Most businesses don't have a plan for when they get hacked. Not if — when. In Episode 86 of UnHacked, Justin, Mario, and Bryan dig into one of the least glamorous — but most critically important — topics in cybersecurity: policies, procedures, and incident response planning.

Here's the hard truth they unpack: your firewall won't save you if your people don't know what to do. The gap between a breach and a catastrophe is almost always human behavior — and that's exactly what policies and incident response plans are designed to address.

In this episode, you'll learn:

The top 3 policies every business needs right now (including one you've almost certainly overlooked)

• Why most policies fail — and the three elements every good policy must have
• How to build a genuine security culture, not just a signed employee handbook nobody reads
• What an incident response plan actually covers (hint: it's not just an IT problem)
• The single most important document a business owner can create to protect themselves legally and operationally

PLUS — a major announcement: the UnHacked team is launching a free portal to help business owners score their cybersecurity posture, build an action plan, and hold their IT providers accountable.

Want to know how secure your business really is? Get a free cybersecurity risk assessment at phoenixitadvisors.com — mention UnHacked.

What if someone was already living in your business — watching everything, stealing data, using your resources — and you had absolutely no idea?

In Episode 85 of UnHacked, Justin, Bryan, and Mario tackle one of the most overlooked gaps in cybersecurity: logging, monitoring, and detection. Most businesses (and even most IT providers) invest heavily in preventing attacks — but almost no one has a plan for detecting them once they're already in.
And they will get in.
The hosts share real-world stories of attackers living undetected inside business networks for months — creating hidden admin accounts, mining cryptocurrency, exfiltrating data, and worse — all while the business owner had no idea. They break down what a Security Operations Center (SOC) actually does, why "mean time to detection" could be the most important metric you've never heard of, and why this is one cybersecurity layer you absolutely cannot DIY.

Key takeaways:

• Ask your IT provider: "What are we doing for detection and response?" — and be prepared for the answer.
• Once you know you're unprotected, you're legally and ethically obligated to act.
• Monitoring without expert review is just noise — you need the right people watching.

🔒 Think your business is protected? Find out for free at unhackmybusiness.com

Do you know exactly which vendors have access to your business systems, your data, or your network? If the honest answer is "not really" — this episode is for you.

In Episode 84 of UnHacked, Justin Shelley and Mario Zaki tackle one of the most overlooked threats in cybersecurity: vendor risk and third-party access. This is the 10th installment in their deep-dive mini-series on cybersecurity fundamentals, and it may be the most eye-opening yet.

The guys share a real-world story of an MSP who was breached through his own remote management software — encrypting not just his systems, but every single one of his clients' systems — and what his one-word lesson was when it was all over.

You'll learn:

• Why your least secure vendor is your biggest security liability
• How to find remote access software lurking on your network (and what to do with it)
• The simple first step every business owner can take today — no IT degree required
• What questions to ask your MSP to make sure they aren't your weakest link
• How AI can help you sort through thousands of installed applications in minutes

Whether you're in construction, healthcare, finance, or any industry where you rely on vendors and subcontractors, this episode will change how you think about who you're letting in the door.

📌 Resources and episode links: unhackmybusiness.com
🔒 Get your free cybersecurity risk assessment: phoenixitadvisors.com

Justin Shelley — Phoenix IT Advisors | https://www.phoenixitadvisors.com/
Mario Zaki — Mazteck IT | https://www.mazteck.com/
Bryan Lachapelle — B4 Networks | https://www.b4networks.ca/

You moved your business to the cloud to simplify things. But what if that move actually increased your risk — and you didn't even know it?

In Episode 83 of UnHacked, Justin, Mario, and Bryan pull back the curtain on cloud and SaaS security — the ninth installment in their 12-part Cybersecurity Basics series. This episode tackles one of the most dangerous misconceptions in modern business: that "moving to the cloud" means you're secure, saving money, or simplifying your operations. Spoiler — it often does none of those things without the right setup.

