“Hacked Fifth Avenue: Data Stolen from Saks, Lord & Taylor.” JCK, April 4, 2018.
“Saks, Lord & Taylor the Latest Hit by Hackers” National Jeweler, April 4, 2018.
“In 2017 JSA recorded a large dollar increase in cyber-enabled thefts by deception and impersonation.” JSA 2017 Annual Crime Report, page 2.
According to the FBI and other law enforcement sources, more and more crime is becoming cyber-enabled. Just as jewelers must take proper security steps to be prepared for the robber or sneak thief, jewelers must also take proper security measures in the digital world.
BASIC RECOMMENDATIONS FOR PREVENTING CYBER-ENABLED CRIME:
1. Have proper firewalls, anti-virus and anti-malware for all systems, and keep them up-to-date.
2. Don’t permit employees to use company internet-connected devices at work for personal use, or to download software without permission, or to introduce personal memory sticks into a company system.
3. Have strong, unique passwords.
4. Phishing - One of the main pathways for cyber criminals is to lead someone to open and click into a link in an email which will unleash malware to penetrate the system.
A. Don't open or click into unknown or suspicious emails.
B. Even emails from persons and customers or vendors that seem familiar can be spoof emails or someone who has obtained an email address which has a slight change to a real email address, like adding or changing an extra letter, or changing to .net, .org or some other extension.
C. Look for unfamiliar foreign domains, misspellings, and other anomalies.
5. Social engineering - “obtaining confidential information by manipulating and/or deceiving people.” Through impersonation, or through email correspondence, research on social media, or other means, cyber criminals obtain information on company personnel, customers, ordering and shipping procedures, payment methods, and other information, in order to facilitate a fraudulent transaction.
A. Be careful of the information you provide the public by email, website, social media
or phone.
B. Confirm the identify of the person you are talking to. If a transaction is involved, call
the known customer on the telephone to confirm that there has not been fraudulent
impersonation.
C. Never give out the tracking number of a Fedex or other merchandise shipment since this would permit a criminal to re-direct the shipment.
6. Avoid visiting questionable and risky sites, such as in the dark web.
7. Don’t download questionable apps from obscure or unknown companies.
8. Each firm should have a written cyber security policy which employees must read and sign.
9. Each firm should have regular staff meetings and periodic reviews of cyber protocols for the firm.
Visit JSA’s website, www.jewelerssecurity.org,, for more information on crime against jewelers or to post your own crime information.
