Soft serve, hard lessons: Card fraud victim Future Swirl backs Cyber Wardens training kit

First and foremost, Maddalena Easterbrook makes ice cream. Oat milk soft-serve, to be precise.

The Canberra entrepreneur is behind Future Swirl, which is expanding from successful pop-ups and festival stalls to take-home tubs.

But the young founder is also a two-time victim of bank card fraud.

Business bank cards linked to Future Swirl were twice skimmed by scammers, costing Easterbrook thousands of dollars.

Separately, a relative’s business was forced to close in the fallout of a successful email hack.

The incidents gave Easterbrook an unfortunate experience with cyber crime.

Now, she is advocating for other small businesses to take the Cyber Wardens training program to learn the basics of digital resilience.

“I make oat milk ice cream, I’m not a cybersecurity expert,” Easterbrook told SmartCompany on Monday.

“Most of my time is spent in operations. So to think about cybersecurity, it really is a last priority.

“Whereas the Cyber Wardens training, I did it in 45 minutes.

“It was super quick, very simple.”

A cup of Future Swirl soft-serve. Source: Instagram/ Future Swirl

Cyber Wardens is a digital learning program designed to give SMEs the tools they need to understand, mitigate, and respond to cyber threats.

Backed by $23.4 million in federal government funding, the Cyber Warden program intends to reach 50,000 people over the next three years.

The Future Swirl founder is among them after run-ins with scammers alerted her to the real threats faced by small businesses.

Easterbrook says she fell victim to a BIN scam, in which fraudsters take the first six numbers on a bank card, randomly fill in the remaining numbers, and process payments once they luck upon a successful match.

“In the end, cumulatively, it was thousands of dollars” taken from business cards, she said.

“And my understanding is that it was a lucky combination of numbers that they happened to try, and it worked, just happened to match my account.”

She took steps to avoid the same happening again, including creating a new business bank account without ties to a card number.

Unfortunately, scammers victimised Future Swirl a second time.

Easterbrook says the bank “still isn’t really sure how it happened”, with the experience leaving her “shocked”.

“It’s really kind of random, but you do have to be very diligent with cyber,” she said.

“And that made me think about other areas of the business where I need to mitigate risk.”

Separately, a relative’s business “completely collapsed” after a scammer was able to infiltrate their email system, pose as the business, and reach out to clients — a situation that caused irreparable reputational and financial damage.

Those experiences, and a desire to learn more about digital safeguards, led her to the Cyber Wardens program.

She said knowledge gained from the program may not have prevented the first BIN attack, which she says was largely down to bad luck.

However, “the program actually brought to my attention the risks that the staff could experience as well, and how that might impact my business,” she said.

“It really shows the importance of having an all-hands-on-deck approach to cybersecurity.”

Easterbrook said she will ask staff and business partners to participate in the Cyber Wardens scheme, which addresses email phishing, invoice scams, and the importance of password management.

“They put it in layman’s terms, but still in a way that tells the story of how significant it is to think about cybersecurity,” she said.

Research released by the Cyber Wardens team on Monday suggests small businesses may be well aware of cyber risks, but aren’t taking the right steps to combat them.

The Cyber Wardens training program — delivered by small business representatives COSBOA, Commonwealth Bank, Telstra, and 89 Degrees East — can be accessed for free online.

As for Future Swirl: with the training completed, Easterbrook is focused on her goal of delivering oat milk soft-serve tubs to independent grocers by the end of next month.