In this episode, you'll learn:

• Why the cloud doesn't automatically secure or simplify your business
• The hidden risks of shared links, shadow IT, and expired user accounts
• Why single sign-on (SSO) is a double-edged sword — and how to protect it
• How former employees may still have access to your systems right now
• What admin account separation really means and why your IT person might be doing it wrong
• What a proper, proactive cloud security setup actually looks like

Whether you're already in the cloud or thinking about making the move, this episode will change how you think about who has access to your business — and what happens when you don't know the answer.

🔐 Not sure how secure your cloud setup really is? Get a free cybersecurity risk assessment at PhoenixITAdvisors.com
and mention UnHacked.

Note: Co-hosts Mario Zaki and Bryan Lachapelle are absent this episode — they're representing their firms at a trade show in Dallas.

Did you know there are 130+ new cybersecurity vulnerabilities discovered every single day? That's nearly 50,000 last year alone — and the number is growing exponentially, fueled in part by AI-powered attacks. In this solo episode, Justin Shelley breaks down one of the most overlooked and mismanaged areas of cybersecurity for small and mid-sized businesses: patch and vulnerability management.

Most business owners assume their IT company is handling it. Most of the time, they're wrong.

In this episode, Justin covers:

• What patching actually is — and why it's far more complex than "set it and forget it"
• The CVE list — the publicly available database of known vulnerabilities and why it should terrify you
• Zero-day vulnerabilities — what they are and why they're especially dangerous
• The reactive spiral of death — the real reason your IT company may be dropping the ball (and it's not because they don't care)
• The reboot problem — why something as simple as restarting a computer is one of the biggest obstacles to keeping your business secure
• Legacy systems and blind spots — Windows 10, old software, browsers, firewalls, and all the things that aren't getting patched even when you think they are
• Two specific questions you should be asking your IT company right now — and what to do if they can't answer them

Justin also shares a personal story about a client breach caused by an outdated version of Microsoft Office — one that nearly destroyed that business and ended a client relationship — to illustrate just how real and costly this problem is.

This is episode 8 of the Cybersecurity Basics series. If you haven't already, go back and listen to the previous episodes on frameworks, identity and access management, endpoint security, backups, email phishing, and network security.

🎯 Free Resource: Want to know if your business is actually protected? Visit unhackmybusiness.com
for show notes, the full video recording, and to schedule your free cybersecurity risk assessment with Phoenix IT Advisors — no matter where you're located.

Your firewall is not enough anymore — and your IT team may not be telling you that.

In Episode 81 of UnHacked, Justin and Bryan dig into one of the most misunderstood concepts in cybersecurity: the network perimeter. It used to be simple. Put a firewall on the edge of your network, install antivirus, done. But that world is gone. Today, your data lives in Microsoft 365, SharePoint, Dropbox, cloud apps your HR manager signed up for last Tuesday, your employee's home network, the guest Wi-Fi at your office, and the IoT thermostat down the hall. The "perimeter" is everywhere — which means it has to be protected everywhere.

In this episode, you'll learn:

• Why the traditional firewall is still necessary — but nowhere near sufficient
• How cloud platforms like Microsoft 365 require their own security layer (and what that actually looks like)
• The hidden danger of VPN tunnels drilled through your firewall during the remote work era
• Why your guest Wi-Fi might not actually be a guest network
• What shadow IT is and why an employee could be walking out the door with your entire company's data right now — legally, and invisibly
• The single most important first step to securing any business: knowing what you actually have

Plus, Justin shares the one question every business owner should ask their IT person — and warns that most of the time, the answer they get back will tell them everything they need to know about how exposed they really are.

This is Episode 7 in the UnHacked Cybersecurity Basics mini-series.

🔐 Want to know how secure your business really is? Visit https://www.phoenixitadvisors.com/
and mention UnHacked to schedule a free cybersecurity risk assessment.

