CollectionsSep 18, 2025
Ashley Zhang Launches Garçon New YorkThe designer, who is the creative force behind her namesake brand, has now started a new mini line focusing on chains for fathers and sons.
Events & AwardsApr 25, 2018
Live from Conclave: Understanding Cybersecurity Risks
Do your employees understand when an email should raise alarm bells? And are you patching your software when prompted?
Nashville, Tenn.—The hacks that make headlines are the ones that involve big companies and thousands, if not millions or billions, of files of customer data—Equifax, Yahoo and, most recently, Saks Fifth Avenue and Lord & Taylor.
But that doesn’t mean a small business, like a family-owned jewelry store, can’t be hacked.
“Every organization is a target,” Mary Myers, an information security analyst with Jewelers Mutual Insurance Group, said. “There are just different rationales for why.”
Myers presented a breakout session Monday morning at Conclave outlining the cybersecurity risks businesses face and detailing what jewelers should do if they are hacked.
She started with social engineering and phishing.
Social engineering is the act of manipulating employees into doing something they otherwise would not do. Phishing is social engineering via email and can involve attachments, directing the recipient to fake websites, or fake emails.
Myers said phishing emails are often unexpected and written in a way that makes them seem urgent (your immediate reply is requested, etc.).
While they can contain misspellings and grammatical errors, she noted that hackers are getting smarter and cleaning up their emails so there are fewer of these. Phishing messages also can come from email addresses that are nearly identical to (or exactly the same as, which is called spoofing) those of people with whom the business owner and/or employees communicate regularly.
The emails try to bait the the receiver into replying and engaging in a conversation, opening an attachment or clicking a link for the purposes of installing malware on the business’ computer systems.
The malware widely in use by hackers right now is called ransomware, Myers said. Hackers lock victims’ computers with encryption and demand they pay a ransom, via Bitcoin, to get their data back.
But that doesn’t mean a small business, like a family-owned jewelry store, can’t be hacked.
“Every organization is a target,” Mary Myers, an information security analyst with Jewelers Mutual Insurance Group, said. “There are just different rationales for why.”
Myers presented a breakout session Monday morning at Conclave outlining the cybersecurity risks businesses face and detailing what jewelers should do if they are hacked.
She started with social engineering and phishing.
Social engineering is the act of manipulating employees into doing something they otherwise would not do. Phishing is social engineering via email and can involve attachments, directing the recipient to fake websites, or fake emails.
Myers said phishing emails are often unexpected and written in a way that makes them seem urgent (your immediate reply is requested, etc.).
While they can contain misspellings and grammatical errors, she noted that hackers are getting smarter and cleaning up their emails so there are fewer of these. Phishing messages also can come from email addresses that are nearly identical to (or exactly the same as, which is called spoofing) those of people with whom the business owner and/or employees communicate regularly.
The emails try to bait the the receiver into replying and engaging in a conversation, opening an attachment or clicking a link for the purposes of installing malware on the business’ computer systems.
The malware widely in use by hackers right now is called ransomware, Myers said. Hackers lock victims’ computers with encryption and demand they pay a ransom, via Bitcoin, to get their data back.
Her initial recommendation is, of course, not to click on links or open the attachments in emails that seem suspicious. Delete the email, call the sender and ask if they sent that specific email with an attachment or consult IT support.
But that doesn’t always happen.
When a business owner or employee falls for a phish, Myers said options are somewhat limited.
She said what business owners should not do is pay, as there is no guarantee they will get their data back.
They should stop their system backup, wipe infected systems and devices, and restore using what was backed up before the malware was installed. (Systems need to be backed up regularly. Myers recommends having a set, repeating cycle; for example, it backs up every day at midnight.)
Jewelers also face cybersecurity risks from both employees and vendors/contractors who could accidentally load a virus onto a system by clicking a phishing link or visiting a disreputable site, or who could violate a business intentionally, by purposely loading or sending a virus or sharing sensitive customer information. Myers said business owners need to provide guidance to employees, vendors and contractors and to clearly define: what does acceptable internet use at the company look like?
While not heavily attended, the Conclave session did generate multiple questions from attendees.
One jeweler asked if should she turn off her servers at night to help protect against attacks. You can, Myers answered, but it won’t necessarily prevent anything, as some of this software is malware designed to enter the system and lie dormant until it can be activated.
Another asked if paid-for anti-virus software is better than free. Myers said anything that will help a business quarantine and clean up a virus is “great.” What will work best a particular business really depends on its size, needs and risk factors.
Myers wrapped up with a list of a half-dozen additional tips for increasing cybersecurity.
