The Proton Blog

The GPT-5.6 rollout is another example of why European businesses can’t rely on US tech

Kate Menzies — Mon, 29 Jun 2026 18:16:53 GMT

Washington is now gating access to the most powerful new AI models coming out of US tech companies, including models that could eventually power products like ChatGPT. Unlike its previous rollouts, OpenAI won’t be able to release GPT-5.6 to the general public initially.

This isn’t the first time an AI product has been blocked from general availability. Just earlier this month, Anthropic faced restrictions on its new Fable 5 and Mythos models, with the EU even having to appeal to the US administration to gain access.

As new technology emerges in the US, European businesses are being left behind, and it’s accelerating with every new technological advance. Right now, this means AI models. But in the future, it could go further: blocking software updates, or even refusing to export hardware.

The US government is deciding who gets to use American technology, and in doing so they’re deciding Europe’s future.

What is GPT-5.6?

GPT-5.6 actually consists of three versions: Sol, Terra, and Luna. Each one targets a different audience, with Sol (the flagship model) offering agentic capabilities, Terra being a more balanced model for everyday work, and Luna offering speed and affordability (at $1 input / $6 output, compared to Sol’s $5 input / $30 output.)

OpenAI claims Sol is its strongest model, with an ‘ultra’ mode that “goes beyond the capabilities of a single agent by leveraging subagents to accelerate complex work.”

In recent months, more and more businesses have been adopting agentic systems. Autonomous AI agents work differently than the chatbots most people are familiar with — they combine the natural language processing capabilities of large language models (LLMs) with the ability to access tools and memory to take action on their own.

This presents a new world of possibilities for businesses: Smaller businesses with limited resources can outsource simple administrative tasks, data analysis, infrastructure inspection, risk monitoring, or customer service. Agents can be embedded into existing workflows to increase efficiency and productivity for businesses of any size, which is exactly why it’s worrying that access to new agentic models could be cut off from the EU.

If this trend continues, European businesses will be left behind, unable to compete against their global peers because of their dependence on US tech.

Why the US is controlling the GPT-5.6 release

In its release announcement, OpenAI laid out how its new model will be released:

“As part of our ongoing engagement with the US government, we previewed our plans and the models’ capabilities ahead of today’s launch. At their request, we are starting with a limited preview for a small group of trusted partners whose participation has been shared with the government, before releasing more broadly. During this preview, we will continue testing and coordinating closely with partners as we work toward broader availability.”

Concerns have been raised in Washington about the potential national security risks created by new and powerful AI models. While OpenAI claims that “GPT‑5.6 is trained to refuse prohibited cyber assistance, including when users attempt to disguise their intent or jailbreak the model”, it also notes that “no single safeguard is sufficient against determined or adaptive misuse”. Because this new model will be capable of making autonomous real-world actions, it could be a more powerful tool for legitimate and criminal means.

President Trump signed an executive order on June 2 ordering that a new classified benchmarking process for AI models be created by August 2026. The US government will use this process to “assess the advanced cyber capabilities of AI models and determine the threshold at which an AI model should be designated a ‘covered frontier model’”. AI developers must now provide the government with access to frontier models for a period of up to 30 days before they plan to release them.

While OpenAI said they “don’t believe this kind of government access process should become the long-term default”, there’s no public evidence to justify their optimism. OpenAI itself is even working with the government to develop the cyber framework, meaning it’ll be able to lobby for a framework that best suits Big Tech’s interests.

Why should European businesses be concerned?

The laws, executive orders, and national security frameworks shaping US tech were written with American interests in mind. European businesses are an afterthought at best, and a controlled market at worst.

As a business leader in Europe, the US restrictions on AI raise several red flags. In the future, you could suddenly lose access to existing software (known as a kill switch) or miss out on new innovation. As a result, your US competition could gain the upper hand. And even when you retain access to software, the vendor terms you relied on could suddenly change, as Copilot customers learned the hard way when Microsoft introduced flex routing.

The US government is willing to shut Europe and the rest of the world out of the most advanced tech available. The solution won’t come from America. It will come from European investment in a sovereign tech stack.

It’s time to choose European tech

If the US can gate access to new models, it can restrict access to the services European businesses are already running on. All it will take is an executive order, an export control decision, or a shift in geopolitical relations.