What does it take to lose $50,000 in a single email? Not much. A spoofed address. A busy CFO. A wire transfer that clears before anyone realizes what happened.

In Episode 80 of UnHacked, Justin Shelley, Mario Zaki, and Bryan Lachapelle dig deep into one of the most financially devastating threats facing businesses today: Business Email Compromise (BEC). This is Episode 6 of their ongoing 12-part series on Security Basics, and this one hits close to home for every business owner who relies on email to run their company — which is all of them.

The guys break down exactly how BEC attacks work in two primary forms: lookalike domains designed to trick you letter by letter, and fully compromised email inboxes where a hacker is literally sitting inside your vendor's or employee's account, reading everything and waiting for the right moment to strike. Using AI, attackers can now download entire mailboxes, study communication patterns, and pick up mid-conversation with chilling accuracy.

But the scariest part of this episode isn't the technology — it's the human element. From new employees targeted on LinkedIn within days of posting about their new job, to companies that actively silenced their own IT teams who flagged security gaps (and paid dearly for it), the hosts make a compelling case that people — not software — are both the biggest vulnerability and the most powerful defense a company has.

You'll learn:

• The two types of Business Email Compromise and why one is nearly impossible to stop with technology alone
• The one phone call that could have saved a $50,000 wire transfer — and why most companies don't make it
• Why punishing employees who report mistakes is one of the most dangerous things a company can do
• How attackers use LinkedIn to target new hires and exploit their eagerness to impress leadership
• What "zero trust" really means in the context of email — and how to build it into your team's daily behavior
• How to report lookalike domains and get them taken down
• Why a culture of security awareness is more valuable than any software tool you can buy

This episode is a wake-up call. Email is not safe by default. Your vendors can be compromised. Your new hires are being targeted. And if you don't have written policies and a culture that rewards vigilance, no firewall in the world will save you.

Think your business is protected because you're paying for IT services? Think again. In this eye-opening episode, three cybersecurity experts share real horror stories of backup failures that cost businesses everything – from tape backups that never worked to QuickBooks files that vanished when needed most.

You'll discover why modern backups are more complex than ever (hint: your data isn't just on one server anymore), what immutable storage means for your protection, and the critical difference between having backups and having backups that actually work when disaster strikes.

The hosts walk you through a practical framework for auditing your current backup strategy, testing it properly, and creating manual processes to keep your business running during recovery. Plus, learn why some businesses can survive ransomware attacks while others are devastated – and which category you're currently in.

Whether you're relying on "my IT guy handles that" or managing backups yourself, this episode will either confirm you're truly protected or expose dangerous gaps before they cost you your business.

What happens when your laptop gets stolen and you forgot to lock it? In this episode of UnHacked, our hosts dive deep into endpoint security - the real perimeter of your business in today's digital world.

Justin, Bryan, and Mario explore real-world examples of how endpoints (computers, phones, VPNs, smart devices) are compromised and share practical CEO-level guidance on protecting these critical access points. From VPN vulnerabilities to improperly configured guest networks, learn why 97% of breaches could be prevented with basic security measures.

Key topics include: the four essential endpoint protection checks every CEO should perform, why "it's in the cloud" doesn't mean you're protected, the importance of detection systems alongside prevention, and how to hold your IT team accountable.

Whether you're paying for managed IT services or handling security in-house, this episode provides actionable steps to verify your endpoints are truly protected. Don't wait until your business is the next cautionary tale.

You can't secure what you can't see. In this critical episode of our baseline security series, Justin and Mario expose the dangerous reality of "shadow IT" - the hidden software, devices, and vulnerabilities lurking in your business that could be costing you everything.

From TeamViewer installations left wide open to former vendors still having backdoor access years later, discover why even the most well-intentioned businesses are sitting ducks for ransomware attacks. Learn the shocking truth about unprotected home computers accessing corporate data, outdated backup software creating attack surfaces, and why "we moved to the cloud" doesn't mean you're safe.

