An NFC tag (as defined by the NFC Forum's Tag Operation specifications) is simple memory without any security mechanisms. Therefore, you cannot protect it from being read and cloned to another tag*.
*) As corvairjo wrote, tags typically have a read-only part that contains a (more or less) unique identifier. However, as opposed to what corvairjo states, this does not really prevent cloning. For most tag technologies, you can get tags that permit overwriting/customization of even that "unique" identifier. Even if no such tags exist yet, it is fairly easy to create a card emulator that emulates such a tag containing the original tag's serial number (such hardware exists, e.g. ProxMark).
Beyond pure NFC tags, some tag manufacturers provide tags with cloning protection. However, in the low cost segment (e.g. the signature feature of the new NTAG series) tags often do not really provide cloning protection (NTAG signature only prevents creation of tags with arbitrary UIDs but does not prevent cloning including the static(!) signature). Still, tags with usable cloning protection do exist.