Hosts & Guests:

Justin Shelley — Phoenix IT Advisors | https://www.phoenixitadvisors.com/
Mario Zaki — Mazteck IT | https://www.mazteck.com/
Bryan Lachapelle — B4 Networks | https://www.b4networks.ca/
Joshua Holloway — 70i Technologies |https://7thdi.com/

What if you could get 10x, 20x — even 50x — more done in your business without hiring a single new employee? In Episode 87 of UnHacked, the hosts kick off an all-new 12-episode series dedicated to helping business owners harness the power of AI — safely, practically, and profitably.

Joining the crew for the first time is Joshua Holloway, CEO of 70i Technologies, the man credited as the quiet inspiration behind the hosts' own AI journeys. Josh brings a compliance-focused perspective on AI adoption that every regulated business needs to hear.

This episode covers:

• Why "free" AI tools are a security risk — and the one checkbox you must find (and keep checking) to protect your business data
• The paid vs. free platform debate — ChatGPT and Claude go head-to-head, and a third secure option is introduced: Hatz AI (hatz.ai)
• Real-world productivity wins — from a salesperson who cut proposal time from 3 hours to 5 minutes (that's a 36x improvement) to a marketing team producing 5-industry-specific blog posts in 1 hour instead of 8–10
• Why non-coders are now building full apps — Mario had zero coding experience before AI. That story will change how you think about what's possible
• How to use AI as an email filter, a meeting analyst, a sales coach, and even a therapist — practical use cases you can start today
• Your homework assignment — one simple task every listener should complete before next week's episode

Whether you're completely new to AI or you've been dabbling and feel stuck, this episode is your on-ramp. The hosts promise: if you follow this 12-week series, your business will be unrecognizable by the end.

Crawl. Walk. Run. It starts here.

🔒 UnHacked is produced by Phoenix IT Advisors — helping businesses use technology to make money, and protecting that money from hackers, fines, and lawsuits.

Subscribe, leave a review, and visit unhackmybusiness.com for show notes, assignments, and resource links.

Hosts:
Justin Shelley — Phoenix IT Advisors | https://www.phoenixitadvisors.com/
Mario Zaki — Mazteck IT | https://www.mazteck.com/
Bryan Lachapelle — B4 Networks | https://www.b4networks.ca/

Most businesses don't have a plan for when they get hacked. Not if — when. In Episode 86 of UnHacked, Justin, Mario, and Bryan dig into one of the least glamorous — but most critically important — topics in cybersecurity: policies, procedures, and incident response planning.

Here's the hard truth they unpack: your firewall won't save you if your people don't know what to do. The gap between a breach and a catastrophe is almost always human behavior — and that's exactly what policies and incident response plans are designed to address.

In this episode, you'll learn:

The top 3 policies every business needs right now (including one you've almost certainly overlooked)

• Why most policies fail — and the three elements every good policy must have
• How to build a genuine security culture, not just a signed employee handbook nobody reads
• What an incident response plan actually covers (hint: it's not just an IT problem)
• The single most important document a business owner can create to protect themselves legally and operationally

PLUS — a major announcement: the UnHacked team is launching a free portal to help business owners score their cybersecurity posture, build an action plan, and hold their IT providers accountable.

Want to know how secure your business really is? Get a free cybersecurity risk assessment at phoenixitadvisors.com — mention UnHacked.

Hosts:
Justin Shelley — Phoenix IT Advisors | https://www.phoenixitadvisors.com/
Bryan Lachapelle — B4 Networks | https://www.b4networks.ca/
Mario Zaki — Mazteck IT | https://www.mazteck.com/

What if someone was already living in your business — watching everything, stealing data, using your resources — and you had absolutely no idea?

In Episode 85 of UnHacked, Justin, Bryan, and Mario tackle one of the most overlooked gaps in cybersecurity: logging, monitoring, and detection. Most businesses (and even most IT providers) invest heavily in preventing attacks — but almost no one has a plan for detecting them once they're already in.
And they will get in.
The hosts share real-world stories of attackers living undetected inside business networks for months — creating hidden admin accounts, mining cryptocurrency, exfiltrating data, and worse — all while the business owner had no idea. They break down what a Security Operations Center (SOC) actually does, why "mean time to detection" could be the most important metric you've never heard of, and why this is one cybersecurity layer you absolutely cannot DIY.

