IndependentsMar 06, 2025
Wixon Jewelers to Close After 37 YearsFirst-generation jewelers Dan and Hope Wixon are retiring and will close their Minneapolis-area jewelry store in May.
Events & AwardsApr 25, 2018
Live from Conclave: Understanding Cybersecurity Risks
Do your employees understand when an email should raise alarm bells? And are you patching your software when prompted?
Nashville, Tenn.—The hacks that make headlines are the ones that involve big companies and thousands, if not millions or billions, of files of customer data—Equifax, Yahoo and, most recently, Saks Fifth Avenue and Lord & Taylor.
But that doesn’t mean a small business, like a family-owned jewelry store, can’t be hacked.
“Every organization is a target,” Mary Myers, an information security analyst with Jewelers Mutual Insurance Group, said. “There are just different rationales for why.”
Myers presented a breakout session Monday morning at Conclave outlining the cybersecurity risks businesses face and detailing what jewelers should do if they are hacked.
She started with social engineering and phishing.
Social engineering is the act of manipulating employees into doing something they otherwise would not do. Phishing is social engineering via email and can involve attachments, directing the recipient to fake websites, or fake emails.
Myers said phishing emails are often unexpected and written in a way that makes them seem urgent (your immediate reply is requested, etc.).
While they can contain misspellings and grammatical errors, she noted that hackers are getting smarter and cleaning up their emails so there are fewer of these. Phishing messages also can come from email addresses that are nearly identical to (or exactly the same as, which is called spoofing) those of people with whom the business owner and/or employees communicate regularly.
The emails try to bait the the receiver into replying and engaging in a conversation, opening an attachment or clicking a link for the purposes of installing malware on the business’ computer systems.
The malware widely in use by hackers right now is called ransomware, Myers said. Hackers lock victims’ computers with encryption and demand they pay a ransom, via Bitcoin, to get their data back.
But that doesn’t mean a small business, like a family-owned jewelry store, can’t be hacked.
“Every organization is a target,” Mary Myers, an information security analyst with Jewelers Mutual Insurance Group, said. “There are just different rationales for why.”
Myers presented a breakout session Monday morning at Conclave outlining the cybersecurity risks businesses face and detailing what jewelers should do if they are hacked.
She started with social engineering and phishing.
Social engineering is the act of manipulating employees into doing something they otherwise would not do. Phishing is social engineering via email and can involve attachments, directing the recipient to fake websites, or fake emails.
Myers said phishing emails are often unexpected and written in a way that makes them seem urgent (your immediate reply is requested, etc.).
While they can contain misspellings and grammatical errors, she noted that hackers are getting smarter and cleaning up their emails so there are fewer of these. Phishing messages also can come from email addresses that are nearly identical to (or exactly the same as, which is called spoofing) those of people with whom the business owner and/or employees communicate regularly.
The emails try to bait the the receiver into replying and engaging in a conversation, opening an attachment or clicking a link for the purposes of installing malware on the business’ computer systems.
The malware widely in use by hackers right now is called ransomware, Myers said. Hackers lock victims’ computers with encryption and demand they pay a ransom, via Bitcoin, to get their data back.
Her initial recommendation is, of course, not to click on links or open the attachments in emails that seem suspicious. Delete the email, call the sender and ask if they sent that specific email with an attachment or consult IT support.
But that doesn’t always happen.
When a business owner or employee falls for a phish, Myers said options are somewhat limited.
She said what business owners should not do is pay, as there is no guarantee they will get their data back.
Editors' Picks
Sponsored by
They should stop their system backup, wipe infected systems and devices, and restore using what was backed up before the malware was installed. (Systems need to be backed up regularly. Myers recommends having a set, repeating cycle; for example, it backs up every day at midnight.)
Jewelers also face cybersecurity risks from both employees and vendors/contractors who could accidentally load a virus onto a system by clicking a phishing link or visiting a disreputable site, or who could violate a business intentionally, by purposely loading or sending a virus or sharing sensitive customer information. Myers said business owners need to provide guidance to employees, vendors and contractors and to clearly define: what does acceptable internet use at the company look like?
While not heavily attended, the Conclave session did generate multiple questions from attendees.
One jeweler asked if should she turn off her servers at night to help protect against attacks. You can, Myers answered, but it won’t necessarily prevent anything, as some of this software is malware designed to enter the system and lie dormant until it can be activated.
Another asked if paid-for anti-virus software is better than free. Myers said anything that will help a business quarantine and clean up a virus is “great.” What will work best a particular business really depends on its size, needs and risk factors.
Myers wrapped up with a list of a half-dozen additional tips for increasing cybersecurity.