1. Keep an inventory of key systems and applications.
2. Keep an inventory of risks and threats, and use multiple layers of security.
3. Keep systems and devices patched.
All software has “gaps” that make it vulnerable to hackers, Myers said. “Patches” are released regularly by software companies and are intended to seal those gaps. Microsoft releases patches for its software on a monthly basis, but probably the most well-known example of a patch are the “updates” Apple regularly sends for iPhones and iPads.
“If you don’t close it,” Myers said of the gap, “you’re exposed. Patching is super, super critical.”
4. Back up systems and, Myers added, test the back-up.
Having a virus-infected system is going to create an “emotionally charged” situation. She said business owners don’t want that to be the first time they’ve ever walked through the process of employing their back-up.
5. Establish separation in key systems.
Business owners who host their own websites should separate it internally and not have it on the same server as the rest of their data. They also need to rotate job duties. They can’t “give the keys to the kingdom” to one person; hackers would have to have access to several people if there's separation.
Also, when someone leaves the company, take away their access to the company’s systems.
6. Train employees on cyber risks at least annually, if not quarterly.
In response to one jeweler’s question, Myers said business owners can require employees who connect personal devices to the store’s Wi-Fi to update those devices when prompted. She recommended writing it into the store’s policy.
The JSA also recently released a list of cybersecurity recommends, which was included in National Jeweler’s article about Saks getting hacked.
Jewelers also face cybersecurity risks from both employees and vendors/contractors who could accidentally load a virus onto a system by clicking a phishing link or visiting a disreputable site, or who could violate a business intentionally, by purposely loading or sending a virus or sharing sensitive customer information. Myers said business owners need to provide guidance to employees, vendors and contractors and to clearly define: what does acceptable internet use at the company look like?
While not heavily attended, the Conclave session did generate multiple questions from attendees.
One jeweler asked if should she turn off her servers at night to help protect against attacks. You can, Myers answered, but it won’t necessarily prevent anything, as some of this software is malware designed to enter the system and lie dormant until it can be activated.
Another asked if paid-for anti-virus software is better than free. Myers said anything that will help a business quarantine and clean up a virus is “great.” What will work best a particular business really depends on its size, needs and risk factors.
Myers wrapped up with a list of a half-dozen additional tips for increasing cybersecurity.
1. Keep an inventory of key systems and applications.
2. Keep an inventory of risks and threats, and use multiple layers of security.
3. Keep systems and devices patched.
All software has “gaps” that make it vulnerable to hackers, Myers said. “Patches” are released regularly by software companies and are intended to seal those gaps. Microsoft releases patches for its software on a monthly basis, but probably the most well-known example of a patch are the “updates” Apple regularly sends for iPhones and iPads.
“If you don’t close it,” Myers said of the gap, “you’re exposed. Patching is super, super critical.”
4. Back up systems and, Myers added, test the back-up.
Having a virus-infected system is going to create an “emotionally charged” situation. She said business owners don’t want that to be the first time they’ve ever walked through the process of employing their back-up.
5. Establish separation in key systems.
Business owners who host their own websites should separate it internally and not have it on the same server as the rest of their data. They also need to rotate job duties. They can’t “give the keys to the kingdom” to one person; hackers would have to have access to several people if there's separation.
Also, when someone leaves the company, take away their access to the company’s systems.
6. Train employees on cyber risks at least annually, if not quarterly.
In response to one jeweler’s question, Myers said business owners can require employees who connect personal devices to the store’s Wi-Fi to update those devices when prompted. She recommended writing it into the store’s policy.
The JSA also recently released a list of cybersecurity recommends, which was included in National Jeweler’s article about Saks getting hacked.
More on Events & Awards
The Latest
SurveysSep 18, 2025
Deloitte Thinks the Holidays Will Be Merry, PwC Isn’t So Sure In its holiday report, PwC said the season will be more like jazz—improvisational and less predictable—than an easy-to-follow melody.
MajorsSep 18, 2025
Pandora to Open New Distribution Center in MarylandThe jewelry giant will relocate its existing facility to a larger space in Anne Arundel.
Brought to you by
reDollar.com Is Rolling Out the Next Level Jewelry, Diamond & Watch Consignment ProgramWith their unmatched services and low fees, reDollar.com is challenging some big names in the online consignment world.
SourcingSep 18, 2025
SSEF Opens Applications for 2 Gemology Education Scholarships The awards include tuition for a course at the Swiss lab, economy flights, and hotel accommodation.
Weekly QuizSep 12, 2025
This Week’s QuizTest your jewelry news knowledge by answering these questions.