Key takeaways:

• Ask your IT provider: "What are we doing for detection and response?" — and be prepared for the answer.
• Once you know you're unprotected, you're legally and ethically obligated to act.
• Monitoring without expert review is just noise — you need the right people watching.

🔒 Think your business is protected? Find out for free at unhackmybusiness.com

Hosts:
Justin Shelley — Phoenix IT Advisors: https://www.phoenixitadvisors.com/
Mario Zaki — Mazteck IT: https://www.mazteck.com/

Do you know exactly which vendors have access to your business systems, your data, or your network? If the honest answer is "not really" — this episode is for you.

In Episode 84 of UnHacked, Justin Shelley and Mario Zaki tackle one of the most overlooked threats in cybersecurity: vendor risk and third-party access. This is the 10th installment in their deep-dive mini-series on cybersecurity fundamentals, and it may be the most eye-opening yet.

The guys share a real-world story of an MSP who was breached through his own remote management software — encrypting not just his systems, but every single one of his clients' systems — and what his one-word lesson was when it was all over.

You'll learn:

• Why your least secure vendor is your biggest security liability
• How to find remote access software lurking on your network (and what to do with it)
• The simple first step every business owner can take today — no IT degree required
• What questions to ask your MSP to make sure they aren't your weakest link
• How AI can help you sort through thousands of installed applications in minutes

Whether you're in construction, healthcare, finance, or any industry where you rely on vendors and subcontractors, this episode will change how you think about who you're letting in the door.

📌 Resources and episode links: unhackmybusiness.com
🔒 Get your free cybersecurity risk assessment: phoenixitadvisors.com

Hosts:

Justin Shelley — Phoenix IT Advisors | https://www.phoenixitadvisors.com/
Mario Zaki — Mazteck IT | https://www.mazteck.com/
Bryan Lachapelle — B4 Networks | https://www.b4networks.ca/

You moved your business to the cloud to simplify things. But what if that move actually increased your risk — and you didn't even know it?

In Episode 83 of UnHacked, Justin, Mario, and Bryan pull back the curtain on cloud and SaaS security — the ninth installment in their 12-part Cybersecurity Basics series. This episode tackles one of the most dangerous misconceptions in modern business: that "moving to the cloud" means you're secure, saving money, or simplifying your operations. Spoiler — it often does none of those things without the right setup.

In this episode, you'll learn:

• Why the cloud doesn't automatically secure or simplify your business
• The hidden risks of shared links, shadow IT, and expired user accounts
• Why single sign-on (SSO) is a double-edged sword — and how to protect it
• How former employees may still have access to your systems right now
• What admin account separation really means and why your IT person might be doing it wrong
• What a proper, proactive cloud security setup actually looks like

Whether you're already in the cloud or thinking about making the move, this episode will change how you think about who has access to your business — and what happens when you don't know the answer.

🔐 Not sure how secure your cloud setup really is? Get a free cybersecurity risk assessment at PhoenixITAdvisors.com
and mention UnHacked.

Hosts:
Justin Shelley — Phoenix IT Advisors | https://www.phoenixitadvisors.com/

Note: Co-hosts Mario Zaki and Bryan Lachapelle are absent this episode — they're representing their firms at a trade show in Dallas.

Did you know there are 130+ new cybersecurity vulnerabilities discovered every single day? That's nearly 50,000 last year alone — and the number is growing exponentially, fueled in part by AI-powered attacks. In this solo episode, Justin Shelley breaks down one of the most overlooked and mismanaged areas of cybersecurity for small and mid-sized businesses: patch and vulnerability management.

Most business owners assume their IT company is handling it. Most of the time, they're wrong.

In this episode, Justin covers:

• What patching actually is — and why it's far more complex than "set it and forget it"
• The CVE list — the publicly available database of known vulnerabilities and why it should terrify you
• Zero-day vulnerabilities — what they are and why they're especially dangerous
• The reactive spiral of death — the real reason your IT company may be dropping the ball (and it's not because they don't care)
• The reboot problem — why something as simple as restarting a computer is one of the biggest obstacles to keeping your business secure
• Legacy systems and blind spots — Windows 10, old software, browsers, firewalls, and all the things that aren't getting patched even when you think they are
• Two specific questions you should be asking your IT company right now — and what to do if they can't answer them

Justin also shares a personal story about a client breach caused by an outdated version of Microsoft Office — one that nearly destroyed that business and ended a client relationship — to illustrate just how real and costly this problem is.

