AuctionsDec 10, 2025
Francis Ford Coppola’s Watch Sells for $10.8MThe filmmaker’s personal F.P. Journe “FFC” prototype was the star of Phillips’ recent record-setting watch auction in New York.
Events & AwardsApr 25, 2018
Live from Conclave: Understanding Cybersecurity Risks
Do your employees understand when an email should raise alarm bells? And are you patching your software when prompted?
Nashville, Tenn.—The hacks that make headlines are the ones that involve big companies and thousands, if not millions or billions, of files of customer data—Equifax, Yahoo and, most recently, Saks Fifth Avenue and Lord & Taylor.
But that doesn’t mean a small business, like a family-owned jewelry store, can’t be hacked.
“Every organization is a target,” Mary Myers, an information security analyst with Jewelers Mutual Insurance Group, said. “There are just different rationales for why.”
Myers presented a breakout session Monday morning at Conclave outlining the cybersecurity risks businesses face and detailing what jewelers should do if they are hacked.
She started with social engineering and phishing.
Social engineering is the act of manipulating employees into doing something they otherwise would not do. Phishing is social engineering via email and can involve attachments, directing the recipient to fake websites, or fake emails.
Myers said phishing emails are often unexpected and written in a way that makes them seem urgent (your immediate reply is requested, etc.).
While they can contain misspellings and grammatical errors, she noted that hackers are getting smarter and cleaning up their emails so there are fewer of these. Phishing messages also can come from email addresses that are nearly identical to (or exactly the same as, which is called spoofing) those of people with whom the business owner and/or employees communicate regularly.
The emails try to bait the the receiver into replying and engaging in a conversation, opening an attachment or clicking a link for the purposes of installing malware on the business’ computer systems.
The malware widely in use by hackers right now is called ransomware, Myers said. Hackers lock victims’ computers with encryption and demand they pay a ransom, via Bitcoin, to get their data back.
But that doesn’t mean a small business, like a family-owned jewelry store, can’t be hacked.
“Every organization is a target,” Mary Myers, an information security analyst with Jewelers Mutual Insurance Group, said. “There are just different rationales for why.”
Myers presented a breakout session Monday morning at Conclave outlining the cybersecurity risks businesses face and detailing what jewelers should do if they are hacked.
She started with social engineering and phishing.
Social engineering is the act of manipulating employees into doing something they otherwise would not do. Phishing is social engineering via email and can involve attachments, directing the recipient to fake websites, or fake emails.
Myers said phishing emails are often unexpected and written in a way that makes them seem urgent (your immediate reply is requested, etc.).
While they can contain misspellings and grammatical errors, she noted that hackers are getting smarter and cleaning up their emails so there are fewer of these. Phishing messages also can come from email addresses that are nearly identical to (or exactly the same as, which is called spoofing) those of people with whom the business owner and/or employees communicate regularly.
The emails try to bait the the receiver into replying and engaging in a conversation, opening an attachment or clicking a link for the purposes of installing malware on the business’ computer systems.
The malware widely in use by hackers right now is called ransomware, Myers said. Hackers lock victims’ computers with encryption and demand they pay a ransom, via Bitcoin, to get their data back.
Her initial recommendation is, of course, not to click on links or open the attachments in emails that seem suspicious. Delete the email, call the sender and ask if they sent that specific email with an attachment or consult IT support.
But that doesn’t always happen.
When a business owner or employee falls for a phish, Myers said options are somewhat limited.
She said what business owners should not do is pay, as there is no guarantee they will get their data back.
They should stop their system backup, wipe infected systems and devices, and restore using what was backed up before the malware was installed. (Systems need to be backed up regularly. Myers recommends having a set, repeating cycle; for example, it backs up every day at midnight.)
Jewelers also face cybersecurity risks from both employees and vendors/contractors who could accidentally load a virus onto a system by clicking a phishing link or visiting a disreputable site, or who could violate a business intentionally, by purposely loading or sending a virus or sharing sensitive customer information. Myers said business owners need to provide guidance to employees, vendors and contractors and to clearly define: what does acceptable internet use at the company look like?
While not heavily attended, the Conclave session did generate multiple questions from attendees.
One jeweler asked if should she turn off her servers at night to help protect against attacks. You can, Myers answered, but it won’t necessarily prevent anything, as some of this software is malware designed to enter the system and lie dormant until it can be activated.
Another asked if paid-for anti-virus software is better than free. Myers said anything that will help a business quarantine and clean up a virus is “great.” What will work best a particular business really depends on its size, needs and risk factors.
Myers wrapped up with a list of a half-dozen additional tips for increasing cybersecurity.
