15. A Warning if you Handle, Process, or Store Credit Cards

Use this simple checklist to make sure you’re compliant

If you handle, process or store credit cards in any manner, you are required to comply with PCI DSS, or Payment Card Industry Data Security Standards. This is a set of LEGAL requirements you must abide by to maintain a secure environment. If you violate them, you will incur serious fines and fees.

Are you subject to them if you take credit card payments over the phone? Absolutely! If you have clients that pay you direct by credit card, you’re subject to these laws. However, there are various levels of security standards – but thinking you don’t process enough to matter or that “no one would want to hack us” is dangerous. All it takes is an employee writing down a credit card number in an e-mail or on a piece of paper to violate a law; and then you’ll be left with legal fees, fines and the reputational damage incurred when you have to contact your clients to let them know you weren’t properly storing or handling their credit cards.

Getting compliant – or finding out if you ARE compliant – isn’t a simple matter I can outline in a 1-2-3-step checklist. It requires an assessment of your specific environment and how you handle credit card information.

A great resource is the PCI Security Standards Council, or www.pcisecuritystandards.org. If you want assistance in figuring out if you’re compliant, call us for a free assessment.

Have questions about cybersecurity or the technology at your company? I’m here to help. Access my calendar here to book a quick, 10-minute call with me.

Show Notes:

[00:00:30] Hey, everybody, I am Justin Shelly, CEO of Master Computing,
[00:00:34] And I'm Joe Melot, CIO of Master Computing.
[00:00:37] Welcome to Episode 15 of Stupid or Irresponsible. Joe, most important thing to happen to you this week?
[00:00:48] That's a good question. I probably should have prepared.
[00:00:50] Well, let me talk while you think about that.
 So, listen, it was last week or the week before, maybe both. I talked about getting stood up for a podcasting interview because I've had people start reaching out to me and want me to be on their podcast and stuff like that, which just makes me feel special. And they stood me up. Well, then they came back and they apologized profusely and set the whole thing up again.
[00:01:19] I rearranged my entire schedule so that I can be here and do their 15-minute prescreening, meeting, Web meeting or whatever.
[00:01:28] But I mean, we've been planning this thing talking about it sounds like now also last year they had a really dialed in process. And I mean, I'm at the doctor with my kid shuffling that shit then I get here for this interview. And within 30 seconds they're like, oh, well, we're not interested because the we had the wrong number of employees. And I just thought, are you kidding me right now that with all of the process you had in place, you couldn't have asked me this key question from day one and saved me about four weeks of fretting and hours and hours of prepping and whatever. So, I was I was pretty upset. But I'll tell you what, it it made me realize the importance of process and made me look at my own process as I bring guests and to, you know, some of our other podcasts. We've got DFW rock stars. I'll plug that real quick as we're trying to get more. I mean, that was one that struggled. We haven't had a lot of guests. So, building that back up, getting the process dialed in. But that was the most interesting thing to happen to me, is just yet again getting stiffed by this company that I am not happy about it. So, I hope that gave you enough time, Joe. You still got to come up with something on your end.
[00:02:39] Oh, yeah.
[00:02:40] I guess just this week is kind of playing with the old Christmas ideas of, you know, a lot of our clients are out of the office during this time of the year. So, getting everything set up there, you know, we're a little short staffed here at the office. Even so, just making sure everything's covered. Everybody's got all our rules, make sure all security for all our clients are working and, you know, make sure we're on the pulse. Everyone has time to play catch up, right. I wouldn't call it catch up so much. It's really, you know, move our oranges from one basket to the other, make sure everything's taken care of. Yeah. No rest for the weary.
[00:03:15] Yeah. And I know you already talked about it, but you've got the new house you're getting in. You're settled. You've unpacked all your boxes.
[00:03:20] Oh, yeah. They're all total impact that usually. I think I told you that usually takes me about a year. Well, that's good because we're on pace for about a decade, so.
