FinancialsAug 15, 2025
In Q2 Results, Pandora Talks Tariffs, Q4 Plans The company had a solid second quarter, with sales of non-charm jewelry outpacing sales of pieces in its core collections.
Events & AwardsApr 25, 2018
Live from Conclave: Understanding Cybersecurity Risks
Do your employees understand when an email should raise alarm bells? And are you patching your software when prompted?
Nashville, Tenn.—The hacks that make headlines are the ones that involve big companies and thousands, if not millions or billions, of files of customer data—Equifax, Yahoo and, most recently, Saks Fifth Avenue and Lord & Taylor.
But that doesn’t mean a small business, like a family-owned jewelry store, can’t be hacked.
“Every organization is a target,” Mary Myers, an information security analyst with Jewelers Mutual Insurance Group, said. “There are just different rationales for why.”
Myers presented a breakout session Monday morning at Conclave outlining the cybersecurity risks businesses face and detailing what jewelers should do if they are hacked.
She started with social engineering and phishing.
Social engineering is the act of manipulating employees into doing something they otherwise would not do. Phishing is social engineering via email and can involve attachments, directing the recipient to fake websites, or fake emails.
Myers said phishing emails are often unexpected and written in a way that makes them seem urgent (your immediate reply is requested, etc.).
While they can contain misspellings and grammatical errors, she noted that hackers are getting smarter and cleaning up their emails so there are fewer of these. Phishing messages also can come from email addresses that are nearly identical to (or exactly the same as, which is called spoofing) those of people with whom the business owner and/or employees communicate regularly.
The emails try to bait the the receiver into replying and engaging in a conversation, opening an attachment or clicking a link for the purposes of installing malware on the business’ computer systems.
The malware widely in use by hackers right now is called ransomware, Myers said. Hackers lock victims’ computers with encryption and demand they pay a ransom, via Bitcoin, to get their data back.
But that doesn’t mean a small business, like a family-owned jewelry store, can’t be hacked.
“Every organization is a target,” Mary Myers, an information security analyst with Jewelers Mutual Insurance Group, said. “There are just different rationales for why.”
Myers presented a breakout session Monday morning at Conclave outlining the cybersecurity risks businesses face and detailing what jewelers should do if they are hacked.
She started with social engineering and phishing.
Social engineering is the act of manipulating employees into doing something they otherwise would not do. Phishing is social engineering via email and can involve attachments, directing the recipient to fake websites, or fake emails.
Myers said phishing emails are often unexpected and written in a way that makes them seem urgent (your immediate reply is requested, etc.).
While they can contain misspellings and grammatical errors, she noted that hackers are getting smarter and cleaning up their emails so there are fewer of these. Phishing messages also can come from email addresses that are nearly identical to (or exactly the same as, which is called spoofing) those of people with whom the business owner and/or employees communicate regularly.
The emails try to bait the the receiver into replying and engaging in a conversation, opening an attachment or clicking a link for the purposes of installing malware on the business’ computer systems.
The malware widely in use by hackers right now is called ransomware, Myers said. Hackers lock victims’ computers with encryption and demand they pay a ransom, via Bitcoin, to get their data back.
Her initial recommendation is, of course, not to click on links or open the attachments in emails that seem suspicious. Delete the email, call the sender and ask if they sent that specific email with an attachment or consult IT support.
But that doesn’t always happen.
When a business owner or employee falls for a phish, Myers said options are somewhat limited.
She said what business owners should not do is pay, as there is no guarantee they will get their data back.
Editors' Picks
Sponsored by
They should stop their system backup, wipe infected systems and devices, and restore using what was backed up before the malware was installed. (Systems need to be backed up regularly. Myers recommends having a set, repeating cycle; for example, it backs up every day at midnight.)
Jewelers also face cybersecurity risks from both employees and vendors/contractors who could accidentally load a virus onto a system by clicking a phishing link or visiting a disreputable site, or who could violate a business intentionally, by purposely loading or sending a virus or sharing sensitive customer information. Myers said business owners need to provide guidance to employees, vendors and contractors and to clearly define: what does acceptable internet use at the company look like?
While not heavily attended, the Conclave session did generate multiple questions from attendees.
One jeweler asked if should she turn off her servers at night to help protect against attacks. You can, Myers answered, but it won’t necessarily prevent anything, as some of this software is malware designed to enter the system and lie dormant until it can be activated.
Another asked if paid-for anti-virus software is better than free. Myers said anything that will help a business quarantine and clean up a virus is “great.” What will work best a particular business really depends on its size, needs and risk factors.
