Hosts:
Justin Shelley — Phoenix IT Advisors: https://www.phoenixitadvisors.com/
Mario Zaki — Mazteck IT: https://www.mazteck.com/

Do you know exactly which vendors have access to your business systems, your data, or your network? If the honest answer is "not really" — this episode is for you.

In Episode 84 of UnHacked, Justin Shelley and Mario Zaki tackle one of the most overlooked threats in cybersecurity: vendor risk and third-party access. This is the 10th installment in their deep-dive mini-series on cybersecurity fundamentals, and it may be the most eye-opening yet.

The guys share a real-world story of an MSP who was breached through his own remote management software — encrypting not just his systems, but every single one of his clients' systems — and what his one-word lesson was when it was all over.

You'll learn:

• Why your least secure vendor is your biggest security liability
• How to find remote access software lurking on your network (and what to do with it)
• The simple first step every business owner can take today — no IT degree required
• What questions to ask your MSP to make sure they aren't your weakest link
• How AI can help you sort through thousands of installed applications in minutes

Whether you're in construction, healthcare, finance, or any industry where you rely on vendors and subcontractors, this episode will change how you think about who you're letting in the door.

📌 Resources and episode links: unhackmybusiness.com
🔒 Get your free cybersecurity risk assessment: phoenixitadvisors.com

Hosts:

Justin Shelley — Phoenix IT Advisors | https://www.phoenixitadvisors.com/
Mario Zaki — Mazteck IT | https://www.mazteck.com/
Bryan Lachapelle — B4 Networks | https://www.b4networks.ca/

You moved your business to the cloud to simplify things. But what if that move actually increased your risk — and you didn't even know it?

In Episode 83 of UnHacked, Justin, Mario, and Bryan pull back the curtain on cloud and SaaS security — the ninth installment in their 12-part Cybersecurity Basics series. This episode tackles one of the most dangerous misconceptions in modern business: that "moving to the cloud" means you're secure, saving money, or simplifying your operations. Spoiler — it often does none of those things without the right setup.

In this episode, you'll learn:

• Why the cloud doesn't automatically secure or simplify your business
• The hidden risks of shared links, shadow IT, and expired user accounts
• Why single sign-on (SSO) is a double-edged sword — and how to protect it
• How former employees may still have access to your systems right now
• What admin account separation really means and why your IT person might be doing it wrong
• What a proper, proactive cloud security setup actually looks like

Whether you're already in the cloud or thinking about making the move, this episode will change how you think about who has access to your business — and what happens when you don't know the answer.

🔐 Not sure how secure your cloud setup really is? Get a free cybersecurity risk assessment at PhoenixITAdvisors.com
and mention UnHacked.

Hosts:
Justin Shelley — Phoenix IT Advisors | https://www.phoenixitadvisors.com/

Note: Co-hosts Mario Zaki and Bryan Lachapelle are absent this episode — they're representing their firms at a trade show in Dallas.

Did you know there are 130+ new cybersecurity vulnerabilities discovered every single day? That's nearly 50,000 last year alone — and the number is growing exponentially, fueled in part by AI-powered attacks. In this solo episode, Justin Shelley breaks down one of the most overlooked and mismanaged areas of cybersecurity for small and mid-sized businesses: patch and vulnerability management.

Most business owners assume their IT company is handling it. Most of the time, they're wrong.

In this episode, Justin covers:

• What patching actually is — and why it's far more complex than "set it and forget it"
• The CVE list — the publicly available database of known vulnerabilities and why it should terrify you
• Zero-day vulnerabilities — what they are and why they're especially dangerous
• The reactive spiral of death — the real reason your IT company may be dropping the ball (and it's not because they don't care)
• The reboot problem — why something as simple as restarting a computer is one of the biggest obstacles to keeping your business secure
• Legacy systems and blind spots — Windows 10, old software, browsers, firewalls, and all the things that aren't getting patched even when you think they are
• Two specific questions you should be asking your IT company right now — and what to do if they can't answer them

Justin also shares a personal story about a client breach caused by an outdated version of Microsoft Office — one that nearly destroyed that business and ended a client relationship — to illustrate just how real and costly this problem is.

This is episode 8 of the Cybersecurity Basics series. If you haven't already, go back and listen to the previous episodes on frameworks, identity and access management, endpoint security, backups, email phishing, and network security.

🎯 Free Resource: Want to know if your business is actually protected? Visit unhackmybusiness.com
for show notes, the full video recording, and to schedule your free cybersecurity risk assessment with Phoenix IT Advisors — no matter where you're located.