[00:03:28] Yeah, but it's got to be cool, man. Oh yeah. And the new plants really love it. All right. Excellent. All right.
[00:03:34] Well, let's jump in, Joe.
[00:03:37] You know, we kind of gotten into the habit of reminding people why we call this podcast's Stupid or Irresponsible comes from the marketing campaign. We've already talked about that. But I mean, the gist of it is we ultimately as business owners, executives, managers, we are responsible for the security of our organization. And it's a responsibility that should be taken seriously. And sometimes it's not.
[00:04:03] And, you know, we went on the traveling the speaking circuit for about a year. We're giving away free stuff where we're just begging and pleading people to take this seriously and not getting a great response from it, you know, because unfortunately, if somebody has not had a cybersecurity incident, it's really hard to get them to take it seriously. And so, you know, I went from this kind of coddling, you know, we're all victims here of crime. And it is stupid because we are one of the few places where the government prosecutes the victims. You know that that was kind of my whole pitch before. Like, this is it. If you get broken into in your home, nobody comes in calling you stupid. But if your business gets hit at, you kind of get close to it. You know, I've changed my tune a little bit and there is a level of stupidity to just not paying attention and taking this seriously. So, you know, there we go. The reminder of why we call it that. I don't really think people are stupid, but I do think people get distracted.
[00:05:00] You know, I'll go out on a limb. I guarantee there's a lot of stupid. Well, listen, yeah, you're right. You're right. There absolutely are.
[00:05:11] Maybe we all just have our areas where we're stupid, you know, as I'm kind of trying to defend business owners who have so many things on their plate, you know, and it's easy for me to just jump on here and say they're stupid and they're going to be mad at me and run away and cry or whatever. I don't know. But, you know, there's just there's a lot going on, especially covid like. The world burning down, we've got so many problems, man, we can’t ignore this one. No, no. Yeah, absolutely not. I mean, people get hit. They we'll talk about it. I've got one. You go out of business like it's not recoverable. This isn't you don't get a do over. It's not a video game where you can reset. You know, it's like this is it. If we don't take this seriously, if you get hit hard enough, you're out of business. So there it is.
[00:05:52] Security tip this week, Joe, we're going to talk about, you know, some of these things are just so exciting. I could hardly stand it. I can't wait to get to it today. We're talking about credit card processing, right?
[00:06:05] Yeah. You want to use that? Yeah. All right. Tell us all about PCI compliance. You know, and you kind of dog it.
[00:06:11] Compliance is really kind of I mean, it's interesting, especially considering the security aspect of it. A lot of people don't think they're liable or, you know, the PCI has nothing to do with you. If you ever heard that, never even heard of it. A lot of people, any business, any company, any individual that has any kind of credit card interaction. If you if you run an Etsy shop and you take credit cards or if you know, you have a taco stand and you take a credit card on your phone, you just swipe that thing. You were required by law to do a PCI compliance report just to run those credit cards.
[00:06:46] Now, who enforces this? It's the US government. It's the PC idiocies, the standards. I mean, it's bounced around a couple different federal entities, but.
[00:06:57] Yeah, so, I mean, like, nobody's ever called me up and said, hey, Justin, is master computing PCI compliant.
[00:07:02] Right. And typically, they're not going to do that. The big guys, they might come after the big guys for that kind of thing. OK, normally speaking, they're not going to find you, which is kind of the thing here. PCI, if you're following their standards, you're all good, but they'll find you if you're not. And typically, they're not going to come after you. They're not going to come in and find you, especially the smaller guys, unless there's a breach, unless you've been hacked or something like that, unless, you know, you took some credit cards and somebody hacked into your phone, let's say, and stolen credit cards or maybe throw away some receipts that have credit card information on them. OK, so let's say those get breached and then now that person reported fraud on their credit card. You know, normally is a regular user trigger. It happens all the time. Well, now they must do an investigation. So, they'll go into the processing and say, OK, well, where did the credit card go? Oh, you know, you swipe your card in your van as you sold them the taco. Are you PCI compliant? But I don't know. Hmm. Well, let's check your you know, let's check your out your last PCI scan. Well, I've never done a PCI scan band. Five thousand dollars. Fine. Yeah. OK, so that's I mean, that's generally how it goes. And I mean we've dealt with, you know, a few people that haven't. It's more likely you're not going to get hit if nothing happens. But again, let's go back to the it's never going to happen to me until it does. And then.
