b'THE STATE OF RETAIL DIAMONDSJEWELRYCOLORED DESIGN STONESThe jewelry industry needs more cybersecurity education.doing in-depth research into a jeweler and their business in order to Independent, family-owned businesses can be a wealth of informa- attempt to defraud them. tion, carrying on generational know-how and exhibiting top-tier cus- Pretending to be a known contact or supplier, the phishing email tomer service skills that rival, or even best, their big-name competitors. will ask the recipient to make a payment or send out jewelry.What many lack in comparison, however, is cybersecurity expertise. The specific research the cybercriminals are doing, which is also A 2022 Nationwide Insurance survey found that just over half (56known as pretexting, has been something theyve had a considerable percent) of small business owners offer cybersecurity training once aamount of success with in specific cases, says Ruddock.year, compared with 94 percent of middle-market companies.While some phishing schemes target an individual, most dont. Less than 30 percent of those surveyed said they have cyber lia- Often, a mass email is sent with the idea that some percentage of bility insurance, compared with 83 percent of middle-market firms.recipients will fall for it.Independent jewelers far too often slip into the cybersecurityPhishing schemes, sophisticated or not, are one of the most common learning gap. cybercrimes affecting jewelers, he says, and there are key things to be I would say generally they are not well informed, says Ryanwary of when an email is received.Ruddock, senior crime analyst at the Jewelers Security Alliance. Red flags include misspellings and poor grammar, as well as emails We havent had a very large sample size, but we have had enoughthat create a sense of urgency, pushing the recipient to do something that I would say jewelers still need to have ongoing education andquickly and without thinking.increased awareness to prevent future [cybercrime]Be wary of email spoofing, which is when an incidents from occurring. email is sent from an address thats Jewelers Mutuals Chief Informationalmost, but not quite, identical to a Security Officer Grant Hansen saysgenuine email address for a contact. cybercrime is beginning to show upTwo lowercase letter ns side by side on jewelers radars as the frequency ofare commonly used to mimic m, notes incidents increases, but the subject canCompanies shouldRuddock as an example.take a back seat to the more high-pro- only be keeping theA good rule of thumb is to delete any file concerns affecting jewelers, such asinformation thatsemail that doesnt look right and verify burglary and robbery.absolutely critical forthe request with the vendor or customer However, a cybercrime attack can beby phone.just as costly, both monetarily and to athem to conduct theirIf a link in a possible phishing email is jewelers reputation. business functions. clicked, the recipient should disconnect The Nationwide survey found that, Ryan Ruddock, from Wi-Fi, which could prevent malware on average, cyber liability claims rangeJewelers Security(malicious software) from being installed from $15,000 to $25,000. The averageAlliance on the computer; run an antivirus scan; and recovery time for a business is 279 dayschange passwords.three-quarters of a year. To combat phishing scams, Ruddock Notably, 76 percent of consumers sur- recommends turning to the experts.veyed said they would stop doing businessHire a company that specializes in with a company responsible for a data breach that impacted them. phishing training and make sure youre taking the necessary steps Every business, large or small, needs to stay vigilant to cyber- to remediate and prevent future sophisticated phishing attacks, crimes and keep cybersecurity top of mind with staff. Cybercrimehe says.experts say it is more accurate to say when versus if whenProfessor Jason Hong of Carnegie Mellon Universitys Human- talking about a cyberattack. Jewelers need to prepare accordingly,Computer Interaction Institute is one such expert.says Hansen. In 2004, he and a team began researching phishing schemes and why people fall for them, backed by funding from the National Social engineering and phishing schemes are growing threats. Science Foundation.Phishing, the practice of sending emails pretending to be a rep- Back when we were doing this research, a lot of people didnt utable company under the guise of stealing personal informationthink cybersecurity training could work at all because it tended to be like passwords and credit card numbers, may sound familiar, butreally boring and dry, he says. We figured we could actually make it there is another, more sinister layer to the scheme jewelers need tofun and interesting.know about.Around 2007, Hong was part of a team at the universitys CyLab Social engineering, a form of impersonation, adds a level of com- Usable Privacy and Security (CUPS) Laboratory that developed an plexity to phishing scams. online game called Anti-Phishing Phil, an interactive cybersecurity Social engineering has been referred to as the art of human hack- educational tool.ing and it entails individuals researching members of the company,Its a game where youre Phil the Fish and your job is to eat all the their positions, their job functions, and then impersonating themgood worms and to avoid all the bad worms. And every worm has a through emails, says Ruddock. web address associated with it and you have to differentiate between Its a more targeted form of phishing wherein the criminal isthe good ones and the bad ones, explains Hong.Continued on page 1816 STATE OF THE MAJORS 2023'