This episode delivers actionable steps every CEO needs to take THIS WEEK to identify their digital assets and close dangerous security gaps. Don't wait until you're the next headline - your business depends on knowing what you're protecting.

Episode 76 kicks off a comprehensive multi-part series on baseline cybersecurity with a deep dive into identity and access control. The hosts reveal why courts can now pull your ChatGPT conversations in legal proceedings, and break down the critical difference between passwords and passphrases. Learn why shared accounts are a business owner's worst nightmare, discover the three essential Microsoft 365 security settings most companies miss, and understand why your ego might be your biggest security vulnerability. From conditional access policies to employee onboarding checklists, this episode provides non-technical business owners with actionable steps to protect their greatest asset - their business. The conversation includes real-world horror stories of access control failures and practical solutions for companies of all sizes.

Justin Shelley - https://www.phoenixitadvisors.com/
Mario Zaki - https://www.mazteck.com/

In this episode, Justin and Mario dive deep into why "I didn't know" isn't a legal defense when your business gets hit with a cyber attack. Using a realistic scenario of a 60-employee manufacturing company facing $180,000 in losses from ransomware, they explore how delayed IT decisions can devastate businesses overnight.

The hosts kick off a comprehensive mini-series on cybersecurity governance, frameworks, and compliance, breaking down complex topics for non-technical business owners. Mario shares real-world stories from his MSP practice, including the shocking reality of passwords taped to monitors and the doctor who simply didn't care about security.

Key topics covered: the true cost of cyber attacks, cybersecurity frameworks (CIS, NIST), multi-factor authentication beyond just Office 365, risk assessment strategies, and why business owners must take ownership of their cybersecurity decisions.

Whether your industry is regulated or not, this episode provides the foundation every business owner needs to make intelligent security decisions and protect their greatest asset: their business.

After a two-month hiatus, the UnHacked team returns with hard-earned lessons from 2025 and critical predictions for 2026. When their scheduled guest no-shows, Justin, Mario, and Bryan deliver an unfiltered discussion about the dangerous complacency creeping into business security.

Mario reveals how AI is making business owners go "on autopilot" with potentially devastating consequences, while Bryan predicts the mainstream adoption of passkeys will revolutionize login security. Justin warns about the hidden security risks as AI democratizes coding and development.

Key takeaways include the power of consistency over perfection, why AI can't spell "strawberry" correctly but businesses still trust it with critical decisions, and practical steps to avoid becoming the low-hanging fruit for cybercriminals in 2026.

Perfect for business owners who want to stay ahead of emerging threats while learning from real-world security experiences.

Guest: Faiz Gouri -https://www.linkedin.com/in/faizgouri/ https://modelcontextprotocol.io/  Microsoft Senior Software Engineer

Business owners, your data just became incredibly powerful—and potentially dangerous. Microsoft engineer Faiz Gouri reveals the Model Context Protocol (MCP), the breakthrough technology that lets AI read and analyze your entire business database in plain English.
Imagine asking your computer: "How many customers did we lose last month and why?" or "Which products are trending down and what should we do?" This isn't science fiction—it's happening now.
But here's the catch: While MCP can revolutionize how you access business intelligence, it also creates new security vulnerabilities that could expose everything. Faiz breaks down the real risks, the massive opportunities, and what every business owner needs to know before their competitors get there first.

Key topics: AI data integration, business intelligence automation, cybersecurity implications, and practical implementation strategies.

Guest: Craig Taylor - http://cyberhoot.com/

Your cybersecurity awareness training might be sabotaging your business. Recent studies show traditional "gotcha" phishing tests actually increase clicks and create disengaged, apathetic employees. Craig Taylor, CISSP-certified cybersecurity expert with 30 years of experience and co-founder of CyberHoot, reveals why punishment-based security training fails and how positive reinforcement and gamification can transform your first line of defense. Discover why rewarding good behavior works better than shaming mistakes, learn about the psychology behind effective training, and find out how AI is changing the threat landscape. Plus, get actionable steps to build a security-aware culture that actually protects your business.