[00:08:20] Oh yeah. I mean, and that that's the reason, the recurring theme with like what we talk about week after week here.
[00:08:27] Yeah. It's the head in the sand.
[00:08:31] There nothing bad ever happens to me.
[00:08:33] Exactly. Or you know, there's too many other bad things happening to me. I don't have time, capacity, energy or whatever to where it's fun to. Yeah. You know those are all valid excuses honestly until you're screwed.
[00:08:46] Yeah exactly. Until now. Yeah. It's the last straw on the camel's back basically.
[00:08:51] So I know that we can't sit here and like dissect a PCI compliance audit or whatever it is called, an audit. Yeah, they do OK. Or a security. It's like an assessment. What do we do? Audit.
[00:09:02] We do audits and assessments and vulnerability scans.
[00:09:05] Ok, so like that's a lot and we're not me. Yeah. Let me just break it just. Yeah. Yeah. Like, like OK.
[00:09:13] A few highlights.
[00:09:15] Well let me let me just kind of go over our tip here and then we'll kind of go into the highlighted stuff so. OK, so if you handle process or store credit cards meaning anything whatsoever to do with credit card information or check information, I mean down to you run a gas station like we're talking about a Taco Stand. If you take a credit card or deal with credit cards, you were required to comply with the PCIDSS.
[00:09:36] So PCI what does it stand for? It's payment card industry data security standards, it's this set of legal requirements you must abide to maintain a secure environment. It's basically, you know, what's your network like? Is it secure? You know where you are. You, you know, change your passwords, you use encryption, that kind of thing. If you violate them, you will incur serious fines, penalties. In fact, I just saw I guess it was a couple of weeks ago, Ticketmaster, if you're familiar with Ticketmaster because of them, they run the show on basically every sports venue, concert, all that stuff. That's not happening anymore. Yeah, well, they got hit with a I want to say it's like a two million dollar fine and it's exactly what we're talking about earlier. So somebody hacked into their system by no fault of their own. Somebody broke into their house.
[00:10:25] Right.
[00:10:25] And they stole a bunch of you know, and it wasn't it. Credit card information is just like the people that paid for tickets and got their physical addresses. That was a database that they found, and they started selling it on the dark web. Well, the government went in. They found that had been breached. Ticketmaster followed all the protocol. They said, OK, well, you know, as soon as that happened, I filed this report. You know, I've been working with the FBI. They've been in our system, everything like that. Yet you were totally compliant only because you got breached. We're going to say that you didn't have security in place because you didn't have two factor authentications on for these particular admins. And because of that, we're going to fine two million dollars.
[00:11:08] So had they done; you're telling me they did not they were not PCI compliant?
[00:11:13] That's absolutely correct.
[00:11:14] OK, so this never would have happened except they got breached.
[00:11:18] So now they got breached and they're dealing with now. Now the guy comes, you they start sniffing around and they're like, all right, well, yeah, you've done a lot of things right. But you were not compliant in this one area.
[00:11:30] Yeah, exactly. And therefore, we're issuing a fine.
[00:11:32] Yeah. And so, this PCI compliance, what it is, I mean, it's like a questionnaire. It's a questionnaire mixed with an actual physical scan of the network. So, like a pin test.
[00:11:44] Yeah.
[00:11:44] So the first part is your manager or your I.T. team will go in and go through your whole system. Do you have a firewall? Is everything backed up? Is your credit card system accessible to the outside the Internet? If it is, how, what are the security protocols here? Because we require this, this and this. You know, do you have two factor authentication turned on? Just it's almost basic security. It's almost forcing you to do what you're supposed to do anyway. It's just making sure you got the check boxes.
