Events & Awards

Live from Conclave: Understanding Cybersecurity Risks

Events & AwardsApr 25, 2018

Live from Conclave: Understanding Cybersecurity Risks

Do your employees understand when an email should raise alarm bells? And are you patching your software when prompted?

Nashville, Tenn.—The hacks that make headlines are the ones that involve big companies and thousands, if not millions or billions, of files of customer data—Equifax, Yahoo and, most recently, Saks Fifth Avenue and Lord & Taylor. 

But that doesn’t mean a small business, like a family-owned jewelry store, can’t be hacked. 

“Every organization is a target,” Mary Myers, an information security analyst with Jewelers Mutual Insurance Group, said. “There are just different rationales for why.” 

Myers presented a breakout session Monday morning at Conclave outlining the cybersecurity risks businesses face and detailing what jewelers should do if they are hacked.

She started with social engineering and phishing. 

Social engineering is the act of manipulating employees into doing something they otherwise would not do. Phishing is social engineering via email and can involve attachments, directing the recipient to fake websites, or fake emails.

Myers said phishing emails are often unexpected and written in a way that makes them seem urgent (your immediate reply is requested, etc.).

While they can contain misspellings and grammatical errors, she noted that hackers are getting smarter and cleaning up their emails so there are fewer of these. Phishing messages also can come from email addresses that are nearly identical to (or exactly the same as, which is called spoofing) those of people with whom the business owner and/or employees communicate regularly. 

The emails try to bait the the receiver into replying and engaging in a conversation, opening an attachment or clicking a link for the purposes of installing malware on the business’ computer systems.

The malware widely in use by hackers right now is called ransomware, Myers said. Hackers lock victims’ computers with encryption and demand they pay a ransom, via Bitcoin, to get their data back. 

Her initial recommendation is, of course, not to click on links or open the attachments in emails that seem suspicious. Delete the email, call the sender and ask if they sent that specific email with an attachment or consult IT support.

But that doesn’t always happen.

When a business owner or employee falls for a phish, Myers said options are somewhat limited. 

She said what business owners should not do is pay, as there is no guarantee they will get their data back. 
They should stop their system backup, wipe infected systems and devices, and restore using what was backed up before the malware was installed. (Systems need to be backed up regularly. Myers recommends having a set, repeating cycle; for example, it backs up every day at midnight.)

Jewelers also face cybersecurity risks from both employees and vendors/contractors who could accidentally load a virus onto a system by clicking a phishing link or visiting a disreputable site, or who could violate a business intentionally, by purposely loading or sending a virus or sharing sensitive customer information. Myers said business owners need to provide guidance to employees, vendors and contractors and to clearly define: what does acceptable internet use at the company look like?

While not heavily attended, the Conclave session did generate multiple questions from attendees.

One jeweler asked if should she turn off her servers at night to help protect against attacks. You can, Myers answered, but it won’t necessarily prevent anything, as some of this software is malware designed to enter the system and lie dormant until it can be activated.

Another asked if paid-for anti-virus software is better than free. Myers said anything that will help a business quarantine and clean up a virus is “great.” What will work best a particular business really depends on its size, needs and risk factors.

Myers wrapped up with a list of a half-dozen additional tips for increasing cybersecurity.
1. Keep an inventory of key systems and applications.

2. Keep an inventory of risks and threats, and use multiple layers of security.

3. Keep systems and devices patched.

All software has “gaps” that make it vulnerable to hackers, Myers said. “Patches” are released regularly by software companies and are intended to seal those gaps. Microsoft releases patches for its software on a monthly basis, but probably the most well-known example of a patch are the “updates” Apple regularly sends for iPhones and iPads.
 
“If you don’t close it,” Myers said of the gap, “you’re exposed. Patching is super, super critical.”

4. Back up systems and, Myers added, test the back-up.

Having a virus-infected system is going to create an “emotionally charged” situation. She said business owners don’t want that to be the first time they’ve ever walked through the process of employing their back-up.

5. Establish separation in key systems.

Business owners who host their own websites should separate it internally and not have it on the same server as the rest of their data. They also need to rotate job duties. They can’t “give the keys to the kingdom” to one person; hackers would have to have access to several people if there's separation.

Also, when someone leaves the company, take away their access to the company’s systems.

6. Train employees on cyber risks at least annually, if not quarterly.

In response to one jeweler’s question, Myers said business owners can require employees who connect personal devices to the store’s Wi-Fi to update those devices when prompted. She recommended writing it into the store’s policy.

The JSA also recently released a list of cybersecurity recommends, which was included in National Jeweler’s article about Saks getting hacked.

Michelle Graffis the editor-in-chief at National Jeweler, directing the publication’s coverage both online and in print.

The Latest

AuctionsMar 21, 2023
Marlene Dietrich’s Van Cleef & Arpels Bracelet Going Up for Auction

Expected to earn up to $4.5 million, the “Jarretière” bracelet is the star of Christie’s “The Magnificent Jewels of Anne Eisenhower” sale.

