Presented by: Grant Hansen (Chief Information Security Officer), Mary Myers (Manager of Security and Controls), and Dan Tober (Senior Manager, Asset Protection)
Webinar Agenda
Cybersecurity Awareness & Culture
- Security begins with employee education and ongoing conversations, not just annual reminders.
- Build a “layered” defense—no single tool is enough.
Common Threats & Definitions
- Phishing (email), Vishing (phone), Smishing (text): social engineering attempts to steal sensitive information.
- Data Breach: unauthorized access to confidential information.
- Ransomware: malware that locks or threatens to expose data unless ransom is paid.
Cybersecurity Best Practices
- Protect what matters most: customer data, payment records, employee info, store layouts, safes, IoT devices (locks, cameras).
- Establish unique accounts with role-based access.
- Use strong authentication: MFA plus long, complex passphrases.
- Regularly back up critical data, with offsite or cloud storage separated from the source system.
- Patch and update systems promptly.
- Consider external cybersecurity expertise when needed.
Case Study: MGM Ransomware Attack
- Attackers used vishing to trick a help desk into resetting MFA tokens.
- Compromised identity system (Okta) gave wide access.
- Sensitive data was encrypted and exfiltrated.
- MGM chose not to pay ransom, relying on cyber insurance.
- Takeaway: layered defenses (firewalls, monitoring, access controls, backups) are essential.
Physical Security Considerations (Dan Tober)
- Cameras: place broadly (sales floor, stock room, POS) and specifically (data centers, offices). AI-driven cameras can detect suspicious patterns.
- Video Storage: keep recordings in the cloud or offsite; criminals often destroy on-site systems.
- Alarm Systems: dual communication (IP + cellular), regular response drills, escalation procedures with alarm company & law enforcement.
- Emerging Threats: criminals testing systems with power cuts or Wi-Fi/cell jammers.
- Video Verification Services: remote monitoring, voice warnings, and faster law enforcement response.
Top Takeaways
- Build and maintain a culture of security.
- Identify and protect your most sensitive information.
- Incorporate both cyber and physical technology into your security plan.
- Seek expertise—whether from Jewelers Mutual or trusted third parties.
- Train continuously—security is ongoing, not one-time.
