ColumnistsMay 18, 2026
Edahn Golan: What a K-Shaped Economy Means for Fine JewelryIn a column for the 2026 State of the Majors issue, Golan spells out how the growing economic divide in the U.S. is reshaping the market.
Events & AwardsApr 25, 2018
Live from Conclave: Understanding Cybersecurity Risks
Do your employees understand when an email should raise alarm bells? And are you patching your software when prompted?
Nashville, Tenn.—The hacks that make headlines are the ones that involve big companies and thousands, if not millions or billions, of files of customer data—Equifax, Yahoo and, most recently, Saks Fifth Avenue and Lord & Taylor.
But that doesn’t mean a small business, like a family-owned jewelry store, can’t be hacked.
“Every organization is a target,” Mary Myers, an information security analyst with Jewelers Mutual Insurance Group, said. “There are just different rationales for why.”
Myers presented a breakout session Monday morning at Conclave outlining the cybersecurity risks businesses face and detailing what jewelers should do if they are hacked.
She started with social engineering and phishing.
Social engineering is the act of manipulating employees into doing something they otherwise would not do. Phishing is social engineering via email and can involve attachments, directing the recipient to fake websites, or fake emails.
Myers said phishing emails are often unexpected and written in a way that makes them seem urgent (your immediate reply is requested, etc.).
While they can contain misspellings and grammatical errors, she noted that hackers are getting smarter and cleaning up their emails so there are fewer of these. Phishing messages also can come from email addresses that are nearly identical to (or exactly the same as, which is called spoofing) those of people with whom the business owner and/or employees communicate regularly.
The emails try to bait the the receiver into replying and engaging in a conversation, opening an attachment or clicking a link for the purposes of installing malware on the business’ computer systems.
The malware widely in use by hackers right now is called ransomware, Myers said. Hackers lock victims’ computers with encryption and demand they pay a ransom, via Bitcoin, to get their data back.
But that doesn’t mean a small business, like a family-owned jewelry store, can’t be hacked.
“Every organization is a target,” Mary Myers, an information security analyst with Jewelers Mutual Insurance Group, said. “There are just different rationales for why.”
Myers presented a breakout session Monday morning at Conclave outlining the cybersecurity risks businesses face and detailing what jewelers should do if they are hacked.
She started with social engineering and phishing.
Social engineering is the act of manipulating employees into doing something they otherwise would not do. Phishing is social engineering via email and can involve attachments, directing the recipient to fake websites, or fake emails.
Myers said phishing emails are often unexpected and written in a way that makes them seem urgent (your immediate reply is requested, etc.).
While they can contain misspellings and grammatical errors, she noted that hackers are getting smarter and cleaning up their emails so there are fewer of these. Phishing messages also can come from email addresses that are nearly identical to (or exactly the same as, which is called spoofing) those of people with whom the business owner and/or employees communicate regularly.
The emails try to bait the the receiver into replying and engaging in a conversation, opening an attachment or clicking a link for the purposes of installing malware on the business’ computer systems.
The malware widely in use by hackers right now is called ransomware, Myers said. Hackers lock victims’ computers with encryption and demand they pay a ransom, via Bitcoin, to get their data back.
Her initial recommendation is, of course, not to click on links or open the attachments in emails that seem suspicious. Delete the email, call the sender and ask if they sent that specific email with an attachment or consult IT support.
But that doesn’t always happen.
When a business owner or employee falls for a phish, Myers said options are somewhat limited.
She said what business owners should not do is pay, as there is no guarantee they will get their data back.
Editors' Picks
Sponsored by
They should stop their system backup, wipe infected systems and devices, and restore using what was backed up before the malware was installed. (Systems need to be backed up regularly. Myers recommends having a set, repeating cycle; for example, it backs up every day at midnight.)
Jewelers also face cybersecurity risks from both employees and vendors/contractors who could accidentally load a virus onto a system by clicking a phishing link or visiting a disreputable site, or who could violate a business intentionally, by purposely loading or sending a virus or sharing sensitive customer information. Myers said business owners need to provide guidance to employees, vendors and contractors and to clearly define: what does acceptable internet use at the company look like?
While not heavily attended, the Conclave session did generate multiple questions from attendees.
One jeweler asked if should she turn off her servers at night to help protect against attacks. You can, Myers answered, but it won’t necessarily prevent anything, as some of this software is malware designed to enter the system and lie dormant until it can be activated.
Another asked if paid-for anti-virus software is better than free. Myers said anything that will help a business quarantine and clean up a virus is “great.” What will work best a particular business really depends on its size, needs and risk factors.
Myers wrapped up with a list of a half-dozen additional tips for increasing cybersecurity.