ColumnistsMar 21, 2023
Squirrel Spotting: Customer Retention Mindset—The New CRM

With jewelry sales coming down from their pandemic highs, retailers need to do all they can to retain existing customers, Peter Smith says.

IndependentsMar 21, 2023
Borsheims Executive Jennifer Johnson Retires

Johnson joined the retailer in 1987, establishing its first human resources department.

Brought to you by
Full Disclosure at Your Fingertips

Distinguishing natural diamonds from laboratory-grown stones – now more available than ever – has been difficult for jewelers. Until now.

Recorded WebinarsMar 20, 2023
Watch: Lab Grown Diamonds: What's Now? What's New? What's Next?

Supplier Spotlight Presented by IGI

Weekly QuizMar 17, 2023
This Week’s Quiz
Test your jewelry news knowledge with this short test.
Take the Quiz
CrimeMar 20, 2023
Jewelry Crime Reached Record Level in 2022, JSA Says

At JSA’s annual luncheon, President John J. Kennedy said the organization recorded more than 2,000 cases last year.

CollectionsMar 20, 2023
A New Book on Chanel Is a High Jewelry Lover’s Dream

It highlights Gabrielle “Coco” Chanel’s lasting influence on modern design.

Brought to you by
Bringing Over 130 Years of Diamond Expertise to Modern Grading

De Beers Institute of Diamonds provides the very best in diamond verification, education and diamond services.

Recorded WebinarsMar 17, 2023
Watch: Lessons From Gems

Jewelers of America’s Amanda Gizzi explores the qualities and accomplishments that make this year’s Gem Award nominees shine.

Events & AwardsMar 17, 2023
JCK Industry Fund Announces Grant Recipients

Here’s what the nine chosen organizations plan to do with the funds.

TrendsMar 17, 2023
Piece of the Week: Anita Ko’s Award-Ready Earrings

The designer is nominated for a Gem Award for Jewelry Design.

FinancialsMar 16, 2023
Winter Weather, Declining Engagements Weigh on Signet’s Results

The jewelry giant’s full-year sales were essentially flat, brought down by fourth-quarter declines.

FinancialsMar 16, 2023
Brilliant Earth Took a Record Number of Orders in 2022

In its recent results, the company highlighted non-bridal jewelry sales and said its “inventory-light” showroom model may change.

Events & AwardsMar 16, 2023
Amanda’s Style File: Sparkling Gems

See 15 fabulous pieces from the 2023 Gem Award for Jewelry Design nominees: Anita Ko, Kirsty Stone, and Ron Anderson and David Rees.

WatchesMar 16, 2023
Citizen’s New Eco-Drive Watches Run for a Full Year

The new Cal. E365 movement doubles the running time of the current Eco-Drive models.

SourcingMar 15, 2023
Amid Uncertainties, India’s Diamond Industry Continues to Adjust

The mood among diamantaires is fairly optimistic despite the challenges brought about by sanctions and a cloudy economic outlook.

Lab-GrownMar 15, 2023
India’s Lab-Grown Diamond Industry Is Growing Up

The mood is bullish as more companies get into the business despite the dramatic drop in lab-grown diamond prices.

SourcingMar 15, 2023
Q&A: GJEPC Chairman Vipul Shah

Shah talks with National Jeweler about diamond demand, lab-grown, and why it’s difficult to make predictions about the U.S. market.

Policies & IssuesMar 15, 2023
When Diamonds Replenish the Earth

Hari Krishna Exports and the Dholakia Foundation’s “Mission 100 Sarovar” aims to create 100 lakes to help revive an area of Gujarat.

TechnologyMar 15, 2023
Sarine’s New Website Schools Consumers on Traceability

The educational resource will highlight the positive impact diamonds can make on their journey from mine to market.

SourcingMar 15, 2023
Canada’s Ekati Diamond Mine to Get a New Owner

Australian mining company Burgundy Diamond Mines announced plans to buy the mine in a deal valued at $136 million.

AuctionsMar 15, 2023
Antique Rings Discovered by Retirees Perform Well at Auction

A 17th-century gold seal ring and an 18th-century memento mori ring met or exceeded estimates at a recent Noonans auction.

Events & AwardsMar 15, 2023
JSA Announces Award Recipients

They will be recognized at the organization’s annual luncheon this weekend in New York City.

ColumnistsMar 14, 2023
On Data: How Did Independent Jewelers Do in January and February?

Sherry Smith breaks down the results so far this year, including which categories are the sales standouts and which are struggling.

MajorsMar 14, 2023
Dutch Historian Discovers Medieval Jewels

The 1,000-year-old find is now on display in the Dutch National Museum of Antiquities.

Events & AwardsMar 14, 2023
GemGenève Is Gearing Up for Its Biggest Show Yet

More than 200 exhibitors are scheduled for the May 11-14 event.

SourcingMar 14, 2023
Bonas Group’s Jimmy Gove Joins Opsydia

Gove, who has more than a decade of experience in the diamond industry, is Opsydia’s new sales and marketing director.

×

This site uses cookies to give you the best online experience. By continuing to use & browse this site, we assume you agree to our Privacy Policy