Cyber Tales: Data is Like a BOXX of Chocolates
A small chocolate shop faces a big cyber attack—see how BOXX helped them bounce back and why cyber insurance is a must for small businesses.
You Never Know What You’re Gonna Get
Places, industries, and names have been changed to preserve client privacy.
Amanda Kelly, award-winning pastry chef and founder of boutique chocolate shop Bean-to-Bardot, didn’t expect her Monday to start with alarm bells. Several regular customers had forwarded suspicious emails claiming to be from her team—emails asking for personal info. Amanda knew immediately: something was off.
She turned to her husband and Head—and only member—of IT, Simon Kelly. Simon logged into their Microsoft 365 tenant and spotted red flags right away. A few fake email accounts mimicked real team members. Inboxes had forwarding rules quietly moving emails into hidden folders—a classic move to keep malicious activity under the radar.
Then came the gut punch: OneDrive logs showed files had been accessed and copied externally. Audit logs appeared to confirm admin credentials were used to poke through SharePoint folders and Teams chats. Whoever got in, had full control.
Simon ran a sweep of user activity and confirmed the worst: the intruders had full admin access and had embedded themselves deeply. They’d set up persistence mechanisms to stay hidden, making it hard to kick them out. If it had gone unnoticed any longer, they could’ve impersonated staff, manipulated invoices, or encrypted critical data for ransom. The threat to their reputation—and client trust—was massive. And no matter what Simon tried, he couldn’t fully shut them out.
Good Instincts = Good Coverage
Simon called BOXX. He dialed their 24-hour emergency line and reached someone on the BOXX Hackbusters incident response team They assessed the urgency and arranged a callback.
“I was in full panic mode when I called. Somehow, through all my ‘ums and oh-nos’ they didn’t just hear me—they actually listened. Reassured me they were on it. In that moment, I was beyond relieved Amanda had overruled my whole ‘we don’t need insurance’ thing. She saved us.”
Simon had argued against cyber insurance. Bean-to-Bardot was small. They had a solid setup—firewall, backups, regular updates, and MFA. Why spend extra on insurance?
Amanda saw it differently. A close friend had lost her entire business to ransomware the year before. Amanda insisted they get cyber insurance for small business. Simon relented.
That decision—made from caution, not conviction—turned out to be a lifeline.
Tempering the Breach
Within twenty minutes, Jack Brooks, head of the Hackbusters and BOXX vCISO, was on the line.
Jack quickly assembled a team. Within a few hours, they had secured the Microsoft environment and started hardening it.
“Hardening isn’t just a buzzword. It’s about eliminating the easy wins for attackers. You make the environment boring—nothing to exploit, nothing to escalate,” said Jack.
Simon admits his head wasn’t in the game. “I should’ve hardened the cloud earlier. Lesson learned the hard way. I was trying to save money by doing everything myself, but this proved I can’t keep wearing every hat. Amanda was right—we need to invest properly, and that includes bringing someone on to help manage IT.”
Luckily, the hackers hadn’t hit business-critical data. Their phishing emails failed—Amanda’s clients were sharp. Because they caught the breach early and called BOXX fast, the damage was minimal. It could have been much worse.
No one knows exactly how the attackers got in. Like most skilled criminals, they left few traces. But BOXX didn’t need a smoking gun to take action.
Kicking Ganache & Taking Names: BOXX Steps In
The Hackbusters moved fast and took a layered approach to security.
They enforced MFA across the board—removing phone and SMS as options and ensuring all users had to authenticate through a single, secure method. Jack pointed out:
“‘Enabled’ MFA means users can turn it on. ‘Enforced’ means they have to. That distinction catches a lot of businesses off guard.”
They also set up 60-day MFA reauthentication to reduce the risk of MFA stuffing attacks and introduced conditional access policies that restrict logins to the U.S.—where Bean-to-Bardot’s staff are based or most likely to be working.
Advanced Microsoft licensing gave Simon and his future IT teammate better control and visibility. BOXX also enabled advanced threat protection on email—a paid upgrade Jack insists is worth it. It blocks malicious links and attachments, the number-one way attackers get in.
Device management was added too. Now only registered devices can connect to company systems—no checking work email from borrowed laptops. Some staff grumbled, but it’s a small price to keep criminals out.
They rolled out a fully managed endpoint detection and response (EDR) solution, which catches suspicious behavior in real time and stops threats before they spread.
“We made sure everyone only had the access they needed—nothing more. Over-permissioned accounts are low-hanging fruit for attackers,” said Jack. “We also disabled legacy authentication, which is basically a back door most businesses forget they’ve left open. And finally, we set up continuous log monitoring and real-time alerts from Microsoft 365. You can’t react to what you don’t see.”
“You can’t react to what you don’t see. Monitor your M365 logs so a security analyst can spot issues before they blow up,” said Jack.
No More Soft Centers: Lessons Learned
For Amanda, the value wasn’t just in the fixes—it was in the way the information was delivered.
“What I appreciated most was how clearly Jack explained things. He didn’t just speak Simon’s language—he made sure I understood what was happening, too. That kind of education helps us lead the business with confidence.”
Simon agreed.
“It wasn’t a lesson either of us wanted, but maybe it was the one we needed.”
The attackers didn’t win. Because Amanda trusted her gut and BOXX, Bean-to-Bardot was back to making world-class chocolate in no time. In fact, the business was better than before.
Simon found a new appreciation for Amanda’s instincts—not just in pastry, but in business. And Amanda saw firsthand just how much Simon knew and how quickly he acted under pressure.
Both walked away with a deeper respect for each other’s strengths—and a much better understanding of cybersecurity.
Wondering if your environment’s really secure—or just “enabled”? BOXX can help.
Interested in more real-life cyber stories?
Sign-up for the BOXX Newsletter today.
Join over 5,000+ others that receive our newsletter updates. Filled with expert advice and product announcements to help prevent a cyber incident. Get insider access to news around BOXX innovations, cyber tips and case studies that allow you to stay up to date on all things cyber.
Related posts
Cyber Tales: The Backup Blind Spot
When cybercriminals exploited an unpatched virtual machine, Parilti Labs lost critical data and paid a steep price. Discover how BOXX helped them recover—and the costly lesson they’ll never forget.
Cyber Tales: The Fake Vendor Scam
BOXX Client Profile: Tower Tutors
Location: Calgary, Alberta
Industry: Education
Employees: 75 (including 64 tutors)
Cyber Incident: Business Email Compromise (BEC) – Fake Vendor Scam
