Insurance agents and brokers are not exempt from following thenew guidance the National Association of Insurance Commissioners(NAIC) recommended in April. They, as well as insurance companiesand agents, can be held liable for the loss of prospect or clientProtected Health Information (PHI) or personally identifiableinformation (PII), such as a person's full name, date of birth,address, and Social Security numbers.

The Principles for EffectiveCybersecurity: Insurance Regulatory Guidance looks tostate insurance regulators "to ensure that personally identifiableconsumer information held by insurers, producers and otherregulated entities is protected from cybersecurity risks." Theguidance encourages insurers, agencies and producers to secure dataand maintain security with nationally recognized efforts such asthose embodied in the National Institute of Standards andTechnology (NIST) framework.

Independent producers may not have the resources to abide by theNIST framework, but they can still take the following precautionsto secure private data.

• Beware of e-mails with attachments or links urging immediateaction. E-mails with malicious links or malicious attachments areone of the biggest causes of compromise. If you click on a link orattachment that is malicious, malware or malicious software canautomatically be downloaded onto your computer without yourknowledge.
• Be wary of e-mails from friends with unexpected links orattachments, including photos. If your friend's e-mail account hasbeen compromised, an attacker may be the actual one sending youthat e-mail from your friend's account.  
• Migrate to a modern operating system and hardware platform.Both Windows 8 and 7 provide substantial security enhancements overearlier Windows operating systems like XP. On newer operatingsystems, many security features are enabled by default and helpprevent many common attack vectors. For any Windows-based operatingsystem (OS), verify that Windows Update is configured to provideupdates automatically and that the firewall is active.
• Update an older iPhone or iPad to the latest IOS Version toprovide "over the air" updates without connecting directly toApples iTunes software.
• Keep third-party application software up-to-date. Periodicallycheck key applications for updates. Be sure that when you updateyour applications you go directly to the software's website ratherthan click on any pop-ups as those may contain malicioussoftware.

• Use wireless Wi-Fi Protected Access 2 (WPA2) instead of WEP(Wired Equivalent Privacy) if you use wireless at home.
• Select a wireless router with Guest Access so that other peopleare not in or near your home using your wireless network, whichshould remain private for business.
• Verify the appropriate Wi-Fi network whenever you are usingwireless network at a public place like a restaurant, coffee shopor hotel. Attackers often set up "spoof" networks near publicplaces and name their networks with a similar name to the location.For example, at O'Hare airport you may see on your computer thatyou have access to one wireless network called Ohare and one calledChicago Airport. Ask an employee which is the official name of thenetwork you should connect to so you don't fall for the spoofnetwork.
• Ensure your computer is password protected so an intruder wouldbe unable to access data if it were to fall into the wronghands.
• Use a Virtual Private Network (VPN) to ensure that all yourtraffic is encrypted when you are on a public wireless network. VPNsolutions are available for personal computers, and iPhone andAndroid platforms.

A security consultant who specializes in threats andcybersecurity can assess networks and help ensure that companiesare aligned with the NIST Framework and other highly regardedcybersecurity standards, such as those of the SANS Institute, acooperative organization of security professionals from around theworld.

Dan Bonnet is the director, small and medium business –North America for Dell SecureWorks, a global informationservices security company that helps organizations reduce risk, andimprove regulatory compliance.