UnHacked - Cybersecurity Made Simple for Small Businesses

Hosts:Justin Shelley — Phoenix IT Advisors | https://www.phoenixitadvisors.com/Mario Zaki — Mazteck IT | https://www.mazteck.com/Bryan Lachapelle — B4 Networks | https://www.b4networks.ca/What does it take to lose $50,000 in a single email? Not much. A spoofed address. A busy CFO. A wire transfer that clears before anyone realizes what happened.In Episode 80 of UnHacked, Justin Shelley, Mario Zaki, and Bryan Lachapelle dig deep into one of the most financially devastating threats facing businesses today: Business Email Compromise (BEC). This is Episode 6 of their ongoing 12-part series on Security Basics, and this one hits close to home for every business owner who relies on email to run their company — which is all of them.The guys break down exactly how BEC attacks work in two primary forms: lookalike domains designed to trick you letter by letter, and fully compromised email inboxes where a hacker is literally sitting inside your vendor's or employee's account, reading everything and waiting for the right moment to strike. Using AI, attackers can now download entire mailboxes, study communication patterns, and pick up mid-conversation with chilling accuracy.But the scariest part of this episode isn't the technology — it's the human element. From new employees targeted on LinkedIn within days of posting about their new job, to companies that actively silenced their own IT teams who flagged security gaps (and paid dearly for it), the hosts make a compelling case that people — not software — are both the biggest vulnerability and the most powerful defense a company has.You'll learn:The two types of Business Email Compromise and why one is nearly impossible to stop with technology aloneThe one phone call that could have saved a $50,000 wire transfer — and why most companies don't make itWhy punishing employees who report mistakes is one of the most dangerous things a company can doHow attackers use LinkedIn to target new hires and exploit their eagerness to impress leadershipWhat "zero trust" really means in the context of email — and how to build it into your team's daily behaviorHow to report lookalike domains and get them taken downWhy a culture of security awareness is more valuable than any software tool you can buyThis episode is a wake-up call. Email is not safe by default. Your vendors can be compromised. Your new hires are being targeted. And if you don't have written policies and a culture that rewards vigilance, no firewall in the world will save you.

Hosts: Justin Shelley - https://www.phoenixitadvisors.com/ Mario Zaki - https://www.mazteck.com/ Bryan Lachapelle - https://www.b4networks.ca/Think your business is protected because you're paying for IT services? Think again. In this eye-opening episode, three cybersecurity experts share real horror stories of backup failures that cost businesses everything – from tape backups that never worked to QuickBooks files that vanished when needed most.You'll discover why modern backups are more complex than ever (hint: your data isn't just on one server anymore), what immutable storage means for your protection, and the critical difference between having backups and having backups that actually work when disaster strikes.The hosts walk you through a practical framework for auditing your current backup strategy, testing it properly, and creating manual processes to keep your business running during recovery. Plus, learn why some businesses can survive ransomware attacks while others are devastated – and which category you're currently in.Whether you're relying on "my IT guy handles that" or managing backups yourself, this episode will either confirm you're truly protected or expose dangerous gaps before they cost you your business.

Hosts: Justin Shelley - https://www.phoenixitadvisors.com/ Mario Zaki - https://www.mazteck.com/ Bryan Lachapelle - https://www.b4networks.ca/What happens when your laptop gets stolen and you forgot to lock it? In this episode of UnHacked, our hosts dive deep into endpoint security - the real perimeter of your business in today's digital world.Justin, Bryan, and Mario explore real-world examples of how endpoints (computers, phones, VPNs, smart devices) are compromised and share practical CEO-level guidance on protecting these critical access points. From VPN vulnerabilities to improperly configured guest networks, learn why 97% of breaches could be prevented with basic security measures.Key topics include: the four essential endpoint protection checks every CEO should perform, why "it's in the cloud" doesn't mean you're protected, the importance of detection systems alongside prevention, and how to hold your IT team accountable.Whether you're paying for managed IT services or handling security in-house, this episode provides actionable steps to verify your endpoints are truly protected. Don't wait until your business is the next cautionary tale.

Hosts:Justin Shelley - https://www.phoenixitadvisors.com/ Mario Zaki - https://www.mazteck.com/You can't secure what you can't see. In this critical episode of our baseline security series, Justin and Mario expose the dangerous reality of "shadow IT" - the hidden software, devices, and vulnerabilities lurking in your business that could be costing you everything.From TeamViewer installations left wide open to former vendors still having backdoor access years later, discover why even the most well-intentioned businesses are sitting ducks for ransomware attacks. Learn the shocking truth about unprotected home computers accessing corporate data, outdated backup software creating attack surfaces, and why "we moved to the cloud" doesn't mean you're safe.This episode delivers actionable steps every CEO needs to take THIS WEEK to identify their digital assets and close dangerous security gaps. Don't wait until you're the next headline - your business depends on knowing what you're protecting.