Guest: Milan Rogers - Complete Healthcare Business Consulting -https://chcbconsulting.com/

Healthcare practices face the highest cybersecurity costs of any industry - averaging $10.93 million per breach. In this critical episode, healthcare consultant Milan Rogers reveals why medical records sell for $250-$5,000 each on the dark web and shares the devastating real-world impact of the Change Healthcare breach that affected 190+ million patients. Learn about HIPAA's tiered penalty system ($141 to $2.1 million per violation), the three essential security safeguards every practice needs, and why 97% of breaches are preventable with basic measures. Whether you're a healthcare provider or manage any business with sensitive data, this episode could save your company from a catastrophic "game-ending" cyber attack.

Guest: Robert Cioffi - https://www.progressivecomputing.com/

The IT industry has a dirty secret: anyone can hang a shingle and call themselves a cybersecurity expert. No license required. No proven competency. No oversight. In this eye-opening episode, cybersecurity veteran Robert Cioffi returns for his third appearance to expose how this unregulated wild west is putting businesses at catastrophic risk.

Justin shares a real horror story of a company paying $2,000/month for "managed services" while having zero antivirus, no backups, and servers riddled with errors. The hosts break down the three critical areas every business owner must understand: what this means for clients, legitimate service providers, and most importantly - how to protect yourself.

You'll learn the warning signs of incompetent IT providers, why choosing based on price is business suicide, and the specific questions to ask that will separate the professionals from the pretenders. This isn't just about technology - it's about protecting your life's work from preventable disasters.

A real cybersecurity horror story unfolds as Justin reveals his most shocking discovery ever: a 34-computer business paying $2,000 monthly for IT services while receiving literally nothing in return. Windows 7 machines, zero backups, no antivirus, failing systems, and unlicensed software - all while the business owner believed they were protected.

In this Halloween special episode, Justin and Bryan share spine-chilling tales from their IT audits and provide a practical checklist every business owner needs to verify they're actually getting what they pay for from their IT provider. Learn the critical questions to ask, red flags to watch for, and why quarterly business reviews aren't optional.

Key takeaways include framework-based cybersecurity approaches, the importance of documented processes, and why "trust but verify" should be every business owner's motto when it comes to IT services.

Don't let your business become the next cautionary tale. This episode could save your company from financial devastation.

Small businesses making under $500K are the #1 target for ADA website compliance lawsuits - and most business owners have never heard of this threat. In this eye-opening episode, Justin and Mario break down the "digital ambulance chasing" epidemic that's forcing small businesses into $5K-$20K settlements for website violations they didn't know existed.

You'll discover why having a website makes you a target, what specific violations trigger lawsuits, and the free tools you can use TODAY to protect your business. The hosts also reveal why these cases almost always settle (even when frivolous) and provide a step-by-step action plan to minimize your risk.

This isn't about hackers or data breaches - it's about predatory legal tactics targeting the very businesses that can least afford to defend themselves. Don't become the next victim.

Nevada's state government has been crippled by ransomware for nearly a month with most systems still down - and it's a wake-up call every business owner needs to hear. In this eye-opening episode, Justin and Mario dissect what makes some organizations recover quickly from cyberattacks while others remain paralyzed for weeks.

From Marriott's impressive ransomware response to Nevada's ongoing nightmare, discover why being "low hanging fruit" is more dangerous than having a target on your back. Plus: the Windows 10 end-of-life crisis hitting 40% of US computers next month, and why cutting corners on cybersecurity can turn a $500K problem into a $10M lawsuit.

Key topics: The difference between targeted attacks and opportunistic breaches, why government entities struggle with cyber recovery, Windows 10 end-of-life vulnerabilities, building a security-first culture, and practical steps every business can take today to avoid becoming the next cautionary tale.