[00:12:13] I mean, isn't that fair to say that most compliance, most regulations have to do with compliance are similar? You've got HIPAA, you've got PCI, you've got CMMC, you've got NIST. I mean, all these different regulatory requirements, they're not they're not identical, but I mean, they're pretty much the same thing. A lot of it.
[00:12:34] Yeah. I mean, and really, the higher you go in this NIST is the like the pretty much the overall here is how to secure a network properly according to the government.
[00:12:43] Right.
[00:12:43] And then there are different tiers. So sure, if you're a small business, here's your PCI compliance for one to ten people years, your PCI compliance for ten to five CMMC. Oh, do you work with the Department of Defense? Well, we got to step up your game a little bit. Oh, and do you sell directly to the government? OK, we got to step that up some more. So, it's basically just different layers of, you know, how big is your business, how security need to be. But basically, yeah, you're exactly right. Even the most high-end security most is just how, how do you lock your house up? How do you do it right here? Here are the steps to do it. You know, here are things to check here, the policies to have, and then it's just a cascading down of how secure are you?
[00:13:25] Well, OK, so you set it right. You set it twice. It’s basically if we're going to use the analogy, how do you secure your house? The government might come out and say, hey, here's some good ideas for what kind of lock to put on your front door, what to do to make sure nobody breaks your window and comes through what kind of cameras you should have, how to connect it back into the police for automatic reporting like all these guidelines. And this is where it does it just it galls me. This just aggravates the hell out of me because. If you don't do something exactly right and somebody busts through and breaks into your house and tears the place up and steals stuff and injures your family or whatever, that's bad enough.
[00:14:10] Yeah, this is the government now coming in after the fact and saying, well, you know, if a little bit this this camera you had here, it's a little bit grainy. So, because of that, we're now sorry about your family, sorry about all your belongings, sorry about the damage done to your house. By the way, you owe us thousands or hundreds of thousands of millions of dollars. 
[00:14:28] On top of everything that they stole and lost and everything.
[00:14:31] I mean, it's insult to injury. On one hand, it aggravates me. It angers me. It's not fair, but life's not fair, you know. I mean, so anyways, I don't know if I cut you off where you were, you still go in or you rap on that part.
[00:14:48] I didn't want to kind of just generally go through the rest of this tip here, OK. So are you supposed to take credit card payments over the phone? If you are if you have clients that pay you directly by credit card? So, let's say you're an accountant, maybe even and you take their credit cards. Well, accountant you’re always going to be PCI. But let's say you do business for anybody and they want to pay you to do something. Let's say they want to pay you to grab something on Amazon for them. If you take that credit card information over the phone, you're now required by law to have a PCI compliance, which includes, again, the questionnaire, and then you do the PIN test afterwards.
[00:15:28] What would you say the percentage is of people who are required to be PCI compliant and who go through the proper procedures?
[00:15:36] People I don't know business.
[00:15:37] But just in your experience, if you were to take a guess at the number of people that you interact with professionally who are required to and who make the effort and are. I mean, excluding our clients, we make sure that this happens for them. But, you know, we go out and we meet with potential clients. We make that contract work that we do for other companies. So, you know, our client base, I know we have them covered. Right. But if we were to exclude them and just look at what we see in the rest of the world, take a wild guess.
[00:16:09] I'll say probably about twenty five percent. But a bigger offender here is people that, let's say a business must have a credit card system in their in their building. So, they'll say the merchant the actual credit card processors will say, OK, you want to have American Express, well you have to do a PCI compliance, OK? And they say, OK, great. And then they get a questionnaire that's got five hundred questions on like, well, forget that. And they just. Mark. Yes, yes, yes, yes, yes, yes, yes, yes, yes, yes.
[00:16:36] Oh really. So, they're fraudulent.
