b'THE STATE OF RETAIL DIAMONDSJEWELRYCOLORED DESIGN STONESWhat we suggest is employees utilize VPNs, or virtual privateto do, but theres a reason those software updates are there, he says.networks, to make sure their communications are encrypted andJSAs Ruddock has a list of helpful websites for jewelers to visit away from prying eyes, says Ruddock. (see box on page 19).When employees use their personal devices to access companyOne of the most important resources, however, may be the insur-records, there are some security unknowns, like which websitesance company. Prevention is key, but in the event of a cyberattack, theyre visiting, their downloads, potential malware, and a lack ofcyber liability insurance could be a saving grace.antivirus protection.Its increasing the opportunity for anJewelers should look into cyber attacker to potentially compromise yourliability insurance.business systems if theres no separation,Jewelers Mutual, as well as many other he says. insurance providers, offer products that In addition to using a VPN, he recom- will cover the financial and reputational mends employees install antivirus andSecurity training is afallout related to the impact of certain antimalware software on their computerscybercrimes.and keep those programs up to date. lot like literacy ItsA cyber event can result in a signif-The same applies to employees whosomething you justicant financial loss for a jeweler, says work from their personal cell phones. Ifhave to do with everyHansen. Cyber liability coverage that they are accessing company systems viageneration. steps in to indemnify a jeweler for their their phone, its an increased challenge, Jason Hong, financial loss and pays for professional he says. Carnegie Mellonassistance to mitigate the damage caused If an employer can afford to give employ- University by a data breach makes this coverage ex-ees work cell phones, says Ruddock, thatstremely important.the ideal scenario. Data breach and cyber-related protec-Regardless of where employees aretions can be added on to a jewelers block working, Jewelers Mutuals Hansen alsopolicy, providing coverage for privacy and recommends the use of access controls,security breaches, cyber extortion, cyber-meaning employers should determine the appropriate level ofterrorism, or cybercrime, like phishing schemes. In some cases, employee access to data, apps, and resources, giving necessaryinsurance may even cover a ransomware payment.authorization only. Our cyber liability There should also be an incident response protocol in place socoverage endorsement is employees know who to reach out to in the event of a possiblealready in place for many cybersecurity incident. of our jewelers, he says. We expect jewelers are These are the tips and resources jewelers need to know. having more conversations There are many resources available for jewelers looking to learnabout cyber coverage with more about cybercrime and how to prevent it. their agents or brokers.It can be an arduous task, but Professor Hong proposes jewelersThis type of insurance look into whats known as their threat model. can cover first-party losses, This is probably one of the most important concepts in comput- like money lost due to er security, he says. What are you trying to protect? Who are youfinancial fraud, as well as liability trying to protect it from? And how important is it to you?claims, lawsuits, and regulatory What a jeweler spends on cybersecurity likely will be less thanpenalties.what they stand to lose by not protecting their business. Many states require a business to notify customers if personally Most cybersecurity is actually pretty basic, but putting it in prac- identifiable information has been released in a data breach, and that tice is the hard part, he says. process can be costly.His recommendations include stan- Cyber insurance can cover the costs of that notification as well as dard cybersecurity best practices, likefees related to recovering stolen data and restoring data and comput-setting up two-factor authenticationer systems to their state before the cyberattack.on important accounts, particularlySome policies may also cover the cost of hiring a forensic infor-email accounts.mation technology team to assess the extent of the breach and/or Hong advises creating stronghiring a public relations firm to help a business reputation if news of passwords for key accounts, avoidinga breach goes public. the reuse of passwords, and using aCustomer and vendor relationships within the jewelry industry are password manager to keep track. built and sustained on trust. A cyber event can adversely impact this level Also, Make sure youre installing theof trust. Jewelers must invest in the training, software and insurance that software updates, the ones we all hatebest protects and assists with the risk of cybercrime, says Hansen. 20 STATE OF THE MAJORS 2023'