Hosts:Justin Shelley - https://www.phoenixitadvisors.com/Mario Zaki - https://www.mazteck.com/Bryan Lachapelle - https://www.b4networks.ca/Episode 76 kicks off a comprehensive multi-part series on baseline cybersecurity with a deep dive into identity and access control. The hosts reveal why courts can now pull your ChatGPT conversations in legal proceedings, and break down the critical difference between passwords and passphrases. Learn why shared accounts are a business owner's worst nightmare, discover the three essential Microsoft 365 security settings most companies miss, and understand why your ego might be your biggest security vulnerability. From conditional access policies to employee onboarding checklists, this episode provides non-technical business owners with actionable steps to protect their greatest asset - their business. The conversation includes real-world horror stories of access control failures and practical solutions for companies of all sizes.

Hosts:Justin Shelley - https://www.phoenixitadvisors.com/Mario Zaki - https://www.mazteck.com/In this episode, Justin and Mario dive deep into why "I didn't know" isn't a legal defense when your business gets hit with a cyber attack. Using a realistic scenario of a 60-employee manufacturing company facing $180,000 in losses from ransomware, they explore how delayed IT decisions can devastate businesses overnight.The hosts kick off a comprehensive mini-series on cybersecurity governance, frameworks, and compliance, breaking down complex topics for non-technical business owners. Mario shares real-world stories from his MSP practice, including the shocking reality of passwords taped to monitors and the doctor who simply didn't care about security.Key topics covered: the true cost of cyber attacks, cybersecurity frameworks (CIS, NIST), multi-factor authentication beyond just Office 365, risk assessment strategies, and why business owners must take ownership of their cybersecurity decisions.Whether your industry is regulated or not, this episode provides the foundation every business owner needs to make intelligent security decisions and protect their greatest asset: their business.

Hosts:Justin Shelley - https://www.phoenixitadvisors.com/Mario Zaki - https://www.mazteck.com/Bryan Lachapelle - https://www.b4networks.ca/After a two-month hiatus, the UnHacked team returns with hard-earned lessons from 2025 and critical predictions for 2026. When their scheduled guest no-shows, Justin, Mario, and Bryan deliver an unfiltered discussion about the dangerous complacency creeping into business security.Mario reveals how AI is making business owners go "on autopilot" with potentially devastating consequences, while Bryan predicts the mainstream adoption of passkeys will revolutionize login security. Justin warns about the hidden security risks as AI democratizes coding and development.Key takeaways include the power of consistency over perfection, why AI can't spell "strawberry" correctly but businesses still trust it with critical decisions, and practical steps to avoid becoming the low-hanging fruit for cybercriminals in 2026.Perfect for business owners who want to stay ahead of emerging threats while learning from real-world security experiences.

Hosts:Justin Shelley - https://www.phoenixitadvisors.com/Mario Zaki - https://www.mazteck.com/Bryan Lachapelle - https://www.b4networks.ca/Guest: Faiz Gouri -https://www.linkedin.com/in/faizgouri/ https://modelcontextprotocol.io/  Microsoft Senior Software EngineerBusiness owners, your data just became incredibly powerful—and potentially dangerous. Microsoft engineer Faiz Gouri reveals the Model Context Protocol (MCP), the breakthrough technology that lets AI read and analyze your entire business database in plain English.Imagine asking your computer: "How many customers did we lose last month and why?" or "Which products are trending down and what should we do?" This isn't science fiction—it's happening now.But here's the catch: While MCP can revolutionize how you access business intelligence, it also creates new security vulnerabilities that could expose everything. Faiz breaks down the real risks, the massive opportunities, and what every business owner needs to know before their competitors get there first.Key topics: AI data integration, business intelligence automation, cybersecurity implications, and practical implementation strategies.

Hosts:Justin Shelley - https://www.phoenixitadvisors.com/ Mario Zaki - https://www.mazteck.com/ Bryan Lachapelle - https://www.b4networks.ca/Guest: Craig Taylor - http://cyberhoot.com/Your cybersecurity awareness training might be sabotaging your business. Recent studies show traditional "gotcha" phishing tests actually increase clicks and create disengaged, apathetic employees. Craig Taylor, CISSP-certified cybersecurity expert with 30 years of experience and co-founder of CyberHoot, reveals why punishment-based security training fails and how positive reinforcement and gamification can transform your first line of defense. Discover why rewarding good behavior works better than shaming mistakes, learn about the psychology behind effective training, and find out how AI is changing the threat landscape. Plus, get actionable steps to build a security-aware culture that actually protects your business.