[00:16:39] Exactly. Oh, just so they can say OK. Yeah. Now we can have American Express. Let's do it. I see that way. More like.
[00:16:45] Really.
[00:16:46] Yeah. Do you do use Two-Factor authentication. Sure. Absolutely. Well now we've got to do the pin test. Well, let me give you this IP address. It's not really ours maybe doesn't even exist, or maybe it's in your block and it's not where credit cards are. Give them that IP address, they run the scan. Everything looks good because there's not actually anything there. So those vulnerabilities aren't there to worm in. Now they pass it. I see that then. That's probably in the fifties. Seventy five percent range.
[00:17:14] Really.
[00:17:14] Absolutely.
[00:17:15] Wow. Yeah, that's terrifying. Yeah. Because I mean. Oh, those people. I'm sorry.
[00:17:21] They deserve it. Well absolutely. Those are the ones that they get breached when we get called. It's because they've already been breached now. They've already been fined by PCI and then we've got to go in and clean up the mix, make it make it PCI compliance and then maybe offer some kind of maybe we can get a discount on this fine, because we really can't afford it. We just lost all this other money because we got breached, that kind of thing.
[00:17:43] All right. So, we're going to break down the stupid versus irresponsible here. I think it's irresponsible to not take this seriously, but if you're fraudulent reports, that's just plain stupid.
[00:17:52] Yeah. And it's scary how often that is the case. Absolutely. They deserve every fine they get. OK. All right. What else you got?
[00:18:10] There are various levels of security standards even for PCI, but think you don't process enough to matter, like maybe you sell stuff on Etsy or maybe you're just a taco stand. Maybe you don't. It doesn't matter to you. Of course, it does. All it takes is one person writing something down a piece of paper in the trash, and now you're busted, and you've got all these legal fines and fees. And like I said, normal fees. What I've seen online is somewhere between five and ten thousand dollars just for small business. We're talking those are the Etsy in the taco shops. But like I said, two million bucks for Ticketmaster and that wasn't even getting the credit card information. Yeah, that was that was I mean, you can find everyone's physical address and name out there on the Internet for free. So, let's pretend they got some Social Security numbers right now. We're talking some real money. So, get compliant, find out if you are compliant, you know, if you're faking that kind of stuff or if you're just signing. Yes, and yes, I accept those terms of service, just like you do with every other thing in life. This is a lot more important. It is a lot more dangerous. Yeah, great resource for that. PCI Security Standards Council, PCI security standards.gov, that's the official site for it. Then contact the local IT company, you know, check your sources, check your policies. If you don't have policies, get that done immediately because they're coming after us now about policies. Yeah, everything it used to be, you know, loosely based. If everything's set up. Right, OK, it's fine. But it seems to me now just about everything from Microsoft. I mean, you name it Cisco to PCI, HIPAA compliancy, they require policies on this. You must have it in writing. Who's in charge of this? Who's in charge of that? And if you don't have it, they'll come to find you.
[00:20:05] Yeah. What can you do on company equipment? What can you not do? Can you get on Facebook, can you not get on Facebook? Like this is the kind of thing that must be written down.
[00:20:13] Yeah.
[00:20:14] You know, whereas Two-Factor authentication required whereas it's not required. Data backup plan. Data recovery plan. If you do have a data erasing disaster and I'm just talking like a hard drive, what's the procedure to get it back. How do you do it?
[00:20:30] It's one thing to have that in your head and be like, OK, well, we could probably figure this out. Well, that's enough to get you fined. It's got to be written down if you say you've got it. Which most people that have credit cards that you just said, yeah, we've PCI compliant and they don't have that policy. They're coming after you.