1. Keep an inventory of key systems and applications.
2. Keep an inventory of risks and threats, and use multiple layers of security.
3. Keep systems and devices patched.
All software has “gaps” that make it vulnerable to hackers, Myers said. “Patches” are released regularly by software companies and are intended to seal those gaps. Microsoft releases patches for its software on a monthly basis, but probably the most well-known example of a patch are the “updates” Apple regularly sends for iPhones and iPads.
“If you don’t close it,” Myers said of the gap, “you’re exposed. Patching is super, super critical.”
4. Back up systems and, Myers added, test the back-up.
Having a virus-infected system is going to create an “emotionally charged” situation. She said business owners don’t want that to be the first time they’ve ever walked through the process of employing their back-up.
5. Establish separation in key systems.
Business owners who host their own websites should separate it internally and not have it on the same server as the rest of their data. They also need to rotate job duties. They can’t “give the keys to the kingdom” to one person; hackers would have to have access to several people if there's separation.
Also, when someone leaves the company, take away their access to the company’s systems.
6. Train employees on cyber risks at least annually, if not quarterly.
In response to one jeweler’s question, Myers said business owners can require employees who connect personal devices to the store’s Wi-Fi to update those devices when prompted. She recommended writing it into the store’s policy.
The JSA also recently released a list of cybersecurity recommends, which was included in National Jeweler’s article about Saks getting hacked.
Jewelers also face cybersecurity risks from both employees and vendors/contractors who could accidentally load a virus onto a system by clicking a phishing link or visiting a disreputable site, or who could violate a business intentionally, by purposely loading or sending a virus or sharing sensitive customer information. Myers said business owners need to provide guidance to employees, vendors and contractors and to clearly define: what does acceptable internet use at the company look like?
While not heavily attended, the Conclave session did generate multiple questions from attendees.
One jeweler asked if should she turn off her servers at night to help protect against attacks. You can, Myers answered, but it won’t necessarily prevent anything, as some of this software is malware designed to enter the system and lie dormant until it can be activated.
Another asked if paid-for anti-virus software is better than free. Myers said anything that will help a business quarantine and clean up a virus is “great.” What will work best a particular business really depends on its size, needs and risk factors.
Myers wrapped up with a list of a half-dozen additional tips for increasing cybersecurity.
1. Keep an inventory of key systems and applications.
2. Keep an inventory of risks and threats, and use multiple layers of security.
3. Keep systems and devices patched.
All software has “gaps” that make it vulnerable to hackers, Myers said. “Patches” are released regularly by software companies and are intended to seal those gaps. Microsoft releases patches for its software on a monthly basis, but probably the most well-known example of a patch are the “updates” Apple regularly sends for iPhones and iPads.
“If you don’t close it,” Myers said of the gap, “you’re exposed. Patching is super, super critical.”
4. Back up systems and, Myers added, test the back-up.
Having a virus-infected system is going to create an “emotionally charged” situation. She said business owners don’t want that to be the first time they’ve ever walked through the process of employing their back-up.
5. Establish separation in key systems.
Business owners who host their own websites should separate it internally and not have it on the same server as the rest of their data. They also need to rotate job duties. They can’t “give the keys to the kingdom” to one person; hackers would have to have access to several people if there's separation.
Also, when someone leaves the company, take away their access to the company’s systems.
6. Train employees on cyber risks at least annually, if not quarterly.
In response to one jeweler’s question, Myers said business owners can require employees who connect personal devices to the store’s Wi-Fi to update those devices when prompted. She recommended writing it into the store’s policy.
The JSA also recently released a list of cybersecurity recommends, which was included in National Jeweler’s article about Saks getting hacked.
More on Events & Awards
The Latest
WatchesDec 10, 2025
There’s A New Rolex Boutique in MiamiThe new location in the Design District pays homage to Miami’s Art Deco heritage and its connection to the ocean.
SurveysDec 10, 2025
Consumer Confidence Drops in November Inflations, tariffs, and politics—including the government shutdown—were among consumers’ top concerns last month.
Brought to you by
Impacting Tomorrow TodayHow Jewelers of America’s 20 Under 40 are leading to ensure a brighter future for the jewelry industry.
SourcingDec 10, 2025
NAJA Announces Details for 2026 ‘Ace It’ Winter Conference“Longtime favorite” presenters, as well as first-time speakers, will lead talks and workshops at the annual event in Tucson next year.
Weekly QuizDec 04, 2025
This Week’s QuizTest your jewelry news knowledge by answering these questions.