Hosts: Justin Shelley - https://www.phoenixitadvisors.com/ Mario Zaki - https://www.mazteck.com/ Bryan Lachapelle - https://www.b4networks.ca/Guest: Milan Rogers - Complete Healthcare Business Consulting -https://chcbconsulting.com/Healthcare practices face the highest cybersecurity costs of any industry - averaging $10.93 million per breach. In this critical episode, healthcare consultant Milan Rogers reveals why medical records sell for $250-$5,000 each on the dark web and shares the devastating real-world impact of the Change Healthcare breach that affected 190+ million patients. Learn about HIPAA's tiered penalty system ($141 to $2.1 million per violation), the three essential security safeguards every practice needs, and why 97% of breaches are preventable with basic measures. Whether you're a healthcare provider or manage any business with sensitive data, this episode could save your company from a catastrophic "game-ending" cyber attack.

Hosts: Justin Shelley - https://www.phoenixitadvisors.com/ Mario Zaki - https://www.mazteck.com/ Bryan Lachapelle - https://www.b4networks.ca/Guest: Robert Cioffi - https://www.progressivecomputing.com/The IT industry has a dirty secret: anyone can hang a shingle and call themselves a cybersecurity expert. No license required. No proven competency. No oversight. In this eye-opening episode, cybersecurity veteran Robert Cioffi returns for his third appearance to expose how this unregulated wild west is putting businesses at catastrophic risk.Justin shares a real horror story of a company paying $2,000/month for "managed services" while having zero antivirus, no backups, and servers riddled with errors. The hosts break down the three critical areas every business owner must understand: what this means for clients, legitimate service providers, and most importantly - how to protect yourself.You'll learn the warning signs of incompetent IT providers, why choosing based on price is business suicide, and the specific questions to ask that will separate the professionals from the pretenders. This isn't just about technology - it's about protecting your life's work from preventable disasters.

Hosts: Justin Shelley - https://www.phoenixitadvisors.com/ Bryan Lachapelle - https://www.b4networks.ca/A real cybersecurity horror story unfolds as Justin reveals his most shocking discovery ever: a 34-computer business paying $2,000 monthly for IT services while receiving literally nothing in return. Windows 7 machines, zero backups, no antivirus, failing systems, and unlicensed software - all while the business owner believed they were protected.In this Halloween special episode, Justin and Bryan share spine-chilling tales from their IT audits and provide a practical checklist every business owner needs to verify they're actually getting what they pay for from their IT provider. Learn the critical questions to ask, red flags to watch for, and why quarterly business reviews aren't optional.Key takeaways include framework-based cybersecurity approaches, the importance of documented processes, and why "trust but verify" should be every business owner's motto when it comes to IT services.Don't let your business become the next cautionary tale. This episode could save your company from financial devastation.

Hosts: Justin Shelley - https://www.phoenixitadvisors.com/ Mario Zaki - https://www.mazteck.com/Small businesses making under $500K are the #1 target for ADA website compliance lawsuits - and most business owners have never heard of this threat. In this eye-opening episode, Justin and Mario break down the "digital ambulance chasing" epidemic that's forcing small businesses into $5K-$20K settlements for website violations they didn't know existed.You'll discover why having a website makes you a target, what specific violations trigger lawsuits, and the free tools you can use TODAY to protect your business. The hosts also reveal why these cases almost always settle (even when frivolous) and provide a step-by-step action plan to minimize your risk.This isn't about hackers or data breaches - it's about predatory legal tactics targeting the very businesses that can least afford to defend themselves. Don't become the next victim.

Hosts:Justin Shelley - https://www.phoenixitadvisors.com/ Mario Zaki - https://www.mazteck.com/Nevada's state government has been crippled by ransomware for nearly a month with most systems still down - and it's a wake-up call every business owner needs to hear. In this eye-opening episode, Justin and Mario dissect what makes some organizations recover quickly from cyberattacks while others remain paralyzed for weeks.From Marriott's impressive ransomware response to Nevada's ongoing nightmare, discover why being "low hanging fruit" is more dangerous than having a target on your back. Plus: the Windows 10 end-of-life crisis hitting 40% of US computers next month, and why cutting corners on cybersecurity can turn a $500K problem into a $10M lawsuit.Key topics: The difference between targeted attacks and opportunistic breaches, why government entities struggle with cyber recovery, Windows 10 end-of-life vulnerabilities, building a security-first culture, and practical steps every business can take today to avoid becoming the next cautionary tale.