[00:20:47] And so here again, like this is what I was on the speaking circuit last year about mean we're almost coming up on two years ago now. This year been mostly Coke plus. I mean, we give this stuff away. The documents we have spent hours and hours and hours building, revising, you know, making sure that the policies and the procedures, the basic ones that are necessary for this kind of stuff are correct. Yeah. Now every business is different, and you should probably take our templates and go through them and have them reviewed by an attorney or, you know, make sure that they really are what you need. But we've got these starter templates. Yeah. If you're lost and you just don't know where to start. Yeah. The perfect first. So yeah. I mean, yeah, we charge for a lot of our services but we, we do have some cool stuff that we just give away at least at least to get you started.
[00:21:35] So quick plug to the discovery call mastercomputing.com/discovery. Just spend a few minutes on the phone with me and we can a minimum. I'll give you these documents. I'll email them to, you know, no strings attached, but otherwise we'll go through and kind of, you know, check some other stuff.
[00:21:51] Anyways, Joe, I think all that fun stuff. I do want to give a teaser for next week. Well, so I we’ve skipped a couple of things here. I'm out of I'm out of sorts. We've got an update. We're supposed to have our stupid update.
[00:22:06] So I give it up. They skip. So. Oh, man, you had some notes here. What do we get on the update?
[00:22:11] Oh, it's a good idea. I don't have anything. What do you get? Yeah, you said something that's right here on the notes about spam. Oh yeah. Or is that an old one?
[00:22:20] Last week we were talking about spam. Well, let's continue. Just like just spread like wildfire. Spam again, of course, is, you know, the spam emails. You're getting a fake email from somebody. They're pretending to be a Microsoft, you know, log in here because I just shared your file. Here's your invoice. Click here to access it and it takes you to an Office 365 login.
[00:22:39] Yeah. And so, we did we did talk about that last recording. Yeah. So, yeah. I mean, what have you seen this happen since our last recording?
[00:22:49] FINRA so FINRA is the securities regulator. So, the stock market down all the stock markets, the regulatory body that regulates all publicly active exchange markets and securities, FINRA, they're now getting spoofed like crazy. So, they're sending you know, people are getting these emails saying, hey, you know. Let's say you have a TD America, you know, you've got your 401K, they'll send you an email, say, hey, you know, sign here or, you know, end of the year. Here's your new dividend. Just click here to log in. You put in your phone or log in authentication. And now, you know, there go your stocks. Some hackers got your login information and, you know, link to all of your accounts, you know, and usually those typically have just about everything about you, because that's what kind of required by law, especially like 401k stuff. They've got all your financial information going back if history. They've got your Social Security, they've got your birthday, they've got your parents’ names, they've got your maiden name, they've got it. And access to you know, your retirement. And, you know, a lot of people like my parents, like, you know, they set up retirement. They're still working. And they're not checking that thing daily and not checking that on a yearly basis. So, they could drain you five years ago, and you don't even know it. Yuck. Yes. That's going on right now. That's quick. Stupid update.
[00:24:15] Ouch. All right. The other thing we also need to talk about our stupid headlines. So, we've got some we've got some stuff going on out there. And, you know, you'll hear me say from time to time that people aren't coming back from these bridges. All right. So, one that came up on a I've got this kind of chat group with other IT business owners and somebody else popped it up on the chat this week. The company Inbox Solutions.com.
[00:24:46] Are you familiar with this company at all? Joe. 
[00:24:48] What Company? 
[00:24:49] Inbox Solutions.com, the e-mail. They've got something to do with email. Sure. Maybe it's just emails hosting. I don't know. And what's interesting is I went to their website and when I printed off what I thought, what I read on their site, it came off completely different. So, I'm trying to find what better ways you go to their site inbox solutions dot com and it's just a disclaimer. Notice that says, hey, we're gone, we're toast. Oh, complete with dates, times, November. 2020. Like this is recent. So, it says that at 1:18 central time, 11/22/2020 we suffered a massive malicious cyber-attack. Currently all services are down with no ETA on restoration of services.
[00:25:37] Frankly, we recommend you sign up for Microsoft 365 immediately, begin transferring your Amex records to them to restore mail flow, contact a local IT support provider here, instructions to back up your file.
