TrendsFeb 04, 2026
Amanda’s Style File: February Birthstone BlissAmethyst, the birthstone for February, is a gemstone to watch this year with its rich purple hue and affordable price point.
Events & AwardsApr 25, 2018
Live from Conclave: Understanding Cybersecurity Risks
Do your employees understand when an email should raise alarm bells? And are you patching your software when prompted?
Nashville, Tenn.—The hacks that make headlines are the ones that involve big companies and thousands, if not millions or billions, of files of customer data—Equifax, Yahoo and, most recently, Saks Fifth Avenue and Lord & Taylor.
But that doesn’t mean a small business, like a family-owned jewelry store, can’t be hacked.
“Every organization is a target,” Mary Myers, an information security analyst with Jewelers Mutual Insurance Group, said. “There are just different rationales for why.”
Myers presented a breakout session Monday morning at Conclave outlining the cybersecurity risks businesses face and detailing what jewelers should do if they are hacked.
She started with social engineering and phishing.
Social engineering is the act of manipulating employees into doing something they otherwise would not do. Phishing is social engineering via email and can involve attachments, directing the recipient to fake websites, or fake emails.
Myers said phishing emails are often unexpected and written in a way that makes them seem urgent (your immediate reply is requested, etc.).
While they can contain misspellings and grammatical errors, she noted that hackers are getting smarter and cleaning up their emails so there are fewer of these. Phishing messages also can come from email addresses that are nearly identical to (or exactly the same as, which is called spoofing) those of people with whom the business owner and/or employees communicate regularly.
The emails try to bait the the receiver into replying and engaging in a conversation, opening an attachment or clicking a link for the purposes of installing malware on the business’ computer systems.
The malware widely in use by hackers right now is called ransomware, Myers said. Hackers lock victims’ computers with encryption and demand they pay a ransom, via Bitcoin, to get their data back.
But that doesn’t mean a small business, like a family-owned jewelry store, can’t be hacked.
“Every organization is a target,” Mary Myers, an information security analyst with Jewelers Mutual Insurance Group, said. “There are just different rationales for why.”
Myers presented a breakout session Monday morning at Conclave outlining the cybersecurity risks businesses face and detailing what jewelers should do if they are hacked.
She started with social engineering and phishing.
Social engineering is the act of manipulating employees into doing something they otherwise would not do. Phishing is social engineering via email and can involve attachments, directing the recipient to fake websites, or fake emails.
Myers said phishing emails are often unexpected and written in a way that makes them seem urgent (your immediate reply is requested, etc.).
While they can contain misspellings and grammatical errors, she noted that hackers are getting smarter and cleaning up their emails so there are fewer of these. Phishing messages also can come from email addresses that are nearly identical to (or exactly the same as, which is called spoofing) those of people with whom the business owner and/or employees communicate regularly.
The emails try to bait the the receiver into replying and engaging in a conversation, opening an attachment or clicking a link for the purposes of installing malware on the business’ computer systems.
The malware widely in use by hackers right now is called ransomware, Myers said. Hackers lock victims’ computers with encryption and demand they pay a ransom, via Bitcoin, to get their data back.
Her initial recommendation is, of course, not to click on links or open the attachments in emails that seem suspicious. Delete the email, call the sender and ask if they sent that specific email with an attachment or consult IT support.
But that doesn’t always happen.
When a business owner or employee falls for a phish, Myers said options are somewhat limited.
She said what business owners should not do is pay, as there is no guarantee they will get their data back.
They should stop their system backup, wipe infected systems and devices, and restore using what was backed up before the malware was installed. (Systems need to be backed up regularly. Myers recommends having a set, repeating cycle; for example, it backs up every day at midnight.)
Jewelers also face cybersecurity risks from both employees and vendors/contractors who could accidentally load a virus onto a system by clicking a phishing link or visiting a disreputable site, or who could violate a business intentionally, by purposely loading or sending a virus or sharing sensitive customer information. Myers said business owners need to provide guidance to employees, vendors and contractors and to clearly define: what does acceptable internet use at the company look like?
While not heavily attended, the Conclave session did generate multiple questions from attendees.
One jeweler asked if should she turn off her servers at night to help protect against attacks. You can, Myers answered, but it won’t necessarily prevent anything, as some of this software is malware designed to enter the system and lie dormant until it can be activated.
Another asked if paid-for anti-virus software is better than free. Myers said anything that will help a business quarantine and clean up a virus is “great.” What will work best a particular business really depends on its size, needs and risk factors.