1. Keep an inventory of key systems and applications.
2. Keep an inventory of risks and threats, and use multiple layers of security.
3. Keep systems and devices patched.
All software has “gaps” that make it vulnerable to hackers, Myers said. “Patches” are released regularly by software companies and are intended to seal those gaps. Microsoft releases patches for its software on a monthly basis, but probably the most well-known example of a patch are the “updates” Apple regularly sends for iPhones and iPads.
“If you don’t close it,” Myers said of the gap, “you’re exposed. Patching is super, super critical.”
4. Back up systems and, Myers added, test the back-up.
Having a virus-infected system is going to create an “emotionally charged” situation. She said business owners don’t want that to be the first time they’ve ever walked through the process of employing their back-up.
5. Establish separation in key systems.
Business owners who host their own websites should separate it internally and not have it on the same server as the rest of their data. They also need to rotate job duties. They can’t “give the keys to the kingdom” to one person; hackers would have to have access to several people if there's separation.
Also, when someone leaves the company, take away their access to the company’s systems.
6. Train employees on cyber risks at least annually, if not quarterly.
In response to one jeweler’s question, Myers said business owners can require employees who connect personal devices to the store’s Wi-Fi to update those devices when prompted. She recommended writing it into the store’s policy.
The JSA also recently released a list of cybersecurity recommends, which was included in National Jeweler’s article about Saks getting hacked.
Jewelers also face cybersecurity risks from both employees and vendors/contractors who could accidentally load a virus onto a system by clicking a phishing link or visiting a disreputable site, or who could violate a business intentionally, by purposely loading or sending a virus or sharing sensitive customer information. Myers said business owners need to provide guidance to employees, vendors and contractors and to clearly define: what does acceptable internet use at the company look like?
While not heavily attended, the Conclave session did generate multiple questions from attendees.
One jeweler asked if should she turn off her servers at night to help protect against attacks. You can, Myers answered, but it won’t necessarily prevent anything, as some of this software is malware designed to enter the system and lie dormant until it can be activated.
Another asked if paid-for anti-virus software is better than free. Myers said anything that will help a business quarantine and clean up a virus is “great.” What will work best a particular business really depends on its size, needs and risk factors.
Myers wrapped up with a list of a half-dozen additional tips for increasing cybersecurity.
1. Keep an inventory of key systems and applications.
2. Keep an inventory of risks and threats, and use multiple layers of security.
3. Keep systems and devices patched.
All software has “gaps” that make it vulnerable to hackers, Myers said. “Patches” are released regularly by software companies and are intended to seal those gaps. Microsoft releases patches for its software on a monthly basis, but probably the most well-known example of a patch are the “updates” Apple regularly sends for iPhones and iPads.
“If you don’t close it,” Myers said of the gap, “you’re exposed. Patching is super, super critical.”
4. Back up systems and, Myers added, test the back-up.
Having a virus-infected system is going to create an “emotionally charged” situation. She said business owners don’t want that to be the first time they’ve ever walked through the process of employing their back-up.
5. Establish separation in key systems.
Business owners who host their own websites should separate it internally and not have it on the same server as the rest of their data. They also need to rotate job duties. They can’t “give the keys to the kingdom” to one person; hackers would have to have access to several people if there's separation.
Also, when someone leaves the company, take away their access to the company’s systems.
6. Train employees on cyber risks at least annually, if not quarterly.
In response to one jeweler’s question, Myers said business owners can require employees who connect personal devices to the store’s Wi-Fi to update those devices when prompted. She recommended writing it into the store’s policy.
The JSA also recently released a list of cybersecurity recommends, which was included in National Jeweler’s article about Saks getting hacked.
More on Events & Awards
The Latest
CollectionsMar 06, 2025
Guzema, 3.1 Phillip Lim Collab on New ‘Snake’ DesignsThe limited-edition collection, a nod to the Year of the Snake, is Ukrainian brand Guzema’s first partnership with a U.S. brand.
IndependentsMar 06, 2025
Stephen Barnes Is the New Owner of IJOAfter more than 50 years, Jeff Roberts is handing over ownership of the organization to IJO President Stephen Barnes.
Brought to you by
Have a Plan for EmergenciesEmergencies can happen anytime, anywhere , and Jewelers of America has what you need to be prepared for it all.
MajorsMar 05, 2025
Neiman Marcus’ Dallas Flagship Store to Close, Confirms Saks GlobalThe 111-year-old store will close following a dispute among Saks Global, a landlord, and the City of Dallas over a small piece of land.
Weekly QuizFeb 27, 2025
This Week’s QuizTest your jewelry news knowledge by answering these questions.