1. Keep an inventory of key systems and applications.
2. Keep an inventory of risks and threats, and use multiple layers of security.
3. Keep systems and devices patched.
All software has “gaps” that make it vulnerable to hackers, Myers said. “Patches” are released regularly by software companies and are intended to seal those gaps. Microsoft releases patches for its software on a monthly basis, but probably the most well-known example of a patch are the “updates” Apple regularly sends for iPhones and iPads.
“If you don’t close it,” Myers said of the gap, “you’re exposed. Patching is super, super critical.”
4. Back up systems and, Myers added, test the back-up.
Having a virus-infected system is going to create an “emotionally charged” situation. She said business owners don’t want that to be the first time they’ve ever walked through the process of employing their back-up.
5. Establish separation in key systems.
Business owners who host their own websites should separate it internally and not have it on the same server as the rest of their data. They also need to rotate job duties. They can’t “give the keys to the kingdom” to one person; hackers would have to have access to several people if there's separation.
Also, when someone leaves the company, take away their access to the company’s systems.
6. Train employees on cyber risks at least annually, if not quarterly.
In response to one jeweler’s question, Myers said business owners can require employees who connect personal devices to the store’s Wi-Fi to update those devices when prompted. She recommended writing it into the store’s policy.
The JSA also recently released a list of cybersecurity recommends, which was included in National Jeweler’s article about Saks getting hacked.
Jewelers also face cybersecurity risks from both employees and vendors/contractors who could accidentally load a virus onto a system by clicking a phishing link or visiting a disreputable site, or who could violate a business intentionally, by purposely loading or sending a virus or sharing sensitive customer information. Myers said business owners need to provide guidance to employees, vendors and contractors and to clearly define: what does acceptable internet use at the company look like?
While not heavily attended, the Conclave session did generate multiple questions from attendees.
One jeweler asked if should she turn off her servers at night to help protect against attacks. You can, Myers answered, but it won’t necessarily prevent anything, as some of this software is malware designed to enter the system and lie dormant until it can be activated.
Another asked if paid-for anti-virus software is better than free. Myers said anything that will help a business quarantine and clean up a virus is “great.” What will work best a particular business really depends on its size, needs and risk factors.
Myers wrapped up with a list of a half-dozen additional tips for increasing cybersecurity.
1. Keep an inventory of key systems and applications.
2. Keep an inventory of risks and threats, and use multiple layers of security.
3. Keep systems and devices patched.
All software has “gaps” that make it vulnerable to hackers, Myers said. “Patches” are released regularly by software companies and are intended to seal those gaps. Microsoft releases patches for its software on a monthly basis, but probably the most well-known example of a patch are the “updates” Apple regularly sends for iPhones and iPads.
“If you don’t close it,” Myers said of the gap, “you’re exposed. Patching is super, super critical.”
4. Back up systems and, Myers added, test the back-up.
Having a virus-infected system is going to create an “emotionally charged” situation. She said business owners don’t want that to be the first time they’ve ever walked through the process of employing their back-up.
5. Establish separation in key systems.
Business owners who host their own websites should separate it internally and not have it on the same server as the rest of their data. They also need to rotate job duties. They can’t “give the keys to the kingdom” to one person; hackers would have to have access to several people if there's separation.
Also, when someone leaves the company, take away their access to the company’s systems.
6. Train employees on cyber risks at least annually, if not quarterly.
In response to one jeweler’s question, Myers said business owners can require employees who connect personal devices to the store’s Wi-Fi to update those devices when prompted. She recommended writing it into the store’s policy.
The JSA also recently released a list of cybersecurity recommends, which was included in National Jeweler’s article about Saks getting hacked.
More on Events & Awards
The Latest
CollectionsMay 18, 2026
Foundrae’s New Collection Taps Into JoyThe “Limitless Expansion of Joy and Hope” collection evokes summer through colored gemstones and motifs of butterflies and florals.
CollectionsMay 18, 2026
Hancocks London Acquires Historic ‘Inchiquin’ EmeraldThe jewel, circa 1890, is from the late Victorian era and was owned by descendants of the last high king of Ireland.
Brought to you by
How Modern Training Is Becoming a Competitive Advantage for Jewelry RetailersWith the trade and customer trust in mind, GIA® developed NextGem™ – on-demand training designed specifically for retail.
AuctionsMay 15, 2026
American Collector Ponies Up Almost $17K for John Wayne’s RingThe Western star’s 14-karat gold signet ring sold for six times its low estimate following a bidding war at U.K. auction house Elmwood’s.
Weekly QuizMay 14, 2026
This Week’s QuizTest your jewelry news knowledge by answering these questions.
