On the offensive: Don’t let a data breach put a damper on your holiday sales

by charlene_voisin | December 1, 2014 9:00 am

By David J. Sexton

bigstock-Hacker-Downloading-Information-54573749[1]
When you think about theft within your business, protecting your inventory is probably the first thing that comes to mind. Unfortunately, there are other ways your business can be harmed. Data theft and fraud can have an even greater financial impact on your bottom line.

If you’re storing records electronically, taking payment via credit card, or paying employees, you’re working with personally identifying information, which includes details beyond already public knowledge, such as account numbers. When that information is breached, it can be big news and cause serious damage to your reputation and bottom line.

So how can you keep safe something you can’t really see or touch? Consider the following:

Limit what is portable. One lost laptop can unveil a plethora of personal data, ranging from employees’ social insurance numbers to customers’ credit card numbers. Set a password on your computer and store your records on an encrypted hard drive.

While some hackers have gotten around encryption, it is considerably more difficult to access encrypted data versus unencrypted data. Another benefit to using encryption is that, in some provinces, you’re only required to report breaches to customers when the data was unencrypted.[2]

Keep your eye on employees. When you’re thinking about data breach and cyber-related security issues, it’s not just some faraway hackers you need to worry about. Nearly 47 per cent of recorded breaches are due to malicious attacks, which is the combination of hacking and insider theft[3]. That’s why it’s important to limit the number of employees who have access to sensitive data.

A computer flash drive or music file-sharing software  and access to the files is all it takes for an employee to create a data breach. Nearly two-thirds of data breaches are due to human error and systems glitches[4]. Even when the breach is accidental, the information trusted to your business could be in criminals’ hands.

You May Also Like  Perpetual change: Zilberschmuck artists interpret 'transformation'

Shred your files. As with most types of traditional crime, jewellers are at special risk for data breach. Invest in hiring a reputable and secure shredding and disposal service to protect any printed copies of information you work with on a daily basis.

To help prevent a data breach, set a password on your computer and store your records on an encrypted hard drive.[5]
To help prevent a data breach, set a password on your computer and store your records on an encrypted hard drive.

Clear your copier’s hard drive. When you make a physical copy of sensitive data, that information doesn’t necessarily disappear when the paper is shredded. Nearly every copier contains a hard drive, which means it stores a copy of every document you scan, print, copy, or fax through it.

If you decide to sell or stop using a copier, make sure you clear its hard drive first. Also, consider purchasing security or encryption for your copier, which most manufacturers offer.[6]

Keep your software up to date. Hackers focus on weak spots in software. When the companies who make software uncover the weaknesses, they release software updates, also known as patches, to fix them. Keeping your software updated can reduce your vulnerability.

Limit your data. Don’t collect information unless it’s essential to your business. When you have critical data, limit the number of places where you store it. Purge the data when you no longer need it.

Consider hiring a reputable and secure shredding and disposal service to protect any printed copies of information you work with on a daily basis.[7]
Consider hiring a reputable and secure shredding and disposal service to protect any printed copies of information you work with on a daily basis.

Don’t be the victim of fraud. When thieves steal bank account or credit card information, they typically work fast to make purchases before the account is shut down.

Be alert when you accept credit card payments. If someone from out of the area tries to purchase merchandise over the phone or online and pushes for speedy shipment, it’s good to be suspicious. Ask the credit card company or bank to contact the account holder to verify the transaction.

If you accept cheques for payment, always require two forms of identification, including photo ID. If you’re not selling in an area known for tourism, consider accepting only local cheques. If someone gives you a certified, cashier’s, or personal cheque after hours or on weekends—when you can’t verify the funds at your bank—think twice about accepting it.

You May Also Like  Vigilance remains key in fraud protection

Speak with IT. E-commerce provides opportunity for your business, but it also increases your risk of data breach and cyber-related security issues. Be sure your IT department or e-commerce providers have sound security protocols in place. Ask them to create data breach emergency response plans if they don’t already have one in place, and stress your concern about protecting personally identifiable information.

Make sure you’re covered. If a data breach occurs, it’s not something you can keep quiet. Provincial and federal laws may require you to notify customers and a simple “I’m sorry” letter might not be enough. Ensure you’re prepared for the public relations headaches and credit monitoring that could be involved with a data breach by contacting your insurance provider.

David J. Sexton, CPCU, is vice-president of loss prevention consulting at Jewelers Mutual Insurance Co., in the United States. A graduate of the University of Wisconsin, Sexton serves on the Underwriters’ Laboratories’ (UL) Security Systems Council, where he is a corporate member of the insurance category. He also sits on the board of directors for Jewellers Vigilance Canada (JVC), and worked on the Central Station Alarm Association’s (CSAA’s) Insurance Liaison Committee that assisted in the development of the UL burglar alarm modular certificate program and revised UL standard. Comments and questions can be sent to Sexton via e-mail at lossprevention@jminsure.com[8].

For training resources regarding safety and security when carrying or working with jewellery, visit JM University at JewelersMutual.com[9]. Jewelers Mutual Insurance Company is the only company specializing exclusively in jewellery insurance in the United States and Canada. It is licensed in all 50 U.S. states and Canada.

Endnotes:
  1. [Image]: http://www.jewellerybusiness.com/wp-content/uploads/2014/12/bigstock-Hacker-Downloading-Information-54573749.jpg
  2. Another benefit to using encryption is that, in some provinces, you’re only required to report breaches to customers when the data was unencrypted.: http://www.krollcyber
  3. Nearly 47 per cent of recorded breaches are due to malicious attacks, which is the combination of hacking and insider theft: http://www.privacyrights.org/data-breach
  4. Nearly two-thirds of data breaches are due to human error and systems glitches: http://www4.symantec.com/mktginfo/whitepaper/053013_GL_NA_WP_Ponemon
  5. [Image]: http://www.jewellerybusiness.com/wp-content/uploads/2014/12/bigstock-Internet-security-concept-hack-51220297.jpg
  6. Also, consider purchasing security or encryption for your copier, which most manufacturers offer.: http://www.cbsnews.com/news/digital-photocopiers-loaded-with-secrets/
  7. [Image]: http://www.jewellerybusiness.com/wp-content/uploads/2014/12/bigstock-Pile-Of-Shredded-Paper-Confi-41707864.jpg
  8. lossprevention@jminsure.com: mailto:lossprevention@jminsure.com
  9. JewelersMutual.com: http://JewelersMutual.com
You May Also Like  Travel safety for jewellers

Source URL: https://www.jewellerybusiness.com/features/on-the-offensive-dont-let-a-data-breach-put-a-damper-on-your-holiday-sales/

Copyright ©2025 Jewellery Business unless otherwise noted.