A Guy With Donuts Hacked Their Entire Office (And Why Your Business Is Next)

Let me paint you a picture.
A guy shows up at an office. Friendly face. Box of donuts under his arm. "Delivery for Mrs. Johnson..."
Nobody stops him. Why would they? He's got donuts.
So he wanders. And while he's wandering, he's snapping photos of passwords stuck to monitors. He's clocking where the server room is. He's reading the Wi-Fi credentials off a sticky note by the printer.
He didn't hack anything. He didn't write a line of code. He didn't need to.
He just brought snacks.
That's the story Keith Erwood told me on this episode of The Brian Nichols Show... and it stuck with me. Because it perfectly captures the thing most business owners get catastrophically wrong about protecting what they've built.
You think the threat is some hooded genius in a basement. It's not. It's a guy with donuts. And you'd let him in too.
Why Do 40% of Small Businesses Never Reopen After a Disaster?
Here's the number that should keep you up at night.
Roughly 40% of small business owners never reopen their doors after a major disaster. Ever.
Not "they struggle for a while." Not "it's a rough quarter."
Gone. Years of work. Wiped out.
And Keith - who's been doing business continuity, disaster recovery, and crisis management for over 20 years - says the reason isn't bad luck. It's a mindset.
It's "it won't happen to me."
The small guy says it because he figures he's too small to matter. The big guy says it because he figures he's already covered. And both of them are walking around with the same blind spot... just wearing different suits.
Keith told me about interviewing for a cybersecurity contract with a Fortune 100 company. A company that had already been breached once. He told them the standards weren't enough - that just checking the compliance box is basically handing hackers a roadmap to your front door.
They didn't like that answer.
Two, three months later? Breached again.
Sound familiar?
What Is Business Continuity Planning (And Why Isn't Insurance Enough)?
Business continuity planning is the work you do before disaster hits so your business can keep operating through it - not just crawl back afterward.
And that distinction matters. Keith's whole philosophy runs on four words: Prepare. Protect. Prevent. Profit.
Prepare means you actually assess your risks. Protect and prevent means you put things in place to stop the bleeding before it starts. And profit? That's the part nobody talks about.
Because when the disruption hits - and it will - the prepared business keeps serving customers while the competition scrambles. You don't just survive the crisis. You take market share during it.
That's the game. It's not defense. It's offense wearing a helmet.
But here's where most owners tap out early. They think they've already got this handled. Two words: "We're insured."
And Keith's response to that? Insurance is important... but it is not a plan.
Does Business Insurance Actually Cover a Disaster?
Not the way you think it does. And this is the part that made me sit up.
Keith worked with a small family-run HVAC business. They had a truck and equipment stolen. They filed a claim. Denied.
They came to him gutted. So he got on the phone with them for 15 minutes and actually read the policy. Turns out it should have been covered. What happened was the policy renewed, they didn't review the update, a line item quietly dropped off - but the premium stayed the same.
One phone call later, they walked away with a $30,000 check.
Now flip that. What if Keith hadn't caught it?
That's the trap. And it gets worse.
You think a $100,000 policy means a $100,000 check. It doesn't. An adjuster shows up. They lowball you. You've got a deductible. And then there's this nasty little thing called coinsurance - where if your property value went up over the years but your coverage didn't, the insurance company slaps you with a penalty reduction right when you need the money most.
So you're already broke... and now you're getting less than you budgeted for.
Read your policy. Every single renewal. Every year. Because "we're insured" and "we're covered" are two very different sentences.
How Long Can a Small Business Survive Being Offline?
Shorter than you think. And this is the math that decides everything.
Keith broke it down like this. A few hours offline? You'll live. A day or two? Painful, but survivable.
But once a small business goes dark for a full week... the cash flow dies. And most owners don't have the tools in place to come back from that.
That's the whole ballgame. Small business doesn't run on revenue - it runs on cash flow. And a week-long outage doesn't dent your cash flow. It severs it.
So Keith gives a piece of advice that most people don't expect from a disaster guy. Raise your prices.
Seriously. Bump your rates 5, 10, sometimes 20%. Most customers won't blink - especially in service businesses. And you take that margin and you build an emergency fund. Cash ready to go for the bad Tuesday.
Because when the outage hits, the business with a cushion outlasts the business without one. Every time.
What Emerging Threats Should Small Business Owners Actually Worry About in 2026?
The threats aren't just getting bigger. They're getting weirder.
We got into all of it. Ransomware that doesn't just lock your laptops - it can shut down your actual machinery. Your CNC machines. Your printers. The specialized equipment you use to make the thing you sell. If it runs on software and touches the internet, it's a target.
Then there's the stuff totally outside your control. Geopolitical shocks. Keith pointed at Iran and gas prices - and here's the part people miss. It's not the gas that gets you. It's the diesel. Because every delivery truck runs on diesel, and when diesel spikes, shipping costs spike, and then the cost of everything you buy spikes right behind it.
Third and fourth-order impacts. The dominoes you never see coming.
Oh, and asteroids. We went there too. Turns out one buzzed by pretty close the same week we recorded. So... there's that.
The Disaster Drill That Basically Predicted COVID
This one gave me chills.
Back in the summer of 2019, Keith ran a continuity exercise for a major client. He built a scenario - an earthquake, and in the middle of it, key employees take a trip to Disneyland and come back exposed to measles. A biological event stacked on a natural disaster.
The client pushed back hard. "Those two things will never happen at the same time. This is unrealistic."
Months later? COVID.
And while the pandemic was raging, guess what else was happening? Earthquakes. Tornadoes. Fires. All of it. At once.
The world doesn't politely wait for one crisis to end before starting the next. It stacks them. Keith's fake scenario wasn't paranoid. It was prophetic.
They laughed at the drill. Then they lived it.
So What Do You Actually Do About It?
Here's the good news I'll leave you with. None of this is hopeless. You just need a plan - a real one, not a binder collecting dust on a shelf.
And Keith made it stupidly easy to start. Free.
Over at Erwood Group, he built a free risk assessment tool and a downtime calculator - the calculator actually tells you in real dollars what an outage costs your business, so you can stop guessing. And he's got a free membership site loaded with more tools and live workshops for the folks who can't drop a fortune on enterprise planning right out of the gate.
No excuse. You can start today. For nothing.
Because here's the truth I keep coming back to on this show... you built something real. Something tangible. Something worth protecting.
Don't let a guy with donuts take it from you.
Meet the threat where it's at - before it meets you.
Want the full conversation? Watch the complete episode with Keith Erwood on YouTube, or catch it on Apple Podcasts, Spotify, and everywhere you get your shows. And if you got value from this one, share it and tag me @BNicholsLiberty.
Today's episode is powered by Cardio Miracle - the best heart health supplement on the planet. Grab yours at cardiomiracle.com/TBNS and use code TBNS for 15% off.