Hosts: Justin Shelley - https://www.phoenixitadvisors.com/ Mario Zaki - https://www.mazteck.com/ Bryan Lachapelle - https://www.b4networks.ca/Guest: Grant McCracken - https://darkhorse.shWhat if the best way to secure your business was to invite hackers to attack it? In this eye-opening episode, ethical hacker Grant McCracken reveals how bug bounty programs are revolutionizing cybersecurity for businesses of all sizes. Grant explains how his company Dark Horse Security makes these powerful security tools accessible and affordable for small businesses - starting at absolutely free for the first 25 vulnerability reports.Discover why traditional penetration testing only scratches the surface, how a major bank found six-figure worth of vulnerabilities overnight when they expanded their scope, and why the bad guys are already looking for your vulnerabilities whether you're testing for them or not. Grant breaks down complex concepts like attack surfaces, vulnerability disclosure programs, and the NIST Cybersecurity Framework in business owner-friendly terms.Key takeaways include identifying if your business needs a bug bounty program, understanding what constitutes an attack surface, and learning how to leverage the crowd-sourced approach to cybersecurity. This episode is essential listening for any business owner serious about proactive security.

Hosts: Justin Shelley - https://www.phoenixitadvisors.com/ Mario Zaki - https://www.mazteck.com/Guest: Robert Cioffi - https://www.patreon.com/CyberRISE and https://cyberrise.org/ In July 2021, Robert Cioffi's MSP business was completely destroyed in 90 minutes. 80 clients, 200 locations, 2,500 endpoints - 100% encrypted by ransomware through a zero-day exploit. But this isn't just another breach story. It's the blueprint for what every business owner needs to know about frameworks, community, and the one resource that could save your company when disaster strikes.Justin and Mario dive deep with Robert about the human side of cyber attacks, why frameworks like CIS Controls became his lifeline, and how he transformed his nightmare into MSP911.org - a nonprofit that provides emergency response for cyber attacks. If you're a business owner wondering "what would we do if this happened to us?" - this episode contains answers you can't afford to ignore.Key topics: Cybersecurity frameworks, incident response, community support, MSP911.org, Cyber Rise nonprofit, prevention vs. response strategies.

Hosts:Justin Shelley - https://unhackmybusiness.com  Bryan Lachapelle - https://www.b4networks.ca/Guest: Jolie Grace Wareham, CEO of Protosec - https://protasec.com/Your vendors could be your biggest cybersecurity weakness. In this eye-opening episode, cybersecurity advisor Jolie Grace Wareham shares a real case where a small business lost a significant five-figure sum when their vendor's email compromise led to fraudulent payment instructions.Learn how threat actors lived undetected in a vendor's email system for months, then sent convincing fake wiring instructions that looked completely legitimate. Discover the red flags that could have prevented this costly attack and why 60% of small businesses that experience cyber incidents are out of business within six months.Key topics: vendor risk management, business email compromise (BEC), payment verification protocols, incident response planning, and why cybersecurity is everyone's responsibility—not just IT's.Essential listening for any business owner who works with vendors, contractors, or third-party service providers.

Hosts: Justin Shelley - https://www.phoenixitadvisors.com/ Bryan Lachapelle - https://www.b4networks.ca/Guest: Jocelyn Houle - https://www.jocelynhoule.com/Small businesses are racing to adopt AI, but most are unknowingly creating massive security vulnerabilities. In this episode, veteran AI expert Jocelyn Houle reveals why "everything is a data problem" and how companies are accidentally exposing customer data, intellectual property, and sensitive information through AI implementations.From the Chevrolet chatbot that offered a $76,000 car for $1 to HR systems leaking employee salaries, we explore real-world AI disasters and what they mean for your business. Jocelyn shares practical strategies for Data Security Posture Management (DSPM), prompt injection prevention, and safe AI adoption that won't put your company at risk.Key topics: AI security risks, data protection, prompt injection attacks, shadow IT, customer data exposure, and actionable steps for implementing AI safely in small businesses.

Hosts: Justin Shelley - https://www.phoenixitadvisors.com/  | Mario Zaki - https://www.mazteck.com/Guest: Jocelyn King, "Queen of Online Safety" - https://www.smarteronlinesafety.com/ In this eye-opening episode, cybersecurity expert Jocelyn King shares her harrowing personal story of being targeted by cybercriminals for years, losing over $500,000, and how it led to her mission of protecting others online.The conversation focuses on a critical but underserved area: protecting our elderly community from cyber scams. With over 40billionstolenfromAmericans60+lastyearalone,andaveragelossesexceeding40billionstolenfromAmericans60+lastyearalone,andaveragelossesexceeding60,000 per victim, this isn't just about protecting grandparents—it's about protecting your family's financial future.Jocelyn shares practical strategies for safeguarding elderly family members, including setting up two-factor authentication alerts to your phone, establishing "stranger danger" protocols for the digital age, and creating emergency response plans. The hosts discuss real cases, including a devastating $300,000 retirement theft, and why traditional banking protections don't apply when victims willingly transfer money to scammers.Key takeaways include actionable steps business owners can take today to protect elderly family members who could become unexpected financial burdens if targeted by sophisticated scammers.