Myers wrapped up with a list of a half-dozen additional tips for increasing cybersecurity.
1. Keep an inventory of key systems and applications.
2. Keep an inventory of risks and threats, and use multiple layers of security.
3. Keep systems and devices patched.
All software has “gaps” that make it vulnerable to hackers, Myers said. “Patches” are released regularly by software companies and are intended to seal those gaps. Microsoft releases patches for its software on a monthly basis, but probably the most well-known example of a patch are the “updates” Apple regularly sends for iPhones and iPads.
“If you don’t close it,” Myers said of the gap, “you’re exposed. Patching is super, super critical.”
4. Back up systems and, Myers added, test the back-up.
Having a virus-infected system is going to create an “emotionally charged” situation. She said business owners don’t want that to be the first time they’ve ever walked through the process of employing their back-up.
5. Establish separation in key systems.
Business owners who host their own websites should separate it internally and not have it on the same server as the rest of their data. They also need to rotate job duties. They can’t “give the keys to the kingdom” to one person; hackers would have to have access to several people if there's separation.
Also, when someone leaves the company, take away their access to the company’s systems.
6. Train employees on cyber risks at least annually, if not quarterly.
In response to one jeweler’s question, Myers said business owners can require employees who connect personal devices to the store’s Wi-Fi to update those devices when prompted. She recommended writing it into the store’s policy.
The JSA also recently released a list of cybersecurity recommends, which was included in National Jeweler’s article about Saks getting hacked.
Jewelers also face cybersecurity risks from both employees and vendors/contractors who could accidentally load a virus onto a system by clicking a phishing link or visiting a disreputable site, or who could violate a business intentionally, by purposely loading or sending a virus or sharing sensitive customer information. Myers said business owners need to provide guidance to employees, vendors and contractors and to clearly define: what does acceptable internet use at the company look like?
While not heavily attended, the Conclave session did generate multiple questions from attendees.
One jeweler asked if should she turn off her servers at night to help protect against attacks. You can, Myers answered, but it won’t necessarily prevent anything, as some of this software is malware designed to enter the system and lie dormant until it can be activated.
Another asked if paid-for anti-virus software is better than free. Myers said anything that will help a business quarantine and clean up a virus is “great.” What will work best a particular business really depends on its size, needs and risk factors.
Myers wrapped up with a list of a half-dozen additional tips for increasing cybersecurity.
1. Keep an inventory of key systems and applications.
2. Keep an inventory of risks and threats, and use multiple layers of security.
3. Keep systems and devices patched.
All software has “gaps” that make it vulnerable to hackers, Myers said. “Patches” are released regularly by software companies and are intended to seal those gaps. Microsoft releases patches for its software on a monthly basis, but probably the most well-known example of a patch are the “updates” Apple regularly sends for iPhones and iPads.
“If you don’t close it,” Myers said of the gap, “you’re exposed. Patching is super, super critical.”
4. Back up systems and, Myers added, test the back-up.
Having a virus-infected system is going to create an “emotionally charged” situation. She said business owners don’t want that to be the first time they’ve ever walked through the process of employing their back-up.
5. Establish separation in key systems.
Business owners who host their own websites should separate it internally and not have it on the same server as the rest of their data. They also need to rotate job duties. They can’t “give the keys to the kingdom” to one person; hackers would have to have access to several people if there's separation.
Also, when someone leaves the company, take away their access to the company’s systems.
6. Train employees on cyber risks at least annually, if not quarterly.
In response to one jeweler’s question, Myers said business owners can require employees who connect personal devices to the store’s Wi-Fi to update those devices when prompted. She recommended writing it into the store’s policy.
The JSA also recently released a list of cybersecurity recommends, which was included in National Jeweler’s article about Saks getting hacked.
More on Events & Awards
The Latest
ColumnistsFeb 04, 2026
January Jewelry Sales: More Dollars Spent, Fewer Units Sold Sherry Smith unpacks independent retailers’ January performance and gives tips for navigating the slow-growth year ahead.
MajorsFeb 04, 2026
Frederick Goldman Updates Leadership TeamThe manufacturer said the changes are designed to improve speed, reliability, innovation, and service.
Brought to you by
The MJSA Mentor & Apprenticeship Program: Attracting & Training the Next Generation of Bench JewelersLaunched in 2023, the program will help the passing of knowledge between generations and alleviate the shortage of bench jewelers.
Policies & IssuesFeb 03, 2026
Tariff Relief on Horizon for India as Trump, Modi Make DealPresident Trump said he has reached a trade deal with India, which, when made official, will bring relief to the country’s diamond industry.