Guest: Grant McCracken - https://darkhorse.sh

What if the best way to secure your business was to invite hackers to attack it? In this eye-opening episode, ethical hacker Grant McCracken reveals how bug bounty programs are revolutionizing cybersecurity for businesses of all sizes. Grant explains how his company Dark Horse Security makes these powerful security tools accessible and affordable for small businesses - starting at absolutely free for the first 25 vulnerability reports.

Discover why traditional penetration testing only scratches the surface, how a major bank found six-figure worth of vulnerabilities overnight when they expanded their scope, and why the bad guys are already looking for your vulnerabilities whether you're testing for them or not. Grant breaks down complex concepts like attack surfaces, vulnerability disclosure programs, and the NIST Cybersecurity Framework in business owner-friendly terms.

Key takeaways include identifying if your business needs a bug bounty program, understanding what constitutes an attack surface, and learning how to leverage the crowd-sourced approach to cybersecurity. This episode is essential listening for any business owner serious about proactive security.

Guest: Robert Cioffi - https://www.patreon.com/CyberRISE and https://cyberrise.org/ 

In July 2021, Robert Cioffi's MSP business was completely destroyed in 90 minutes. 80 clients, 200 locations, 2,500 endpoints - 100% encrypted by ransomware through a zero-day exploit. But this isn't just another breach story. It's the blueprint for what every business owner needs to know about frameworks, community, and the one resource that could save your company when disaster strikes.

Justin and Mario dive deep with Robert about the human side of cyber attacks, why frameworks like CIS Controls became his lifeline, and how he transformed his nightmare into MSP911.org - a nonprofit that provides emergency response for cyber attacks. If you're a business owner wondering "what would we do if this happened to us?" - this episode contains answers you can't afford to ignore.

Key topics: Cybersecurity frameworks, incident response, community support, MSP911.org, Cyber Rise nonprofit, prevention vs. response strategies.

Guest: Jolie Grace Wareham, CEO of Protosec - https://protasec.com/

Your vendors could be your biggest cybersecurity weakness. In this eye-opening episode, cybersecurity advisor Jolie Grace Wareham shares a real case where a small business lost a significant five-figure sum when their vendor's email compromise led to fraudulent payment instructions.

Learn how threat actors lived undetected in a vendor's email system for months, then sent convincing fake wiring instructions that looked completely legitimate. Discover the red flags that could have prevented this costly attack and why 60% of small businesses that experience cyber incidents are out of business within six months.

Key topics: vendor risk management, business email compromise (BEC), payment verification protocols, incident response planning, and why cybersecurity is everyone's responsibility—not just IT's.

Essential listening for any business owner who works with vendors, contractors, or third-party service providers.

Guest: Jocelyn Houle - https://www.jocelynhoule.com/

Small businesses are racing to adopt AI, but most are unknowingly creating massive security vulnerabilities. In this episode, veteran AI expert Jocelyn Houle reveals why "everything is a data problem" and how companies are accidentally exposing customer data, intellectual property, and sensitive information through AI implementations.

From the Chevrolet chatbot that offered a $76,000 car for $1 to HR systems leaking employee salaries, we explore real-world AI disasters and what they mean for your business. Jocelyn shares practical strategies for Data Security Posture Management (DSPM), prompt injection prevention, and safe AI adoption that won't put your company at risk.

Key topics: AI security risks, data protection, prompt injection attacks, shadow IT, customer data exposure, and actionable steps for implementing AI safely in small businesses.

Guest: Jocelyn King, "Queen of Online Safety" - https://www.smarteronlinesafety.com/ 

In this eye-opening episode, cybersecurity expert Jocelyn King shares her harrowing personal story of being targeted by cybercriminals for years, losing over $500,000, and how it led to her mission of protecting others online.

The conversation focuses on a critical but underserved area: protecting our elderly community from cyber scams. With over
40billionstolenfromAmericans60+lastyearalone,andaveragelossesexceeding40billionstolenfromAmericans60+lastyearalone,andaveragelossesexceeding60,000 per victim, this isn't just about protecting grandparents—it's about protecting your family's financial future.

