Insurance agents and brokers are not exempt from following the new guidance the National Association of Insurance Commissioners (NAIC)
recommended in April. They, as well as
insurance companies and agents, can be
held liable for the loss of prospect or client Protected Health Information (PHI) or
personally identifiable information (PII),
such as a person’s full name, date of birth,
address, and Social Security numbers.
The Principles for Effective Cybersecurity: Insurance Regulatory Guidance looks to state insurance regulators
“to ensure that personally identifiable
consumer information held by insurers,
producers and other regulated entities
is protected from cybersecurity risks.”
The guidance encourages insurers,
agencies and producers to secure data
and maintain security with nationally
recognized efforts such as those embodied
in the National Institute of Standards and
Independent producers may not have
the;resources;to;abide;by;the;NIST;frame-work, but they can still take the following
precautions to secure private data.
links urging immediate action. E-mails
with malicious links or malicious attachments are one of the biggest causes
of compromise. If you click on a link or
attachment that is malicious, malware
or malicious software can automatically be downloaded onto your computer
without your knowledge.
unexpected links or attachments, in-
cluding photos. If your friend’s e-mail
account has been compromised, an
attacker may be the actual one send-
ing you that e-mail from your friend’s
and hardware platform. Both Windows
8 and 7 provide substantial security
enhancements over earlier Windows
operating systems like XP. On newer
operating systems, many security fea-
tures are enabled by default and help
prevent many common attack vectors.
For any Windows-based operating sys-
tem (OS), verify that Windows Update
is configured to provide updates auto-
matically and that the firewall is active.
latest IOS Version to provide “over the
air” updates without connecting direct-ly;to;Apples;i Tunes;software.
• Keep third-party application software
up-to-date. Periodically check key applications for updates. Be sure that
when you update your applications
you go directly to the software›s website rather than click on any pop-ups as
those may contain malicious software.
• Use wireless Wi-Fi Protected Access
2 (WPA2) instead of WEP (Wired
Equivalent Privacy) if you use wireless
•;Select;a;wireless;router;with;Guest;Ac-cess so that other people are not in or
near your home using your wireless
network, which should remain private
whenever you are using wireless net-
works at a public place like a restaurant,
coffee shop or hotel. Attackers often set
up “spoof” networks near public places
and name their networks with a simi-
lar name to the location. For example,
at O’Hare airport you may see on your
computer that you have access to one
wireless network called Ohare and one
called Chicago Airport. Ask an em-
ployee which is the official name of the
network you should connect to so you
don’t fall for the spoof network.
•;Ensure;your;computer;is;password;pro-tected so an intruder would be unable
to access data if it were to fall into the
to ensure that all your traffic is encrypted when you are on a public wireless
network. VPN solutions are available
for personal computers, and iPhone
and Android platforms.
A security consultant who specializes in threats and cybersecurity can
assess networks and help ensure that
companies are aligned with the NIST
Framework and other highly regarded
cybersecurity standards, such as those of
the SANS Institute, a cooperative organization of security professionals from
around the world.
By Dan Bonnet,
Dell Secure Works