[00:25:52] I mean, like they're done. They're out of business. And not only that, but if you had your email with them, they think they might be.
[00:26:01] Here's here was an update later that same day. "We have a glimmer of good news. We believe you can we can export everyone's mailbox from our off-site backups to files. This, however, will take at least three weeks to export all data and begin to provide it to you for your downloads."
[00:26:22] So they're not like they got they got crypto locked. They had backups off site. That's what it sounds like.
[00:26:27] But yeah, but their Web servers, but they don't even know if they're going to be able to get it. I think they think they might be able to, but it's 3 weeks out before.
[00:26:34] That's optimistic, too, I would imagine.
[00:26:36] Yeah. Because if they could do it, they would have just done it.
[00:26:38] I'll tell you what, I've exported like most recently, 22 mailboxes that go back about 5 years. That took about a month. It's ridiculous. It takes a long time.
[00:26:51] So, I mean, you know, I'm bringing this up first, number one, I want to point out that I ache for these guys like this is an absolute nightmare. You've got people's jobs toast. You've got people's data. It's toast. You know, businesses who relied on them for their email. Now, what are they losing in revenue because they're not able to do business like this is? It's tragic.
[00:27:15] And the last thing in the world I want to do is make light of it. I don't want to capitalize on other people's pain. I want to fucking prevent it. All right. Like, that is what we're here for. And this is where I get passionate because, you know, when I'm week after week, we spend thousands and thousands of dollars evangelizing this message, giving away resources, you know, making the plea to jump on this 10-minute discovery call like this stuff's preventable. It's preventable.
[00:27:44] Life altering. Life changing.
[00:27:45] Yeah, yeah.
[00:27:47] Just do something about it. Do it.
[00:27:48] But, you know, we're too busy. We're too is always something else, whatever. So, you know, I'm fired up. I'm saying it again, you know, a 10-minute call. Just get on there for ten minutes. I'm not a high-pressure salesperson. And I mean, I'm coming across like people don't take me up on the offer. They do.
[00:28:08] We're constantly giving away these resources, helping businesses with compliance with all this stuff. So, the message does work. It is getting out there. But I'm just passionate about it, because when you don't when you don't take this action.
[00:28:24] Life altering, life ending as far as your business goes, as far as your livelihood goes, it truly is tragic.
[00:28:31] So, yeah, I think you started to go with a teaser, Joe. Yeah. So, we're talking about getting hacked.
[00:28:38] You've been hacked. What's the first thing you can do. What are you supposed to do then?
[00:28:44] That's a good question. What do you do?
[00:28:46] You've been hacked. You've been breached. What you just got crypto. Look, now what. Now what?
[00:28:51] So that's what we're going to talk about next week. Stay tuned for that one.
[00:28:53] And I mean, is there a spoiler alert that's just like RIP, you know?
[00:28:59] I mean I mean, I just got done saying, well, once you get hacked, you can't come back from a network. Teasing. “When you get hacked, what do you do next?” Well, you got your resumé. So, we'll have resume tips next week. Two. Yeah, but we'll break it down. We'll talk about it.
[00:29:19] So tune in for that one. 
[00:29:26] All right. Well, if I haven't said enough, I'm going to say it again. You know, we talk constantly about stupid. What's not stupid, what's irresponsible, all those things. It's taken the head in the sand approach. It's not taking this seriously. It's not jumping on a quick ten-minute call with me. But that's a smart thing to do, was to jump on that call, get a second opinion, a third opinion. Do not rely on what you think is it's free. Just talk. Yeah. Just figure out where you're at.
[00:29:52] Right. Just a quick report card. We're going to ask a few questions. You'll get a score. You know, a basic score of where you are today will present an action plan. You can take that and run with it. Go implement it yourself if you want to hire your other company to do it if you want. I don't care. But take that information, get somebody else's eyes on your security. Don't mess around with this stuff.
[00:30:17] See you next week everybody. Go to MasterComputing.com/discovery. Get on there. Talk. No strings attached.