Jocelyn shares practical strategies for safeguarding elderly family members, including setting up two-factor authentication alerts to your phone, establishing "stranger danger" protocols for the digital age, and creating emergency response plans. The hosts discuss real cases, including a devastating $300,000 retirement theft, and why traditional banking protections don't apply when victims willingly transfer money to scammers.

Key takeaways include actionable steps business owners can take today to protect elderly family members who could become unexpected financial burdens if targeted by sophisticated scammers.

Legacy machines were never designed to be connected—or protected. But in modern manufacturing, connectivity is a must. So how do you protect your business when the shop floor is now on the network?

In this episode, Justin talks with Tory Bjorklund, manufacturing consultant and author of Digital Transformation Guidebook, about the surprising ways attackers exploit connected machines, what most companies still get wrong, and how to secure industrial systems without breaking your operations.

In this episode:

• Why shop floor devices are a cybersecurity risk
• The threat of PLCs, HMIs, and remote access
• How one-way data flows can prevent ransomware
• Using segmentation, firewalls, and MFA to keep attackers out
• What AI can (and can’t) do for modern manufacturers

Guest Links: https://victoriafide.com/

From SMBs to the enterprise, Brad has worked with it all. In this episode, we break down:

• Why we’re already outsourcing leadership decisions to AI (and what to do about it)
• How SMBs can avoid tech fatigue while still innovating
• The new risks AI introduces, and how to defend against them
• Why cybersecurity and business growth are now inseparable

Whether you're an MSP, a manufacturer, or a business owner trying to stay ahead of the tech curve, this episode gives you a candid look at what’s coming next and how to lead through it.

🔗 Guest links
🌐 DigitalMeld.io
🎙️ The Digital Meld Podcast

🔗 Learn more at rfideas.com
🔗 Explore passkey adoption at fidoalliance.org

If you’re a manufacturer—or any business relying on third-party tools and vendors—this is a wake-up call you can’t afford to miss.

🔗 Learn more about Brett’s work at adaptiveoffice.ca
📘 Why Your Business Must Have Cybersecurity Risk Assessments → Amazon

In this episode of UnHacked, we sit down with Michael Ritsema—cybersecurity strategist and President of i3 Business Solutions—who’s helped multiple companies survive full-scale breaches. Together with co-hosts Bryan Lachapelle and Mario Zake, we unpack what actually happens when things go sideways, why most CEOs think they're covered (but aren't), and how to make your business bulletproof—starting today.

This episode is for every business owner who’s ever thought:
 🧠 “That won’t happen to us.”
 🧠 “We have IT—we’re fine.”
 🧠 “We’ll deal with it if something comes up.”

Don’t wait until “something” shows up. Learn how to lead your company through the #1 operational risk of the decade—and how one company was saved by a $300 tape backup.

🎧 Listen in. Take action. Keep your business UnHacked.

In this eye-opening episode, cybersecurity experts Justin, Bryan, and Mario sit down with Mounir Ibrahim, former US diplomat and Chief Communications Officer at TruePic. Mounir shares how witnessing fake images derail international investigations led him to a technology that's revolutionizing how businesses verify digital content.

What You'll Learn: • How to eliminate $150 inspection fees and reduce wait times from 3 days to 1 hour • Why your customers' photos, receipts, and documentation can't be trusted (and what to do about it) • The two major fraud threats hitting small businesses: AI-generated content and "cheap fakes" • Real-world examples: Insurance claims, warranty inspections, loan applications, and merchant cash advances • How one pizza shop owner can now get funding in hours instead of days

Perfect for: Small business owners doing manual inspections, anyone processing customer-submitted photos or documents, and entrepreneurs looking to expand beyond their geographic area without the traditional costs.

The Bottom Line: While we're living in the "Wild West" of digital content, smart business owners are using authentication technology to cut costs by 90%, serve customers faster, and expand into new markets—all while protecting themselves from fraud.