AuctionsMar 05, 2025
Sotheby's To Auction 51 ‘Alien’ WatchesThe upcoming “Area_51” watch sale is a collaboration with heist-out, featuring vintage and modern timepieces with futuristic designs.
MajorsMar 05, 2025
Jewelers of America Unveils 3-Year Strategic Plan The trade organization, which will mark 120 years of service next year, has a refined focus and a new mission statement.
Brought to you by
A Diamond ETF is the Way to Reinvigorate Natural Diamond SalesThe jewelry industry faces challenges from lab-grown diamonds. A diamond ETF can restore natural diamonds' value and drive investor demand.
CrimeMar 04, 2025
4 Suspects Arrested in Fatal Armed Robbery of California Jewelry Store Uc Thí Vo, who co-owned Kim Tin Jewelry in Sacramento with her husband of 40 years, was killed during the November 2024 robbery.
CrimeMar 04, 2025
NYC Diamond Dealer Pleads Guilty to Lab-Grown Diamond SwapsManashe Sezanayev pleaded guilty to grand larceny and is expected to receive five years’ probation when he’s sentenced in May.
TrendsMar 04, 2025
Amanda’s Style File: Peaceful and Powerful AquamarineThe March birthstone pairs perfectly with hues of Mocha Mousse, Pantone’s Color of the Year for 2025.
ColumnistsMar 04, 2025
The Smart Lab: Using Online Events to Supercharge Sales Emmanuel Raheb shares strategies to prepare for, publicize, and engage the audience during events on platforms like TikTok and Zoom.
EditorsMar 03, 2025
Drop Necklaces, Archival Pieces Take Over at the 2025 OscarsFrom Doja Cat to Mikey Madison and Selena Gomez, many of this year’s Academy Awards attendees donned drop necklaces.
Policies & IssuesMar 03, 2025
Customs Indefinitely Postpones Requirement to Disclose Country of MiningOriginally slated to take effect in April, official U.S. Customs and Border Protection documents now show the implementation date as “TBD.”
SurveysMar 03, 2025
Consumer Confidence Fell in February Amid Concerns About the FutureThe recent jump in the prices of household staples, like eggs, and the potential impact of tariffs worried consumers.
Events & AwardsMar 03, 2025
AGA Now Accepting Applications for Its Gemological Education Scholarship The application period for the program is now open for aspiring gemologists around the world.
CollectionsFeb 28, 2025
Piece of the Week: Ironhorse Quillwork EarringsThe work of Indigenous designer Joe Big Mountain, these earrings are similar to the pair Lily Gladstone just wore to the SAG Awards.
AuctionsFeb 28, 2025
300-Year-Old Ring With Ties to Witch Trial Judge Up for Auction A metal detectorist uncovered the ring created in memory of Sir Richard Rainsford, who presided over some of England’s last witch trials.
Recorded WebinarsFeb 28, 2025
Watch: 2025 Jewelry Trends ForecastFine jewelry consultant and publicist Francesca Simons joins Amanda Gizzi and Natalie Francisco to discuss the trends set to rise this year.
TrendsFeb 27, 2025
Model Winnie Harlow Says ‘Yes’ to 3-Stone Engagement RingHarlow’s partner, NBA player Kyle Kuzma, worked with Vobara to design the ring, which features oval and pear-shaped diamonds.
MajorsFeb 27, 2025
Winona Ryder, Iman Star in New Pandora CampaignThe Danish jeweler released the next chapter of its “Be Love” campaign, which celebrates love in all its forms.
SourcingFeb 27, 2025
Gemfields Holds Mini Auction for Higher-Quality EmeraldsThe 13 lots on offer were comprised of material that previously went unsold at the miner’s November auction.
Events & AwardsFeb 27, 2025
JA to Host Workshop During Alabama Jewelers Association ConventionThe learning workshop and the convention are both scheduled to take place April 26 and 27 in Montgomery, Alabama.
Policies & IssuesFeb 26, 2025
EU Once Again Pushes Back Deadline on Diamond Traceability The EU, like the U.S., also now will require diamond importers to provide information about where exactly the diamonds were mined.
SourcingFeb 26, 2025
De Beers, Botswana Make New Diamond Sales Deal OfficialThe formal signing of the agreement comes nearly two years after De Beers and Botswana initially announced they had reached a new deal.
Events & AwardsFeb 26, 2025
JFC Names 2025 ‘Facets’ HonoreesThe charity will celebrate Pandora CEO Alexander Lacik and Brilliant Earth CEO Beth Gerstein at its annual event in Las Vegas.
ColumnistsFeb 25, 2025
Peter Smith: Here’s What I Think Retailers need to have the right merchandise, marketing, and people in place to stay on top in a sea of uncertainty, Peter Smith writes.
