Events & Awards

Live from Conclave: Understanding Cybersecurity Risks

Events & AwardsApr 25, 2018

Live from Conclave: Understanding Cybersecurity Risks

Do your employees understand when an email should raise alarm bells? And are you patching your software when prompted?

Nashville, Tenn.—The hacks that make headlines are the ones that involve big companies and thousands, if not millions or billions, of files of customer data—Equifax, Yahoo and, most recently, Saks Fifth Avenue and Lord & Taylor. 

But that doesn’t mean a small business, like a family-owned jewelry store, can’t be hacked. 

“Every organization is a target,” Mary Myers, an information security analyst with Jewelers Mutual Insurance Group, said. “There are just different rationales for why.” 

Myers presented a breakout session Monday morning at Conclave outlining the cybersecurity risks businesses face and detailing what jewelers should do if they are hacked.

She started with social engineering and phishing. 

Social engineering is the act of manipulating employees into doing something they otherwise would not do. Phishing is social engineering via email and can involve attachments, directing the recipient to fake websites, or fake emails.

Myers said phishing emails are often unexpected and written in a way that makes them seem urgent (your immediate reply is requested, etc.).

While they can contain misspellings and grammatical errors, she noted that hackers are getting smarter and cleaning up their emails so there are fewer of these. Phishing messages also can come from email addresses that are nearly identical to (or exactly the same as, which is called spoofing) those of people with whom the business owner and/or employees communicate regularly. 

The emails try to bait the the receiver into replying and engaging in a conversation, opening an attachment or clicking a link for the purposes of installing malware on the business’ computer systems.

The malware widely in use by hackers right now is called ransomware, Myers said. Hackers lock victims’ computers with encryption and demand they pay a ransom, via Bitcoin, to get their data back. 

Her initial recommendation is, of course, not to click on links or open the attachments in emails that seem suspicious. Delete the email, call the sender and ask if they sent that specific email with an attachment or consult IT support.

But that doesn’t always happen.

When a business owner or employee falls for a phish, Myers said options are somewhat limited. 

She said what business owners should not do is pay, as there is no guarantee they will get their data back. 
They should stop their system backup, wipe infected systems and devices, and restore using what was backed up before the malware was installed. (Systems need to be backed up regularly. Myers recommends having a set, repeating cycle; for example, it backs up every day at midnight.)

Jewelers also face cybersecurity risks from both employees and vendors/contractors who could accidentally load a virus onto a system by clicking a phishing link or visiting a disreputable site, or who could violate a business intentionally, by purposely loading or sending a virus or sharing sensitive customer information. Myers said business owners need to provide guidance to employees, vendors and contractors and to clearly define: what does acceptable internet use at the company look like?

While not heavily attended, the Conclave session did generate multiple questions from attendees.

One jeweler asked if should she turn off her servers at night to help protect against attacks. You can, Myers answered, but it won’t necessarily prevent anything, as some of this software is malware designed to enter the system and lie dormant until it can be activated.

Another asked if paid-for anti-virus software is better than free. Myers said anything that will help a business quarantine and clean up a virus is “great.” What will work best a particular business really depends on its size, needs and risk factors.

Myers wrapped up with a list of a half-dozen additional tips for increasing cybersecurity.
1. Keep an inventory of key systems and applications.

2. Keep an inventory of risks and threats, and use multiple layers of security.

3. Keep systems and devices patched.

All software has “gaps” that make it vulnerable to hackers, Myers said. “Patches” are released regularly by software companies and are intended to seal those gaps. Microsoft releases patches for its software on a monthly basis, but probably the most well-known example of a patch are the “updates” Apple regularly sends for iPhones and iPads.
 
“If you don’t close it,” Myers said of the gap, “you’re exposed. Patching is super, super critical.”

4. Back up systems and, Myers added, test the back-up.

Having a virus-infected system is going to create an “emotionally charged” situation. She said business owners don’t want that to be the first time they’ve ever walked through the process of employing their back-up.

5. Establish separation in key systems.

Business owners who host their own websites should separate it internally and not have it on the same server as the rest of their data. They also need to rotate job duties. They can’t “give the keys to the kingdom” to one person; hackers would have to have access to several people if there's separation.

Also, when someone leaves the company, take away their access to the company’s systems.

6. Train employees on cyber risks at least annually, if not quarterly.

In response to one jeweler’s question, Myers said business owners can require employees who connect personal devices to the store’s Wi-Fi to update those devices when prompted. She recommended writing it into the store’s policy.

The JSA also recently released a list of cybersecurity recommends, which was included in National Jeweler’s article about Saks getting hacked.

Michelle Graffis the editor-in-chief at National Jeweler, directing the publication’s coverage both online and in print.

The Latest

Policies & IssuesJul 01, 2022
U.S. Expands Sanctions to Russian Gold

The U.K, Canada, and Japan have also banned the import of gold originating from Russia.

Recorded WebinarsJul 01, 2022
Watch: What to Know About Livestream Shopping

Jewelry marketing expert Laryssa Wirstiuk shares her tips and tricks for hosting a livestream shopping session.

