A staggering 71% of small businesses have suffered a cyberattack. Amy's Cupcake Shoppe was one of them.

Amy Brace, owner of the Hopkins, Minnesota-based bakery, and Spencer Ferguson, founder, Wasatch I.T., which provides technical support for small and medium-sized businesses, explored the strategies hackers use to gain access to businesses; simple ways to protect your company in an increasingly digital landscape; and the cybersecurity tools needed to keep your systems running safely.

Here are the key tips and takeaways from their conversation with CO—‘s content director, Jeanette Mulvey.

A cupcake phishing scam

A few years ago, Brace’s cupcake shop received an emailed renewal notice from its website-hosting service, Squarespace, that raised a small red flag when the renewal came due a month too early. She entered the bakery’s credit card information anyway.

“As soon as I did it, I realized it was wrong,” as it didn’t lead her to the familiar Square space site, she said.

In turn, cyber hackers ended up stealing $8,000 from Amy’s Cupcake Shoppe, both from its online and store systems. Brace immediately called her bank, which put a hold on the business’s bank account. The shop managed to skirt further financial damage, preventing the cybercriminals from taking out a $19,000 loan in the shop’s name.

Educate your team on the cyberattack playbook

Brace did many of the right things, said Wasatch I.T.’s Ferguson. But there’s even more businesses can do to protect themselves from common cyberattacks. It might sound simple, but first up is knowing what those attacks precisely are: Phishing scams, which are typically unsolicited emails that appear legitimate at first glance; and ransomware, a form of malware designed to hold businesses’ systems and their data hostage until a ransom of money is received, are two common types of cyberattacks.

Then, establish a cyber breach prevention strategy with your IT team. Develop a policy-and-procedure checklist to assess your cybersecurity needs, like data protection, and identify the tools necessary to ensure safety, from cyber insurance to password management software, Ferguson said.

You don’t know what you don’t know if you’re not a security expert. It’s about educating yourself.

Amy Brace, owner, Amy's Cupcake Shoppe

Watch Now: CO— Blueprint, 12/3

Check out the video from our CO— Blueprint event that took place Thursday, December 3, 2020, where the panel discussed everything you need to know about navigating cybersecurity in this new, remote environment.



Turn on multi-factor authentication to secure your online accounts

Multi-factor authentication, or MFA, is crucial to securing your online accounts, Ferguson and Brace said. The process gives web services, like your bank, secondary access to the account owner in order to verify via a login attempt that it is indeed the account owner that is logging in. Typically, this involves verifying the account owner is legitimate via email, text or phone.

“Now I get a code sent to my cell phone every time someone tries to log in [to the system],” Brace said. “And thankfully, we haven’t had a problem since.”

The big benefit of multi-factor authentication, Ferguson said, is that, “Even if hackers get your user name and password, they won’t be able to get into your account because they won’t be able to get that code that is sent to your phone or email.”

Invest in cyber insurance to protect against ransomware

Wasatch I.T. has seen small businesses lose thousands of dollars from ransomware attacks, a loss compounded by forced shutdowns and legal fees. Investing in cyber insurance is a cost-effective way to mitigate the hit, Ferguson said.

Businesses would be wise to enlist the help of a third-party cyber security auditor, who are often linked to accounting firms and are an affordable solution, he said.

Use password management software

Sign up for password management software, which generates and stores different passwords for each of your online accounts. “Keeper, LastPass and Dashlane are three good ones” that offer free platform options for businesses, Ferguson said.

Devise a cybersecurity-safe work-from-home setup

With more employees than ever working from home amid both the coronavirus and changing workplace culture, cyber security is increasingly a home-office issue, too. But there are no-fuss best practices to thwart breaches, Ferguson said. He provided the following tips:

  • Use company-owned and approved computers exclusively.
  • Only install company approved software.
  • Make sure your network-sharing functions are turned off so that others in your household can’t tap into your network.
  • Use approved anti-virus software on both PCs and Mac computers.
  • Use a VPN, which is a secure tunnel from one network to another.

Brace’s cyber breach story had a happy ending: Amy’s Cupcake Shoppe got back the $8,000 stolen by the hackers. Her advice for other small business owners? “You don’t know what you don’t know if you’re not a security expert,” she said. “It’s about educating yourself.”

For more resources from the U.S. Chamber of Commerce:

CO— aims to bring you inspiration from leading respected experts. However, before making any business decision, you should consult a professional who can advise you based on your individual situation.

Follow us on Instagram for more expert tips & business owners stories.

Published April 29, 2020