Alongside America’s increasing national tech protectionism, the European tech sovereignty movement has grown. Businesses have woken up to the reality that relying on US tech means losing control of your data and the reality that the US could switch off your access. Ironically, the US Ambassador to the EU recently warned that the European Chips Act “doesn’t sound very consistent with the EU-US trade framework agreement.”

To help address this challenge, we launched Proton Workspace this year, giving any business — including American firms — the ability to reduce their overreliance on Big Tech. It’s a secure European alternative that gives organizations email, cloud storage, VPN, AI assistant, video conferencing, and more, without the surveillance and US government overreach.

By design, Proton is:

Private and encrypted by default
Open source and audited by third-party security experts
Built with compliance in mind
Sovereign and protected from US surveillance

A European business suite doesn’t just break dependence on US tech and protect businesses from being shut out of their tools. It’s also a way to actively invest in an independent European tech sector that prioritizes business data protection and growing the European economy. If you want a world where access to the most advanced tech isn’t decided by your geographic location, consider moving away from US tech companies; they’re certainly moving away from you.

To learn more about AI, its business impact, and how privacy-first AI tools can help your organization, visit our AI hub.

What is a VPN passthrough?

Tom Odlin — Mon, 29 Jun 2026 17:33:09 GMT

A VPN passthrough is a router feature that allows VPN traffic to move through your firewall and Network Address Translation (NAT). It doesn’t create the VPN connection itself, but ensures your router doesn’t block a device on your network from connecting to an external VPN.

For most businesses, this isn’t something you need to configure or think about. Trusted VPNs like Proton VPN are built to work with NAT by default, so routers handle traffic automatically without need for any special rules.

Why does a VPN passthrough exist?

A VPN passthrough solves compatibility issues between older VPN protocols and newer network infrastructure. Most networks use NAT to allow multiple devices to share one public IP address. While this works for regular traffic, some older VPNs weren’t designed with NAT in mind.

Because older VPN protocols don’t always use standard ports or structures that NAT can interpret, the router can’t track where the data belongs, and the connection will fail. A VPN passthrough acts as a workaround that helps the router recognize and correctly route this type of traffic.

How does a VPN passthrough work?

A VPN passthrough is a set of mechanisms built into routers to support specific VPN protocols. When enabled, the router:

Identifies VPN traffic using specific protocols or ports
Applies special handling rules so encrypted packets are not dropped
Allows the connection to pass through NAT correctly

Without VPN passthrough, the router may block or misroute the traffic, preventing the VPN from connecting.

Types of VPN passthrough

Different VPNs handle data differently, so there isn’t a single type of passthrough. If you’re working with older systems, you may see different types of VPN passthrough depending on the protocol used.

PPTP passthrough

The point-to-point tunneling protocol (PPTP) is one of the oldest VPN types. It uses a protocol called Generic Routing Encapsulation (GRE) to send and receive data. However, NAT requires a port number to direct traffic, and GRE doesn’t use ports, which creates a conflict that causes the connection to drop.

PPTP passthrough solves this by adding a Call ID to the data. The router treats this ID as a port number, which allows the traffic to move through the firewall correctly.

L2TP passthrough

Layer 2 tunneling protocol (L2TP) works similarly to PPTP. To get past the NAT hurdle, L2TP passthrough assigns a Session ID to the data packets. This ID acts as a substitute for a port number, letting the router identify and route the traffic to the right device.

IPSec passthrough

IPSec (Internet Protocol Security) uses a technology called NAT Traversal (NAT-T) to navigate routers. It wraps the encrypted IPSec data inside a standard UDP packet.

Because routers already know how to handle UDP packets, the IPSec passthrough can establish a connection using a specific port (UDP 4500). This allows the router to correctly map and route the connection while keeping the encrypted data secure and untouched.

What is the difference between a VPN and a VPN passthrough?

A VPN is the service that protects your data. It encrypts your internet traffic and masks your IP address by routing your connection through a secure, remote server.

A VPN passthrough is a feature on your router. It doesn’t encrypt your data, hide your IP address, or provide any security on its own. Its only job is to recognize VPN traffic and allow it to pass through the router’s firewall.

If you’re using a good VPN, you generally do not need to worry about passthrough settings at all, as the router will handle it automatically.

VPN passthrough vs. VPN router

These two are often confused, but they serve very different purposes:

A VPN router actively encrypts and routes traffic for every device connected to it.
A VPN passthrough allows an individual device on your network to connect to an external VPN.

Do VPNs need passthrough?

