Digital security for jewellers: protect yourself from hackers and scammers

Ecommerce has boomed as a result of lockdown regulations. Jewellers who previously had lagged the trend quickly felt the disadvantages of not having a digital retail presence, and many sites were cobbled together quickly as something to tick off the list. But these sites are not a one-and-done job.

  • Is anyone taking care of maintenance and security updates for your platforms?
  • Are your databases and client lists protected?
  • Is your website backed up? (The domain it’s live on is NOT a storage facility!) Speak to your web designer if you’re not sure, as a hack might result in it being lost entirely.

Cybercriminals are evolving in sophistication, in parallel with the progression of technology, and your digital assets may be at risk. This is by no means limited to a webstore – so keep reading even if your only retail space is physical.

Social media is one place that most people wouldn’t consider a potentially risky environment, but attacks on these accounts can be devastating for the successful businesses that are targeted. One jeweller in the UK lost the channel she made 50% of her sales through when her Instagram account was hacked in March this year. She clicked on a link from a genuine-looking message about copyright that appeared to have been sent from Instagram. She recounts:

“It looked like I had been locked out and then it seemed the page had been taken down. I signed in and that was it. They very quickly added two-factor authentication and, after that, I received an email blackmailing me if I wanted to get my account back. There is little support from Instagram, they make it impossible for any direct communication and are nowhere to be seen in a crisis.”

Threats come in many forms. These include phishing (messages that are fashioned to look like they are from a legitimate source to trick the reader into playing into a cybercriminal’s hands, as above) and hacks, which are a heightened risk if you have fibre or other kinds of fast internet that your devices are always connected to.

In 2021 it almost goes without saying, but antivirus and antimalware software should be on all computers, and all software kept updated, especially when patches are released. Employees should not be allowed to download software without permission, and personal memory sticks or USB hard drives should not be allowed on your company computer system. Passwords should be complicated, unique and strong.

Most people are wary of opening any attachments that come from unfamiliar addresses, but the battered economies around the globe have made for a grave combination of businesses desperate for trade and hungry hackers looking to exploit this potential lapse in judgement. Make a habit of looking for unfamiliar domain extensions, misspellings, and other anomalies in sender addresses.

Likewise, don’t drop your guard when it comes to payments. Never deviate from the rules set out in the merchant account agreement when accepting payment by card, or you’ll struggle to be refunded in the case of a fraudulent sale. Check card signatures and any information about card expirations and numbers provided by the potential customer that seems suspicious or that doesn’t match. It’s good practice to record how the transaction was made (via phone, in person etc.) for ease of follow-up if there are issues later.

Impersonation of vendors is a tactic that is increasing in occurrence. Make sure your employees never give out information about staff, customers, ordering and delivery procedures, or payment methods. If there’s ever any doubt about the identity of the person making the request, offer to call them back on the details you have for them rather than an alternative number they might provide. Tracking numbers or parcels are a particularly sensitive piece of information, as scammers can redirect the shipment to themselves.

It’s a good idea to make your employees aware of the gravity of this threat, and ask them to read and sign a cyber security policy. Back in 2015, cybercrime was already responsible for more illicit money moving around the globe than all drug trafficking combined.

It can happen to you, and indeed it thrives because most of us don’t take our digital security seriously enough.