Myers wrapped up with a list of a half-dozen additional tips for increasing cybersecurity.
1. Keep an inventory of key systems and applications.
2. Keep an inventory of risks and threats, and use multiple layers of security.
3. Keep systems and devices patched.
All software has “gaps” that make it vulnerable to hackers, Myers said. “Patches” are released regularly by software companies and are intended to seal those gaps. Microsoft releases patches for its software on a monthly basis, but probably the most well-known example of a patch are the “updates” Apple regularly sends for iPhones and iPads.
“If you don’t close it,” Myers said of the gap, “you’re exposed. Patching is super, super critical.”
4. Back up systems and, Myers added, test the back-up.
Having a virus-infected system is going to create an “emotionally charged” situation. She said business owners don’t want that to be the first time they’ve ever walked through the process of employing their back-up.
5. Establish separation in key systems.
Business owners who host their own websites should separate it internally and not have it on the same server as the rest of their data. They also need to rotate job duties. They can’t “give the keys to the kingdom” to one person; hackers would have to have access to several people if there's separation.
Also, when someone leaves the company, take away their access to the company’s systems.
6. Train employees on cyber risks at least annually, if not quarterly.
In response to one jeweler’s question, Myers said business owners can require employees who connect personal devices to the store’s Wi-Fi to update those devices when prompted. She recommended writing it into the store’s policy.
The JSA also recently released a list of cybersecurity recommends, which was included in National Jeweler’s article about Saks getting hacked.
Jewelers also face cybersecurity risks from both employees and vendors/contractors who could accidentally load a virus onto a system by clicking a phishing link or visiting a disreputable site, or who could violate a business intentionally, by purposely loading or sending a virus or sharing sensitive customer information. Myers said business owners need to provide guidance to employees, vendors and contractors and to clearly define: what does acceptable internet use at the company look like?
While not heavily attended, the Conclave session did generate multiple questions from attendees.
One jeweler asked if should she turn off her servers at night to help protect against attacks. You can, Myers answered, but it won’t necessarily prevent anything, as some of this software is malware designed to enter the system and lie dormant until it can be activated.
Another asked if paid-for anti-virus software is better than free. Myers said anything that will help a business quarantine and clean up a virus is “great.” What will work best a particular business really depends on its size, needs and risk factors.
Myers wrapped up with a list of a half-dozen additional tips for increasing cybersecurity.
1. Keep an inventory of key systems and applications.
2. Keep an inventory of risks and threats, and use multiple layers of security.
3. Keep systems and devices patched.
All software has “gaps” that make it vulnerable to hackers, Myers said. “Patches” are released regularly by software companies and are intended to seal those gaps. Microsoft releases patches for its software on a monthly basis, but probably the most well-known example of a patch are the “updates” Apple regularly sends for iPhones and iPads.
“If you don’t close it,” Myers said of the gap, “you’re exposed. Patching is super, super critical.”
4. Back up systems and, Myers added, test the back-up.
Having a virus-infected system is going to create an “emotionally charged” situation. She said business owners don’t want that to be the first time they’ve ever walked through the process of employing their back-up.
5. Establish separation in key systems.
Business owners who host their own websites should separate it internally and not have it on the same server as the rest of their data. They also need to rotate job duties. They can’t “give the keys to the kingdom” to one person; hackers would have to have access to several people if there's separation.
Also, when someone leaves the company, take away their access to the company’s systems.
6. Train employees on cyber risks at least annually, if not quarterly.
In response to one jeweler’s question, Myers said business owners can require employees who connect personal devices to the store’s Wi-Fi to update those devices when prompted. She recommended writing it into the store’s policy.
The JSA also recently released a list of cybersecurity recommends, which was included in National Jeweler’s article about Saks getting hacked.
More on Events & Awards
The Latest
EditorsAug 15, 2025
Piece of the Week: Etho Maria’s Showgirl-Approved Ruby Drop Earrings Taylor Swift dons the vibrant pair in new promotional imagery for her upcoming album, “The Life of a Showgirl,” set to release in October.
WatchesAug 15, 2025
Audemars Piguet Acquires Majority Stake in ManufacturerIts investment in micromechanics expert Inhotec will preserve skills essential to the watchmaking industry as a whole, said the company.
Brought to you by
Taking the Moment Head On: How Rio Grande Champions the Present & Future of Fine JewelryAs a leading global jewelry supplier, Rio Grande is rapidly expanding and developing new solutions to meet the needs of jewelers worldwide.
MajorsAug 15, 2025
Rio Grande Names New Marketing DirectorNicolette Bianchi joins the wholesale provider with more than 15 years of cross-industry experience in marketing and product development.