SourcingMay 15, 2026
State of Diamonds: The Way Forward for Natural DiamondsThe jewelry industry is reassessing its positioning as Gen Z reshapes the retail landscape and lab grown continues to gain market share.
AuctionsMay 14, 2026
White Diamonds Lead Sotheby’s Auction, Blue Diamond Does Not SellA matching pair of 18.38-carat, D-color diamonds from Botswana’s Jwaneng mine sold for $3.3 million, the top lot of the jewelry auction.
Brought to you by
Discover Timeless Treasures: A Showcase of Antique Jewelry & Timepieces in Las VegasGain access to the most exclusive and coveted antique pieces from trusted dealers during Las Vegas Jewelry Week.
Supplier BulletinMay 14, 2026
A Diamond Is Forever Continues Desert Diamonds – Bridal ReinvigoratedSponsored by A Diamond Is Forever
SourcingMay 14, 2026
State of Colored Stones: The Spirit of Young American Gemstone CuttersThe next generation of lapidarists are entrepreneurial, engaged online, and see the craft as a means for artistic expression.
AuctionsMay 14, 2026
‘Ocean Dream’ Makes Waves at Christie’s, Fetching $17MIt was the second auction appearance for the fancy vivid blue-green diamond, which sold for $7.8 million at Christie’s Geneva 12 years ago.
CrimeMay 14, 2026
Second Man Arrested in Florida Pawn Shop Shooting Members of the U.S. Marshals Task Force took a 22-year-old man into custody. He was charged with tampering with evidence.
CrimeMay 13, 2026
JSA’s 2025 Crime Report Shows ‘Concerning’ Rise in ViolenceWhile the overall number of crimes was down, there were more incidences in which robbers pulled out guns, mace, or rammed cars into stores.
IndependentsMay 13, 2026
New Orleans Jeweler Closing Canal Place StoreJack Sutton Fine Jewelry is closing its store inside the downtown shopping center after 40 years in business.
SourcingMay 13, 2026
Smithsonian Acquires ‘Winston Red’ Diamond PaintingReena Ahluwalia’s painting of the rare red diamond is the first contemporary painting to join the National Gem Collection.
TrendsMay 13, 2026
State of Design: Only the Innovative Will SurviveThe price of gold has risen, affecting the number of pieces designers make, the materials they use, and how they position themselves.
ColumnistsMay 12, 2026
It’s Official: We’re Getting ‘Brain Rot’ From Watching Short-Form Videos Peter Smith gives tips on leading meetings, developing marketing, and making trade show appointments in the age of short attention spans.
CollectionsMay 12, 2026
Jessica McCormack Debuts Antique Coin-Inspired Medallions for SummerThe 11-piece “Medallions” capsule collection features five motifs: a crying eye, a heart on fire, a spiral, a flower, and a swallow.
IndependentsMay 12, 2026
State of Retail: 6 Things Retailers Should Know About Consumers TodayFrom Gen Z’s view of luxury to “doom spending,” these are the six consumer trends to note this year.
Events & AwardsMay 12, 2026
The Tiffany & Co. x CFDA Jewelry Designer Award Is BackThe partners have announced the second cycle of the program, which has expanded to include a $25,000 student scholarship.
IndependentsMay 11, 2026
Kansas Jeweler Closing After 70 YearsThe owners of Staats Jewelers are heading into retirement.
TrendsMay 11, 2026
Former Macy’s CEO Joins Signet Jewelers BoardJeffrey Gennette, who retired in 2024 after 41 years with Macy’s, is the newest member of the jewelry retailer’s board of directors.
TrendsMay 11, 2026
Amanda’s Style File: Lucky May May babies are lucky to have emeralds, a gemstone admired for centuries, as their birthstone, writes Amanda Gizzi.
TechnologyMay 11, 2026
Clientbook’s New Tool Helps Jewelers Plan In-Store EventsThe new module allows retailers to plan, promote, and measure the success of events from a single dashboard.
Lab-GrownMay 08, 2026
NDC Publicly Criticizes Pandora Over ‘Misleading’ Natural Diamond ClaimsNDC said in an open letter that Pandora’s statements about the carbon footprint of lab grown versus natural diamonds are inaccurate.
SourcingMay 08, 2026
Ronnie VanderLinden Takes Over as WDC President The diamantaire and industry leader succeeds Feriel Zerouki and said he will focus on being a “champion” for natural diamonds.
TrendsMay 08, 2026
Rihanna Chooses ‘Desert Diamonds’ for 2026 Met GalaShe wore our Piece of the Week, Glenn Spiro’s “Old Moghul Golconda” earrings, featuring fancy brown-yellow diamonds totaling 51.90 carats.