SourcingJul 01, 2022
De Beers, Botswana Extend Sales Agreement for Third Time

The current agreement, originally set to expire in 2020, will now go through June 2023.

Brought to you by
Preparing for Proposal Season with High-Quality, A.I.-Graded Natural Diamonds

Rare & Forever is helping to create an enjoyable diamond buying experience for the millions of newly-engaged couples.

CollectionsJul 01, 2022
Piece of the Week: Brent Neale x Edie Parker Pendant

The brands have collaborated on a fine jewelry ode to cannabis.

Weekly QuizJun 30, 2022
This Week’s Quiz
Test your knowledge of the latest jewelry news with this quick test.
Take the Quiz
Supplier BulletinJun 30, 2022
Here’s Where You’ll Find The Best Online Jewelry Auctions

Sponsored by HiBid

CrimeJun 30, 2022
What JSA’s Annual Report Tells Us About Jewelry Crime in 2021

Plus, JSA President John Kennedy talks about the trajectory of industry crime over the last 20 years.

Brought to you by
Discover The Extraordinary Italian Jewelry In Las Vegas!

Experience all the Italian Jewelry market has to offer in Las Vegas.

CrimeJun 30, 2022
Smash-and-Grab Robbers Hit Booth at TEFAF: Watch the Video

The fair was evacuated temporarily Tuesday after four suspects smashed a showcase and stole jewelry from British jeweler Symbolic & Chase.

AuctionsJun 29, 2022
Bonhams Expands Again with Purchase of Paris Auction House

It is the fifth acquisition under the ownership of private equity firm Epiris, which bought Bonhams in 2018.

MajorsJun 29, 2022
Zales Has a New Diamond Cut

The “Celebration Infinite” diamond has more than three times the number of facets in a traditional brilliant-cut diamond, the retailer said.

WatchesJun 29, 2022
Bulova Introduces New Frank Sinatra Watches

The brand again partnered with the Frank Sinatra School of the Arts High School to celebrate the launch of the “Summer Wind” watches.

SurveysJun 29, 2022
U.S. Platinum Jewelry Demand Starts 2022 on a Strong Note

Retail ounce sales were up 23 percent year-over-year in Q1, according to the recent Platinum Jewellery Business Review.

Events & AwardsJun 29, 2022
Registration Is Now Open for the HardRock Summit 2022

Scheduled for Sept. 8-11, the event will comprise more than 310,000 square feet of show floor, exhibits, and education space.

ColumnistsJun 28, 2022
The PR Adviser: Why Should Someone Buy From You?

If you’re having trouble answering this question, columnist Lilian Raji can help you get a started with a few fill-in-the-blank statements.

IndependentsJun 28, 2022
This Jeweler Is Celebrating 40 Years With 40 Days of Giveaways

Continental Diamond in Minneapolis is awarding a total of $25,000 in prizes via daily sweepstakes.

CollectionsJun 28, 2022
Melissa Kaye’s New Collection Doubles the Color

“Lenox” marks the designer’s foray into bespoke jewels and large colored gemstones.

Events & AwardsJun 28, 2022
Second AGS Virtual Education Conference Is All About Negotiation Skills

“Confluence” is happening in August.

MajorsJun 27, 2022
George Holmes, Longtime Head Editor of JCK Magazine, Dies at 93

He first took a job at then Philadelphia-based Jewelers’ Circular-Keystone in 1963 and retired in 1996.

MajorsJun 27, 2022
Mayors, Analog:Shift Team Up With Goop

The lifestyle platform will stock fine jewelry and watches from the retailers on its website and in store.

CrimeJun 27, 2022
JSA Warns of ‘Pandemic’ of Distraction Thefts Nationwide

It cited two recent cases in California, plus incidents in Florida, Kansas, and Illinois.

IndependentsJun 27, 2022
Lewis Jewelers Set to Open New Ann Arbor Store This Summer

The 10,000-square-foot location allows for expanded collections from design partners while continuing custom design and other services.

CollectionsJun 27, 2022
This Designer Has Found a New Way to Bring Gemstones to Life

Svetlana Lazar’s “Wishing Well” collection utilizes an innovative component to mimic the movement of water beneath them.

Supplier BulletinJun 24, 2022
AGTA GemFair™ Denver is the Place to Be in September!

Sponsored by AGTA

Recorded WebinarsJun 24, 2022
Vegas Jewelry Recap: The Editors Weigh In

Watch the webinar in which National Jeweler’s editors talk about jewelry market week trends and their predictions for the rest of 2022.

MajorsJun 24, 2022
Banter by Piercing Pagoda Celebrates Pride with ‘SayGay’ Necklace

All proceeds up to $25,000 will benefit the It Gets Better Project, a nonprofit that supports LGBTQ+ youth.

CollectionsJun 24, 2022
Piece of the Week: Marie Lichtenberg’s Hidden Message Locket

It’s a reminder that life is best lived with discretion.

×

This site uses cookies to give you the best online experience. By continuing to use & browse this site, we assume you agree to our Privacy Policy