In most cases, the answer is no. VPN protocols are built to handle NAT automatically. Protocols like WireGuard, OpenVPN, and IKEv2 are designed to allow routers to track connections and send data to the correct device without any manual setup or special rules.

Proton VPN relies exclusively on secure protocols, so it’s compatible with standard router configurations by default.

No manual configuration: You do not need to change any advanced settings in your router’s firmware to get connected.
Automatic compatibility: Proton VPN works with almost all home and office networking equipment right out of the box.
Better security: By avoiding older passthrough mechanisms, you also avoid the security vulnerabilities associated with legacy protocols like PPTP.

Unless you are using extremely old hardware or a highly restrictive corporate firewall, you can connect to Proton VPN without ever needing to adjust your passthrough settings.

Do you need VPN passthrough?

You may only need to think about VPN passthrough if:

You are using legacy VPN protocols like PPTP or L2TP
You rely on older networking equipment
You manage specialized or industrial systems with outdated software

Otherwise, VPN clients like Proton VPN will handle this compatibility by default.

Are there security risks with a VPN passthrough?

Most security concerns stem from the fact that VPN passthrough is designed to help older, less secure protocols bypass standard router protections.

Reliance on weak protocols: VPN passthrough is most commonly used for legacy protocols like PPTP, which are no longer considered secure and can be easily exploited by cyberattacks.
Firewall blind spots: Your firewall might not inspect the data moving in and out of the connection. If the VPN protocol itself is weak, this creates a path for malicious traffic to enter your network undetected.
Increased attack surface: Enabling VPN passthrough often requires opening specific communication ports on your router. Each open port is a potential entry point that attackers can scan for and attempt to exploit.

Best practices for a secure VPN passthrough setup

For most businesses and individuals, the best security strategy is to avoid needing a VPN passthrough altogether. If you must use it, follow these steps to keep your network secure:

Prioritize up-to-date protocols: Use VPNs that support WireGuard or OpenVPN, which are standard for Proton VPN. These are designed to work with routers and NAT without needing a VPN passthrough.
Disable what you don’t use: If your router has VPN passthrough enabled by default but you use a service like Proton VPN, you should turn it off. Reducing the number of active features on your router shrinks your attack surface.
Audit your router settings regularly: It’s easy to enable a setting for a one-time fix and forget about it. Regularly check your router’s firmware to ensure you aren’t leaving unsecured entries for legacy protocols you no longer use.
Keep hardware updated: Ensure your router firmware is current. Manufacturers often release updates that patch vulnerabilities related to how the router handles encrypted traffic and port management.

Ultimately, you should view VPN passthrough as a last resort for legacy systems. If your infrastructure allows it, moving to a modern VPN setup is the most effective way to eliminate these risks.

The bottom line

VPN passthrough is a solution to a compatibility problem between older VPN protocols and newer networks. Today, it is largely unnecessary.

Most VPN protocols, such as those used by Proton VPN, are built to work seamlessly with NAT. This makes VPN passthrough something most businesses will never need to configure. If you find yourself still relying on passthrough, it may be a sign that your VPN setup or network infrastructure needs to be updated.

MSP vs. MSSP: Understanding the difference

Tom Odlin — Mon, 29 Jun 2026 15:56:16 GMT

Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) both support business technology, but they focus on different areas. Understanding the difference between MSP and MSSP helps clarify which type of support your business needs.

An MSP manages IT systems and infrastructure to keep everything running smoothly. An MSSP focuses on protecting those systems from cyber threats. Both work in the same environment, but their priorities are not the same.

MSP vs MSSP in real terms

Think of the difference between MSP and MSSP as like running an office.

An MSP keeps everything running. Lights stay on, WiFi works, computers connect, and staff can do their jobs without interruption.
An MSSP protects the building. Suspicious activity gets flagged, unauthorized access gets blocked, and incidents are handled as they happen.

Key differences between MSP and MSSP at a glance

Feature	MSP	MSSP
Primary focus	IT operations and efficiency	Cybersecurity and risk mitigation
Main goal	Make it work	Make it secure
Operations base	Network Operations Center (NOC)	Security Operations Center (SOC)
Core services	Help desk, cloud migration, hardware maintenance	Threat hunting, incident response, compliance
Approach	Proactive maintenance; reactive fixes	Proactive threat detection; 24/7 monitoring

What is an MSP?

An MSP acts as an outsourced IT department, managing technology infrastructure so employees can stay productive. Many MSPs include basic cybersecurity support, but MSP cybersecurity is usually limited to preventive tools rather than active threat response.