Weekly QuizJan 29, 2026
This Week’s QuizTest your jewelry news knowledge by answering these questions.
CollectionsFeb 03, 2026
Jade Trau Releases New Charms, Introduces RondellesThe designer’s latest collection takes inspiration from her classic designs, reimagining the motifs in new forms.
WatchesFeb 03, 2026
Casio America Calls Jersey City HomeThe watchmaker moved its U.S. headquarters to a space it said fosters creativity and forward-thinking solutions in Jersey City, New Jersey.
Brought to you by
How Jewelers Can Fight Back Against Cell JammersCriminals are using cell jammers to disable alarms, but new technology like JamAlert™ can stop them.
SourcingFeb 03, 2026
Nivoda Reveals Upgraded Gemstone MarketplaceThe company also announced a new partnership with GemGuide and the pending launch of an education-focused membership program.
GradingFeb 02, 2026
IGI to Acquire American Gemological Laboratories IGI is buying the colored gemstone grading laboratory through IGI USA, and AGL will continue to operate as its own brand.
CrimeFeb 02, 2026
Ylang 23’s Dallas Store BurglarizedThe Texas jeweler said its team is “incredibly resilient” and thanked its community for showing support.
EditorsFeb 02, 2026
Stars Choose Chokers, Elongated Earrings at 2026 GrammysFrom cool-toned metal to ring stacks, Associate Editor Natalie Francisco highlights the jewelry trends she spotted at the Grammy Awards.
CollectionsFeb 02, 2026
2026 Winter Olympic Medal Design Symbolizes UnityThe medals feature a split-texture design highlighting the fact that the 2026 Olympics are taking place in two different cities.
SurveysJan 30, 2026
These Are the Top Brands of 2026, Says YouGovFrom tech platforms to candy companies, here’s how some of the highest-ranking brands earned their spot on the list.
CollectionsJan 30, 2026
Follow the Beat With Etiq’s ‘Khol’ RingThe “Khol” ring, our Piece of the Week, transforms the traditional Indian Khol drum into playful jewelry through hand-carved lapis.
MajorsJan 30, 2026
Arch Crown’s 2026 ‘Tag & Label’ Catalog Is HereThe catalog includes more than 100 styles of stock, pre-printed, and custom tags and labels, as well as bar code technology products.
CollectionsJan 29, 2026
Ghirardelli’s ‘Chocolocket’ Returns for Valentine’s DayThe chocolatier is bringing back its chocolate-inspired locket, offering sets of two to celebrate “perfect pairs.”
AuctionsJan 29, 2026
These Were Bonhams’ Top 10 Jewelry Lots in 2025The top lot of the year was a 1930s Cartier tiara owned by Nancy, Viscountess Astor, which sold for $1.2 million in London last summer.
SourcingJan 29, 2026
Stuller Website to Mark AGTA-Sourced GemstonesAny gemstones on Stuller.com that were sourced by an AGTA vendor member will now bear the association’s logo.
WatchesJan 29, 2026
Audemars Piguet Opens AP House in AtlantaThe Swiss watchmaker has brought its latest immersive boutique to Atlanta, a city it described as “an epicenter of music and storytelling.”
SourcingJan 28, 2026
Ethical Gem Fair to Debut Designer Showcase in TucsonThe new addition will feature finished jewelry created using “consciously sourced” gemstones.
ColumnistsJan 28, 2026
Peter Smith: Setting the Next Generation Up for SuccessIn his new column, Smith advises playing to your successor's strengths and resisting the urge to become a backseat driver.
SurveysJan 28, 2026
Consumer Confidence Falls Below Pandemic Lows in JanuaryThe index fell to its lowest level since May 2014 amid concerns about the present and the future.
IndependentsJan 28, 2026
Foundrae Heads to Aspen for Latest Store OpeningThe new store in Aspen, Colorado, takes inspiration from a stately library for its intimate yet elevated interior design.
FinancialsJan 28, 2026
Tiffany & Co., Bulgari Sales Resilient as LVMH’s 2025 Sales SlipThe brands’ high jewelry collections performed especially well last year despite a challenging environment.
CollectionsJan 27, 2026
De Beers London, GemFair Debut New Collection Highlighting Artisanal DiamondsThe collection marks the first time GemFair’s artisanal diamonds will be brought directly to consumers.
SourcingJan 27, 2026
GemGuide Launches Pricing for Montana SapphiresThe initial charts are for blue, teal, and green material, each grouped into three charts categorized as good, fine, and extra fine.