AuctionsDec 09, 2025
‘Desert Rose’ Diamond Sells for $8.8M in Abu DhabiThe sale of the 31.68-carat, sunset-hued stone was part of Sotheby’s first series of events and auctions in Abu Dhabi.
ColumnistsDec 09, 2025
Holiday Sales Happen in December, Most Decisions Don’tMost customers who walk into your store this month have made up their minds. Your job is to validate their choice, Emmanuel Raheb writes.
Brought to you by
Roseco Releases New Full-Line CatalogRoseco’s 704-page catalog showcases new lab-grown diamonds, findings, tools & more—available in print or interactive digital editions.
TrendsDec 09, 2025
‘Once Upon a Time,’ Guzema Debuted Its Holiday CollectionThe collection features characters and motifs from Ukrainian folklore, including an enchanted mirror and a magic egg.
TechnologyDec 09, 2025
Gemvision Releases Updated MatrixGoldMatrixGold 3.11, the newest version of the jewelry design program, offers more flexibility, precision, and creative control.
MajorsDec 08, 2025
Juell Kadet, a ‘Lifelong Pillar’ of Rogers & Hollands, Dies at 96Kadet, a 1994 National Jeweler Retailer Hall of Fame inductee, helped grow the family-owned retailer in the Chicago area and beyond.
TechnologyDec 08, 2025
You’ve Heard of Smart Watches and Rings; Meet Smart EarringsBilled as the world’s smallest wearable, Lumia Health’s new smart earrings have a health tracker subtly embedded in the back.
TrendsDec 08, 2025
Amanda’s Style File: Celebrating December’s BirthstonesDon’t let those with December birthdays feel blue. Help them celebrate their month with blue zircon, turquoise, and tanzanite.
CollectionsDec 05, 2025
Piece of the Week: Robinson Pelham’s ‘Tsar Star’ EarringsThe new pink sapphire version of the piece dances with its wearer in the brand’s “Icons After Dark” holiday campaign.
TrendsDec 05, 2025
Pantone’s Color of the Year for 2026 Is … WhiteA choice that’s generated a lot of commentary, Pantone says “Cloud Dancer” marks a fresh start and encourages relaxation and creativity.
MajorsDec 05, 2025
Stuller Releases ‘Wrapped in Wonder’ CampaignThe manufacturer’s holiday campaign features a gift guide filled with trending designs and jewelry that can be personalized.
CrimeDec 04, 2025
Man Arrested After Allegedly Swallowing Fabergé Egg PendantThe man was charged with theft, accused of ingesting the necklace while in a jewelry store in Auckland, New Zealand.
IndependentsDec 04, 2025
Step Inside JR Dunn Jewelers’ Giant New Store The Florida independent expanded its store from 8,000 to 14,000 square feet, fulfilling the vision of its late co-founder, Jim Dunn.
Supplier BulletinDec 04, 2025
Introducing Shop Natural Day: A New Movement Celebrating Natural DiamondsSponsored by De Beers Group
WatchesDec 04, 2025
Casio Shrinks its G-Shock WatchThe classic 5600 series G-Shock has been scaled down to about a tenth of its size, becoming a fully functioning watch ring.
Events & AwardsDec 04, 2025
AGA Announces 2026 Tucson Speaker LineupThe association’s annual conference and gala will take place Feb. 4, 2026, during the Tucson gem shows.
Events & AwardsDec 04, 2025
CBG Announces Speaker Lineup for 2026 Miami Event The January show will include a workshop for jewelry retailers on implementing AI to strengthen their businesses.
TrendsDec 03, 2025
Miley Cyrus Debuts Edgy Engagement RingFellow musician Maxx Morando proposed to the star with a chunky, cushion-cut diamond ring designed by Jacquie Aiche.
Policies & IssuesDec 03, 2025
Costco Joins Growing Wave of Retailers Suing for Tariff Refunds The retailer, which sells billions in fine jewelry and watches, is suing the Trump administration and U.S. Customs and Border Patrol.
SurveysDec 03, 2025
A Record 202.9M Shoppers Turned Out Thanksgiving WeekendBlack Friday is still the most popular shopping day over the five-day holiday weekend, as per the National Retail Federation’s survey.
AuctionsDec 03, 2025
Fabergé’s 'The Winter Egg' Achieves Record $30MThe historic egg, crafted for Russia's ruling family prior to the revolution, was the star of Christie’s recent auction of works by Fabergé.
FinancialsDec 02, 2025
Signet Jewelers’ Q3 Sales Up Amid Continued Focus on Lower Price PointsThe retailer offered more fashion jewelry priced under $1,000, including lab-grown diamond and men’s jewelry.