Help desk support: Troubleshooting software and hardware issues for staff
Network management: Setting up WiFi, managing routers, and ensuring uptime
Cloud services: Supporting migration to and maintenance of platforms like Microsoft 365 or AWS
Asset management: Tracking hardware, handling software updates, and applying patches

Basic cybersecurity is often part of the MSP package, such as antivirus installation or backups, but advanced threat defense is not the primary focus.

What is an MSSP?

An MSSP is a specialized provider focused on protecting systems and data from cyber threats. Security monitoring, risk management, and compliance support sit at the core of the MSSP role.

24/7 security monitoring: Continuous monitoring of networks and systems for suspicious activity
Incident response: Containing and limiting the impact of security incidents
Vulnerability management: Scanning systems for weaknesses that could be exploited
Compliance management: Supporting requirements such as GDPR, HIPAA, or SOC 2

MSSPs provide wide coverage across security needs, combining tools, processes, and expertise to manage risk over time.

MSP vs. MSSP vs. MDR

Managed Detection and Response (MDR) is a focused security service designed to handle active threats. MDR goes deeper than general security monitoring. Suspicious activity is investigated, confirmed, and acted on in real time, often by dedicated analysts.

Most MDR services are delivered by MSSPs or specialized providers to add a hands-on response layer that focuses on stopping attacks in their tracks.

When to use MSP vs. MSSP

Choose an MSP if	Choose an MSSP if
You do not have an internal IT team and need someone to manage your computers and servers.	You have an IT team, but they are not trained to handle advanced cyberattacks or 24/7 monitoring.
Your main challenges are day-to-day IT issues, such as slow internet, software bugs, or onboarding new employees.	You operate in a high-risk industry (finance, healthcare, legal) with strict data regulations.
You need to scale your IT infrastructure and support business growth.	You have experienced a security incident or want to reduce the risk of one.

When you may need both MSP and MSSP

Many businesses don’t choose between an MSP and an MSSP. Both are likely needed as systems grow more complex and risks increase.

IT reliability and security require different skills, tools, and teams. One provider rarely covers both at the same depth. Using both allows each to focus on its core role, without compromise.

Where MSPs and MSSPs fall short

Even together, MSPs and MSSPs do not cover every risk. Many data breaches don’t come from direct attacks alone and arise inside the organization through everyday mistakes, like:

Misconfigured access permissions
Files shared with the wrong people
Data stored in services without strong encryption
Employees using unsecured tools

Security vulnerabilities are not always visible through system monitoring alone, which means data can still be exposed even when no active threat is detected. Data protection and access control play a critical role alongside traditional security measures.

The rise of the cybersecurity MSP

Many MSPs now offer threat monitoring or Managed Detection and Response (MDR), often through partnerships with security providers.

Dedicated security providers go further still, offering a Security Operations Center (SOC), where analysts monitor systems and respond to threats around the clock. Expanded services can improve coverage, but they don’t replace a focused security function. Higher risk environments still require deeper expertise and continuous monitoring.

How to choose the right provider

Choosing between an MSP and an MSSP comes down to your priorities. Key questions to consider:

What’s your biggest pain point? Ongoing IT issues point toward an MSP. Security concerns or recent incidents point toward an MSSP.
What are your compliance requirements? Formal standards and audits often require dedicated security expertise.
What’s your budget? Security services typically involve higher costs due to specialized skills and continuous monitoring.

If system reliability is the main concern, start with an MSP. If risk, compliance, or threat exposure is the priority, focus on an MSSP. But many businesses need both. Combining IT support with dedicated security coverage helps balance performance, risk, and protection.

Frequently asked questions

Can an MSP provide cybersecurity?

Many MSPs offer basic security services such as antivirus, patching, and backups. This type of MSP cybersecurity focuses on prevention, not continuous threat detection or response.

What is a cybersecurity MSP?

A cybersecurity MSP is an IT provider that includes security services as part of its offering. Coverage often focuses on basic protection, rather than advanced monitoring or incident response.

What is MDR and how is it different from an MSSP?

Managed Detection and Response (MDR) is a focused security service that detects and responds to active threats. It is often delivered by MSSPs as part of a broader security offering.

Can a business use both an MSP and an MSSP?

Yes. An MSP supports day-to-day IT operations, while an MSSP focuses on security. Using both allows each function to be handled with the right level of expertise.

Why is data protection important alongside cybersecurity?

