Insurance agents and brokers are not exempt from following the new guidance the National Association of Insurance Commissioners (NAIC) recommended in April. They, as well as insurance companies and agents, can be held liable for the loss of prospect or client Protected Health Information (PHI) or personally identifiable information (PII), such as a person's full name, date of birth, address, and Social Security numbers.

The Principles for Effective Cybersecurity: Insurance Regulatory Guidance looks to state insurance regulators "to ensure that personally identifiable consumer information held by insurers, producers and other regulated entities is protected from cybersecurity risks." The guidance encourages insurers, agencies and producers to secure data and maintain security with nationally recognized efforts such as those embodied in the National Institute of Standards and Technology (NIST) framework.

Independent producers may not have the resources to abide by the NIST framework, but they can still take the following precautions to secure private data.

• Beware of e-mails with attachments or links urging immediate action. E-mails with malicious links or malicious attachments are one of the biggest causes of compromise. If you click on a link or attachment that is malicious, malware or malicious software can automatically be downloaded onto your computer without your knowledge.
• Be wary of e-mails from friends with unexpected links or attachments, including photos. If your friend's e-mail account has been compromised, an attacker may be the actual one sending you that e-mail from your friend's account.  
• Migrate to a modern operating system and hardware platform. Both Windows 8 and 7 provide substantial security enhancements over earlier Windows operating systems like XP. On newer operating systems, many security features are enabled by default and help prevent many common attack vectors. For any Windows-based operating system (OS), verify that Windows Update is configured to provide updates automatically and that the firewall is active.
• Update an older iPhone or iPad to the latest IOS Version to provide "over the air" updates without connecting directly to Apples iTunes software.
• Keep third-party application software up-to-date. Periodically check key applications for updates. Be sure that when you update your applications you go directly to the software's website rather than click on any pop-ups as those may contain malicious software.

• Use wireless Wi-Fi Protected Access 2 (WPA2) instead of WEP (Wired Equivalent Privacy) if you use wireless at home.
• Select a wireless router with Guest Access so that other people are not in or near your home using your wireless network, which should remain private for business.
• Verify the appropriate Wi-Fi network whenever you are using wireless network at a public place like a restaurant, coffee shop or hotel. Attackers often set up "spoof" networks near public places and name their networks with a similar name to the location. For example, at O'Hare airport you may see on your computer that you have access to one wireless network called Ohare and one called Chicago Airport. Ask an employee which is the official name of the network you should connect to so you don't fall for the spoof network.
• Ensure your computer is password protected so an intruder would be unable to access data if it were to fall into the wrong hands.
• Use a Virtual Private Network (VPN) to ensure that all your traffic is encrypted when you are on a public wireless network. VPN solutions are available for personal computers, and iPhone and Android platforms.

A security consultant who specializes in threats and cybersecurity can assess networks and help ensure that companies are aligned with the NIST Framework and other highly regarded cybersecurity standards, such as those of the SANS Institute, a cooperative organization of security professionals from around the world.