TechnologySep 18, 2025
Hill & Co. Launches AI Strategy ProgramThe 21-day program was designed to help jewelry retailers identify opportunities and eliminate inefficiencies with AI.
AuctionsSep 17, 2025
Mythical Set of Patek Philippe Pocket Watches Expected to Sell for $10M+A set of four Patek Philippe “Star Caliber 2000” pocket watches is part of Sotheby’s upcoming auction in Abu Dhabi.
Brought to you by
Rallying Call for the Jewelry Industry on Tariffs and Other Key IssuesJewelers of America is leading the charge to protect the industry amidst rising economic threats.
TrendsSep 17, 2025
Silvia Furmanovich’s Book Tells the ‘Journey of a Jeweler’The Brazilian jeweler’s latest book marks her namesake brand’s 25th anniversary and tells the tale of her worldwide collaborations.
WatchesSep 17, 2025
Bob’s Watches Acquires Vintage Rolex Won on ‘The Price is Right’ The Submariner Ref. 1680 with a Tiffany & Co. dial came from the original owner, who won it as a prize on the game show in the 1970s.
TechnologySep 17, 2025
Jewelers Mutual Launches Shipping Solution App for Shopify The new integration allows users to manage shipments directly from the Shopify dashboard.
EditorsSep 16, 2025
Out & About: 7 Great Quotes From Converge in CarlsbadAt Converge 2025, Editor-in-Chief Michelle Graff attended sessions on DEI, tariffs, security, and more. Here are her top takeaways.
CrimeSep 16, 2025
2 Robbery Suspects Killed in California Pawn Shop ShootoutSix people were shot last week at an Oakland cash-for-gold shop as employees exchanged gunfire with individuals trying to rob the store.
CollectionsSep 16, 2025
Chopard Adds New Designs to Its ‘Ice Cube’ Capsule CollectionThe jeweler has expanded its high jewelry offering, which launched last year, with new pieces featuring its cube motif that debuted in 1999.
SourcingSep 16, 2025
Natural Diamond Council Launches Retailer Accreditation ProgramBen Bridge Jeweler and Lux Bond & Green were a part of the pilot program.
EditorsSep 15, 2025
Skipping the Necklace, Embracing Snakes: The Best Jewelry From the 2025 Emmy AwardsAssociate Editor Natalie Francisco shares eight of her favorite jewelry looks from the 77th annual Primetime Emmy Awards, held Sunday night.
SurveysSep 15, 2025
Resilient Shoppers to Boost Holiday Retail Sales, Says DeloitteIt’s predicting a rise in retail sales this holiday season despite economic uncertainty and elevated inflation.
SourcingSep 15, 2025
Gemfields Achieves $32M at High-Quality Emerald AuctionIt included the sale of the 11,685-carat “Imboo” emerald that was recently discovered at Kagem.
SourcingSep 15, 2025
AGTA Elects 8 Members to Board of Directors The newly elected directors will officially take office in February 2026 and will be introduced at the organization’s membership meeting.
EditorsSep 12, 2025
Out & About: Mining Sapphires in Rock Creek, MontanaAssociate Editor Lauren McLemore headed out West for a visit to Potentate Mining’s operation hosted by gemstone wholesaler Parlé Gems.
TrendsSep 12, 2025
Piece of the Week: Arunashi’s Fordite and Rhodolite EarringsFordite is a man-made material created from the layers of dried enamel paint that dripped onto the floors of automotive factories.
Policies & IssuesSep 11, 2025
Supreme Court to Hear Tariffs Case in November A decision likely won’t come until January 2026 at the earliest, and the tariffs remain in effect until then.
MajorsSep 11, 2025
Tabayer Opens Nordstrom Shop-In-ShopLocated in the revamped jewelry hall at the retailer’s New York City flagship, this opening is Tabayer’s first shop-in-shop.
SourcingSep 11, 2025
Need to Sell More Natural Diamonds? De Beers Has an App for ThatThe new, free app offers accessible educational content, like games and podcasts, for U.S. retailers.
MajorsSep 10, 2025
Stuller to Swap Gold Scrap for Full Credit to AccountAs the gold price rises, the manufacturer is offering a 100 percent payout through Sept. 30 for gold clean scrap.
SourcingSep 10, 2025
Tech Meets Style in the New Loewe x Jacob & Co. HeadphonesJacob & Co. partnered with the German technology company on two pairs of headphones, one set with diamonds and the other with sapphires.
TrendsSep 10, 2025
Tiffany & Co. Archival Jewels Bring Life to ‘Frankenstein’Guillermo del Toro’s 2025 “Frankenstein” will feature 27 jewels and objects from the storied brand, including pieces from its archives.