This is episode 8 of the Cybersecurity Basics series. If you haven't already, go back and listen to the previous episodes on frameworks, identity and access management, endpoint security, backups, email phishing, and network security.

🎯 Free Resource: Want to know if your business is actually protected? Visit unhackmybusiness.com
for show notes, the full video recording, and to schedule your free cybersecurity risk assessment with Phoenix IT Advisors — no matter where you're located.

Hosts:
Justin Shelley — Phoenix IT Advisors | https://www.phoenixitadvisors.com/
Bryan Lachapelle — B4 Networks | https://www.b4networks.ca/

Your firewall is not enough anymore — and your IT team may not be telling you that.

In Episode 81 of UnHacked, Justin and Bryan dig into one of the most misunderstood concepts in cybersecurity: the network perimeter. It used to be simple. Put a firewall on the edge of your network, install antivirus, done. But that world is gone. Today, your data lives in Microsoft 365, SharePoint, Dropbox, cloud apps your HR manager signed up for last Tuesday, your employee's home network, the guest Wi-Fi at your office, and the IoT thermostat down the hall. The "perimeter" is everywhere — which means it has to be protected everywhere.

In this episode, you'll learn:

• Why the traditional firewall is still necessary — but nowhere near sufficient
• How cloud platforms like Microsoft 365 require their own security layer (and what that actually looks like)
• The hidden danger of VPN tunnels drilled through your firewall during the remote work era
• Why your guest Wi-Fi might not actually be a guest network
• What shadow IT is and why an employee could be walking out the door with your entire company's data right now — legally, and invisibly
• The single most important first step to securing any business: knowing what you actually have

Plus, Justin shares the one question every business owner should ask their IT person — and warns that most of the time, the answer they get back will tell them everything they need to know about how exposed they really are.

This is Episode 7 in the UnHacked Cybersecurity Basics mini-series.

🔐 Want to know how secure your business really is? Visit https://www.phoenixitadvisors.com/
and mention UnHacked to schedule a free cybersecurity risk assessment.

Hosts:
Justin Shelley — Phoenix IT Advisors | https://www.phoenixitadvisors.com/
Mario Zaki — Mazteck IT | https://www.mazteck.com/
Bryan Lachapelle — B4 Networks | https://www.b4networks.ca/

What does it take to lose $50,000 in a single email? Not much. A spoofed address. A busy CFO. A wire transfer that clears before anyone realizes what happened.

In Episode 80 of UnHacked, Justin Shelley, Mario Zaki, and Bryan Lachapelle dig deep into one of the most financially devastating threats facing businesses today: Business Email Compromise (BEC). This is Episode 6 of their ongoing 12-part series on Security Basics, and this one hits close to home for every business owner who relies on email to run their company — which is all of them.

The guys break down exactly how BEC attacks work in two primary forms: lookalike domains designed to trick you letter by letter, and fully compromised email inboxes where a hacker is literally sitting inside your vendor's or employee's account, reading everything and waiting for the right moment to strike. Using AI, attackers can now download entire mailboxes, study communication patterns, and pick up mid-conversation with chilling accuracy.

But the scariest part of this episode isn't the technology — it's the human element. From new employees targeted on LinkedIn within days of posting about their new job, to companies that actively silenced their own IT teams who flagged security gaps (and paid dearly for it), the hosts make a compelling case that people — not software — are both the biggest vulnerability and the most powerful defense a company has.

You'll learn:

• The two types of Business Email Compromise and why one is nearly impossible to stop with technology alone
• The one phone call that could have saved a $50,000 wire transfer — and why most companies don't make it
• Why punishing employees who report mistakes is one of the most dangerous things a company can do
• How attackers use LinkedIn to target new hires and exploit their eagerness to impress leadership
• What "zero trust" really means in the context of email — and how to build it into your team's daily behavior
• How to report lookalike domains and get them taken down
• Why a culture of security awareness is more valuable than any software tool you can buy

This episode is a wake-up call. Email is not safe by default. Your vendors can be compromised. Your new hires are being targeted. And if you don't have written policies and a culture that rewards vigilance, no firewall in the world will save you.