Weekly QuizAug 15, 2025
This Week’s QuizTest your jewelry news knowledge by answering these questions.
CollectionsAug 14, 2025
In Midst of ‘Sardine Girl Summer,’ Pippa Small Looks to ‘Flounder Fall’Her new “Ocean” collection was inspired by Myanmar’s traditional articulated fish jewelry, with depictions of flounder, catfish, and more.
MajorsAug 14, 2025
Casio America Names New CEOLongtime Casio executive Yusuke Suzuki is the new president and CEO of Casio’s U.S. subsidiary.
Brought to you by
Investing in the Next Generation of Bench JewelersThe Seymour & Evelyn Holtzman Bench Scholarship from Jewelers of America returns for a second year.
SourcingAug 14, 2025
West Coast Orgs to Host Trading Event, Mixer in LAThe full-day sourcing and networking event, slated for Aug. 18, will be followed by the fifth annual Mega Mixer Summer Soirée.
TrendsAug 13, 2025
Cristiano Ronaldo Proposes With Gigantic Oval-Cut DiamondModel Georgina Rodríguez received a rock of an engagement ring, with her diamond estimated to be 35 carats, experts say.
SourcingAug 13, 2025
ICA Names 2025 Board of DirectorsThe board elected 9 new directors at its recent ICA Congress in Brazil.
TrendsAug 13, 2025
Colorado Jeweler, Whiskey Maker Collab on Ring GiveawayThree winners will receive a custom ring from Honest Hands Ring Co. inlaid with a piece of history from Denver-based distillery Stranahan’s.
SurveysAug 13, 2025
These Are The 25 Hottest Retailers, Says NRFJD Sports and Wawa were among the fastest-growing retail companies in the U.S. last year.
SourcingAug 13, 2025
Columbia Gem House Launches Winza Sapphires, RubiesThe new inventory, all untreated, features vibrant hues and unique bicolor combinations.
SourcingAug 12, 2025
Gemfields Sells Fabergé for $50MAcquired by a tech investor, the historic brand will continue to focus on jewelry, accessories, and timepieces.
Policies & IssuesAug 12, 2025
Higher Tariff on Chinese Imports Paused for 90 Days, Trump SaysPresident Donald Trump issued an executive order extending the pause on higher tariffs to November as negotiations with China continue.
CollectionsAug 12, 2025
Jacquie Aiche’s New Collection Harnesses the Energy of the ThunderbirdThe “Thunderbird Slab” collection features a thunderbird motif as a symbol of power, protection, and boundless possibility.
ColumnistsAug 12, 2025
Creative Connecting: How to Take a Better HeadshotColumnists Jen Cullen Williams and Duvall O’Steen share tips on how to elevate your professional image.
CrimeAug 11, 2025
Man Convicted of First-Degree Murder in Death of Colorado JewelerPeter Damian Arguello, a jeweler in the Denver suburb of Wheat Ridge, was found dead inside his store in November 2023.
IndependentsAug 11, 2025
Lisa Bridge to Depart Ben Bridge JewelerThe retailer, owned by Berkshire Hathaway, is becoming part of the Berkshire Hathaway Jewelry Group with Helzberg.
EditorsAug 11, 2025
The Colors Expected to Be On-Trend in a Couple YearsAssociate Editor Lauren McLemore recently attended a fabrics trade show where a trend forecaster shared her predictions for summer 2027.
FinancialsAug 08, 2025
Brilliant Earth’s Q2 Sales Up 3% as Engagement Ring Sales RiseThe company raised its full-year sales guidance while noting it has not yet assessed the potential impact of the latest tariff news.
TrendsAug 08, 2025
Piece of the Week: Rahaminov Diamonds’ Bezel BangleThe brand’s latest iteration of a bezel-set diamond bangle features clean lines and a timeless design for a new modern silhouette.
WatchesAug 07, 2025
Bulova’s New Collection Honors Tony BennettThe first watch in the series commemorates his participation in the Civil Rights movement, marching from Selma to Montgomery in 1965.
Lab-GrownAug 07, 2025
Chatham Releases Catalog for Loose Lab-Grown GemstonesThe catalog contains a complete listing of all the loose gemstones in stock, as well as information about the properties of each stone.
TechnologyAug 07, 2025
Rembrandt Charms Debuts New Website, Bird CharmsThe company added a retailer dashboard to its site and three new birds to its charm collection, the cardinal, blue jay, and hummingbird.
Policies & IssuesAug 06, 2025
Tariff on India to Rise to 50%, Trump Says An additional 25 percent tariff has been added to the previously announced 25 percent.