 Download Jim DuBos’ Cybersecurity Program for Small Business

Buy Tim's book here: https://amzn.to/3XoxUC1

• Where is Windows more vulnerable?
• Where is Mac more vulnerable?
• What threats are the same (PC vs Mac)

I don't know that we ever solved the primary question... but here are some good tips for staying safe, regardless of which platform you are passionate about.

Dave shocked me when he said, "I hate the cybersecurity industry!" So I said, "Let's discuss!" The bottom line is this: we as a society can and should do better. 

• As consumers of cybersecurity products and services, we need to push back on vendors. Why do they get away with having no skin in the game?
• As citizens, we need to push back on our leaders. Why are we always on defense? Let's play offense!
• As users of technology, we have our own set of responsibilities. It's time to take that seriously.

Use code "unhacked" for a 25% discount on Eric's book: https://dontretiregraduatebook.com/

In our pre-interview meeting, Eric said: “Very few things keep me up at night. Not stocks, not capital hill, but having my identity stolen and company infiltrated.” And he has a great reason for this. Several years ago his company was hit with a ransomware attack.

This is the problem. Take a listen to learn the solution.

At Steele Fortress, Jonathan leverages his unique blend of legal and cybersecurity expertise to provide comprehensive cybersecurity and privacy consulting services. His deep understanding of both the legal and technical aspects of cybersecurity and privacy makes him a valuable asset to any organization looking to bolster their security posture and navigate the complex landscape of cybersecurity laws and regulations.

Today we talk with Christian Espinosa about the cybersecurity basics, as well as his 7 Step Secure Methodology. 

In this powerful episode of UnHacked, Robert Cioffi shares the real story of what happened when his systems went down and his company faced every leader’s worst fear. This isn’t about theory—it’s about resilience, company culture, and the choices that define you in a crisis.

We also discuss:

• What to do when you’ve followed all the rules and still get hit
• How company culture becomes your greatest asset during chaos
• Why frameworks (like CIS, NIST, HIPAA, CMMC) are your foundation—but not your guarantee

If you’re ready to think beyond prevention and build true cyber readiness, this episode is for you.

What's the #1 threat to your organization? IT'S US! WE ARE THE PROBLEM!

The truth is, we can follow every standard, control, and best practice under the sun, but all it takes is a careless or uninformed click or tap and it's game over. So, if people are the problem, what is the solution?

• Proper tools
• Education
• Policies and procedures
• Culture

While this might be part 3 of our miniseries, treat yourself to an invaluable discussion of the #1 best thing you can possibly do to protect your business: take care of your people!

1. Go through each department and major function in your business (BizDev, Operations, Finance, HR, etc.)
2. Identify the technology used for each
3. Make a note of where the associated data is stored
4. Create a plan for backing it up and testing the process

Most important: review this process regularly because things change!

But... Here's why it's important and how to keep it simple (well, simple-ish).

A Russian state-sponsored attack on HPE (Hewlett Packard Enterprise) "targeted 'a small percentage of HPE mailboxes' used by staff in cybersecurity...." Hmmmmm. Ok...?

Well, public record is what it is. That said, what can we learn? Take a listen and we'll break it down for you!

That's all you've got?? Child's play! Here's a $480 million class action lawsuit to go with it. Enjoy!

Tony ran technical espionage and computer crimes investigations for a good portion of his operational career. He served as the Counterintelligence Operations Officer at The White House; serving two administrations from 1998-2004. He led the technical accreditation for a critical facility at one of the DOE National Labs before being recruited to move to Reno, Nevada to build a data center for one of the beltway bandits. Since then, Tony has started three of his own companies; served as the Chief Security Officer for two others; and ran Incident Response & Threat Intelligence for two others before stepping back into Private Consulting. Tony continues to serve national security efforts with his CyberSecurity Consulting Firm in Knoxville, and gets in the way a lot while Pam, his wife of 39 years, is taking care of their three beautiful grand babies!