Close
ThinkAdvisor

Retirement Planning > Social Security

Hey: Yes, the NAIC is talking to you

X
Your article was successfully shared with the contacts you provided.

Insurance agents and brokers should be thinking about the cybersecurity guidance that the National Association of Insurance Commissioners (NAIC) recommended in April.

Producers, as well as insurance companies, can be held liable for the loss of prospect or client protected health information (PHI) or personally identifiable information (PII), such as an individual’s full name, date of birth, address, and Social Security number.

The new NAIC guidance, The Principles for Effective Cybersecurity: Insurance Regulatory Guidance, calls for state insurance regulators “to ensure that personally identifiable consumer information held by insurers, producers and other regulated entities is protected from cybersecurity risks.”

The guidance encourages insurers, agencies and producers to secure data and maintain security with nationally recognized efforts, such as those embodied in the National Institute of Standards and Technology (NIST) framework.

Independent producers may not have the resources to abide by the NIST framework, but they can still take the following precautions to secure private data.

  • Beware of emails with attachments or links urging immediate action. Emails with malicious links or malicious attachments are one of the biggest causes of compromise.  If you click on a link or attachment that is malicious, you may download “malware,” or malicious software, onto your computer without your knowledge.

  • Be wary of emails from friends with unexpected links or attachments, including photos. If your friend’s email account has been compromised, an attacker be using your friend’s account to send you that email.  

  • Migrate to a modern operating system and hardware platform. Both Windows 8 and 7 provide substantial security enhancements over earlier Windows operating systems like XP. On newer operating systems, many security features are enabled by default and help prevent many common attack vectors. For any Windows-based operating system (OS), verify that Windows Update is configured to provide updates automatically and that the firewall is active.

  • Update an older iPhone or iPad to the latest iOS Version to provide “over the air” updates without connecting directly to Apples iTunes software.

  • Keep third-party application software up-to-date. Periodically check key applications for updates. Be sure that when you update your applications you go directly to the software’s website rather than click on any pop-ups as those may contain malicious software.

  • Use wireless Wi-Fi Protected Access 2 (WPA2) instead of WEP (Wired Equivalent Privacy) if you use wireless at home.

  • Select a wireless router with guest access so that other people are not in or near your home using your wireless network, which should remain private for business.

  • Verify the appropriate Wi-Fi network whenever you are using wireless network at a public place like a restaurant, coffee shop or hotel. Attackers often set up “spoof” networks near public places and name their networks with a similar name to the location. For example, at O’Hare airport you may see on your computer that you have access to one wireless network called OHare and one called Chicago Airport. Ask an employee which is the official name of the network you should connect to so you don’t fall for the spoof network.

  • Ensure your computer is password-protected, so an intruder would be unable to access data if it were to fall into the wrong hands.

  • Use a virtual private network (VPN), to ensure that all your traffic is encrypted, when you are on a public wireless network. VPN solutions are available for personal computers, and for iPhone and Android platforms.

Insurance agencies and insurance companies should work with professional security consultants to help them ensure they maintain security that is in alignment with the NIST standards and other relevant standards.

A security consultant who specializes in threats and cybersecurity can assess networks and help ensure they are aligned with the NIST Framework and other highly regarded cybersecurity standards, such as those of the SANS Institute, a cooperative organization for security professionals from around the world.

See also: What every independent agent needs to know about cybersecurity