a security capability set up within my company and it’s looking at that one SharePoint site for example and that’s where all my personal data is stored I now can watch what comes and goes out of that data is there information as put out there is there is it available for people to consume on a daily basis but also when people are consuming are they able to take this information and it can I track what’s going where is it going how’s it get in there so he’s a really important aspects of cheese considered as you’re looking at looking at two different to your locations so again in one central location if you can if you can’t put in one central location then consider some some key aspects are so keep points where you would store this information so safe for an Asian you have another one location and the Americas you have another location in Europe you have another location so you have the store in three basically choke points but you can event at least watch a monitor those choke points out for any of our friend a suspicious or unusual activity that’s important that you could be moved to a lesser costing solution so like in some cases where you have data that is unstructured it’s not important you’ve already categorizes information and made said that it’s not important is moving it to a basically a less important or off of a location that’s not as protected will save you money if you take it if you start swelling down the information that I haven’t get multiple locations you now have all this data. Unstructured in a certain location you can then cut back on the cost that would be associated with with managing this also comes into where you may be able to offer us protection which will cost you less money as well so you need to consider that as a way to save you some money also if you have this data classified into this just say hi to low your high intellectual property or high sensitive data is stored in one location and you have Disaster Recovery in backup Solutions in place for that information will now you’re in a situation where you you paying good money for that you have the the back of some place you have monitoring and place you’re paying a premium for that capability but you all did all of it all this unstructured data do you not have that mood off in a different direction and you don’t have the same controls on that as you would your most sensitive information now I say all of this to also put a cautionary note out there in a previous life what we would do considered in many cases to be the unclassified or the the data that is really not useful as the unstructured not classified data and so wound up happening is as we would find out what this data is and we would use key terms based off metadata it within filter all of that and we would Target specifically the Run unprotected data unstructured data we would then suck all of that data out and then start working through it to figure out what was available and what we would come to find is that many people would end up communicating utilizing these various forms you email whatever might be but as they’re doing that they’re actually adding and very highly sensitive information Within These unstructured especially unprotected aspect and then we would start building a picture based on that information that unprotected unclassified information over time that becomes a bit of a challenge where you can then build up same kind of picture that you would rather you that information was protected or not the thing is you’re not going to be able to stop that and people are going to communicate limited substantially by having a good day to classification program and by educating your employees to not communicate via these different mediums and if they do protect the information if they got to talk about anything the sensitive nature again that’s something you’re going to have to trade off from a professional standpoint is that something you can do is it something you can implement but you’re going to have to decide how that’s going to play out Disaster Recovery Solutions as well we kind of talked about with as you’re moving your data from these more critical areas to a less critical area which as a relates to unstructured data or unprotected data unclassified data you now can sit back and not have a disaster recovery type solution with it you may not want to have a backup solution for these this date as potentially depending upon the costs associated if you are a smaller company and the cost of data of data storage is pretty small but if you run on a shoestring budget you may decide that that’s not something you want to pay for so considering that as you’re going on criticality and categorizing your data now asset classification match the DEA classification as much as possible in your class classified that’s okay and you should look at the specifically about where you’re putting your data in and how you’re going to actually clear it put together that you need to have clear marking on these assets so if you have a physical assets adjective computer having a clear marking saying that this is not do not utilize sensitive data on this machine or this dated this machine is not meant for anything that is of a high sensitivity the assets themselves is extremely important also putting labels on the documents so if you have documents that you’re working on their business confidential you have a label you have a header or watermark on these documents and their business confidential the purpose of that is to also give people the right mindset to know that if you’re going to be having this information that you’re going to be utilizing it you need to protect it well how do you best protect it you protect it when the individuals will have better labels on it so they have labels they know that this is confidential then they will in many cases will protect it to the level it needs to be if they’re just working on some Rena documents they don’t know the classification of it in many cases they won’t put the level of protection that it the diet document needs I need to consider that as you’re looking at data classification how do you label the information how do you label them machines that is working on body labeling software are the applications themselves you can put a red banner across the top sometimes I’ve seen where people log into their computers and if it’s system is designed to be managing highly sensitive information they’ll be a red banner or a slide will say highly sensitive information only so those are different aspects you can utilize when you talk about a site classification and marking your assets and labeling you determine the data security controls also and we talked about that briefly earlier but what controls are you going to put in place and are you going to be potentially sharing this data with others if you are what kind of information do they need to have access to do they need to have a level that’s remote capability where they can manage the documents remotely or then you just need to be able to see them where they need to be able to see them cuz I need to see them in a foreign country that me to have challenges with intellectual property that they’re worried about Data Theft those are different aspects to consider always know that any information that is created will get shipped all of the globe it’s just it’s so easy now for that to occur if that’s the case and you don’t want this either to be out to anybody you need to make sure that you put key things in place to manage that until it to watch that situation those types of controls you can put in place specifically encryption we talked about that briefly is that you guys you got encryption if 256 AES encryption could be in place to wrap the data other applications in place that you could utilize that would wrap the data so so like safersys if you’re transferring information from here to Boston you would want to have a secure connection between point a and point B that would be protected you also want to have an application that would potentially wrap the data that you have and put it in a protective coating to basically send it there as well that only certain people that have the right access controls can access information and note that kind of comes into the next point of Access Control this could be through the application it could be through the document itself it could be through a SharePoint site where you’re forcing people to go in and you have access controls on that SharePoint site the other thing is that you have internal processes so you have a thing and place where it’s a date is coming to Fred and Fred has wants to open it before Fred can open that he has to get approval from Gina and then Gina will allow him Fred to open the actual data there could be internal processes around that you could have it where it’s got to have some level of approval where before they the digit even sent there’s an approval around that as well so those are processes that really need to come and play the tools and cells can help you a lot of protection that can be added it’s just the people part of it in the process aspect that you’re going to have to implement physical controls in place. there’s to access other data by physical means those pieces could be in place as well so you need to determine how if you have to have a certain keypad to get into the data or the information and it’s in a locked room how would you do that are all those physical controls and place is that system that is available out in the open available for anybody to use is it in a supervisor’s office and all those people have access to it is it on a remote location that you can just log into around the globe and get access to it but to do that you have to have the username and password and you have to have a multi-factor that forces the the login capability so there’s different types of controls that you can put in these are just a few that you can look at as you’re looking to protect her information now we deal with data classification are some of the references that we we went through just recently recently as a relates to DEA classification the key thing to consider is is that you need to cut with a certain they plan to manager data and you need to start off small do not go complex keep this to a point where you are if you have to just go to low and high or go sensitive and uncensored basically it’s sensitive information or everything else is just business confidential something like that if it’s sensitive information and it’s personal personally identifiable information then you need to look at the hot who has access how do they have access what controls are in place when do the people have to have access to it and so on and so forth those are pieces that you’re going to need to add together for a vacation strategy a fundamental piece of protecting your information if you start small you can do this really can but you need to focus on keeping it simple don’t go over complex start with just a few controls in a few people with access and then work your way from there but again you Foundation is important to start off with what you really want to try to accomplish as it relates to data classification has been a great opportunity for me to put this out there for you I’ll data classification and have a wonderful day also make sure that you check me out of reduce Everest, I got some great stuff for you available out there at reduce cyber risk. Calm and checks out there all night alright have a great day will talk to you later for joining me today on my podcast if you like what you heard please leave a review on iTunes I would greatly appreciate any and all feedback also check out my videos that are on YouTube just search for Sean and shoa Gerber and you’ll find out