Threat detection alone does not prevent all risks. Data can still be exposed through misconfigurations, oversharing, or weak access controls. Protecting how data is stored, shared, and accessed is just as important as stopping attacks.

Network security monitoring: A guide for small businesses

Tom Odlin — Mon, 29 Jun 2026 15:46:43 GMT

Most businesses have firewalls, password managers, and two-factor authentication in place.
They protect how people get in. But how do you control who actually has access to your data once they’re in?

You start by making access visible. Network security monitoring shows you who’s connecting to your network, from where, and on what device — so access doesn’t expand without oversight.

What is network security monitoring?

Cyberattackers rarely stop at the first barrier. They want to harvest as much data as they can and will move through a network for weeks or months after they gain access without anyone noticing.

Network security monitoring detects this by collecting and analyzing network data (including traffic logs, connection metadata, and behavioral signals) to identify suspicious activity to identify early signs of compromise before damage spreads.

Speed of detection is critical here. The time an attacker remains undetected in a network is known as “dwell time.” The longer dwell time, the more data an attacker can steal or corrupt. Monitoring allows you to catch network security threats in hours or days rather than months.

Network security monitoring vs. network monitoring

They’re both a part of effective network security management, but focus on different purposes.

Network monitoring focuses on performance

Network monitoring tracks the health and speed of your system, measuring metrics like uptime and bandwidth usage, and checking whether your hardware is functioning correctly. It tracks the speed of your internet connection and ensures that your servers are running as they should.

Network security monitoring focuses on safety

Network security monitoring looks for patterns that suggest a breach has already occurred. It monitors for specific activities, such as a computer suddenly sending massive amounts of data to an unknown location, or a user logging in from a country you don’t operate in.

Reasons to monitor your network’s security

Small and medium-sized businesses (SMBs) are easier to exploit because hackers assume they have fewer resources than large corporations. Even though most SMBs still have protections in place, no security tool is safe from blind spots. Whether it is a new form of malware or a simple mistake like an employee clicking a phishing link, breaches still happen.

Network monitoring also removes dangerous blind spots. It detects suspicious activity early and raises an alert before it turns into a serious incident.

It removes dangerous blindspots. You can see who accessed your systems, from where, and when.

Highly regulated industries require this level of visibility. Businesses must be able to show who accessed systems, when, and under what conditions. Without it, audits become harder to pass and incidents harder to explain.

It gives you the evidence to respond. If a breach does occur, you have a continuous record of network activity that will help you trace how an attacker got in, what they accessed, and what data may have been affected — so you can recover quickly and close the gap.

How network security monitoring works

Network security monitoring works by making activity across your network visible — and flagging what doesn’t look right.

Instead of relying on a single signal, it looks at patterns across connections, content, and behavior to identify risks early.

Connections show who is accessing what, when, and for how long. If a workstation that normally checks email suddenly connects to a database for hours, it’s flagged.
Content reveals malicious files or suspicious links moving through your network — even when the traffic itself is encrypted.
Behavior highlights anomalies. If an employee usually logs in at 9 AM from London but suddenly attempts to access sensitive files at 3 AM from another continent, it’s treated as a risk.

Together, these signals create a clear picture of what’s happening across your network—so you can spot and stop threats before they escalate.

The challenge of network security monitoring

Network monitoring generates a continuous stream of logs across users, devices, and systems.

Without the right filtering, this turns into a flood of alerts — many of them low priority. But when everything looks urgent, nothing is.

Teams start to ignore notifications, delay investigations, or miss the signals that actually matter. So, how do you turn context and prioritization to turn it into control?

How to monitor the security of your network

Following these steps will help you build a solid foundation for your network security management:

Identify your most important data: Know where your customer records, financial files, and passwords live. These are the areas you need to monitor most closely.
Establish a baseline: Observe your typical traffic patterns to know what normal looks like for your business so you can spot abnormal activity.
Automate your alerts: Use a network security tool (more on that in the next section) that automatically sends an email or text if it sees something high-risk.
Keep logs in a safe place: Hackers often try to delete logs to hide their tracks. Ensure your monitoring data is stored in a separate, secure location.
Review access regularly: You should regularly check who has access to your network and remove anyone who no longer needs it.

4 types of network security monitoring tools

Common network security monitoring tools include:

Network detection and response (NDR) platforms: Analyzes live traffic moving across your business network in real-time to identify and stop active cyber threats.
Intrusion detection systems (IDS): Scan for known attack signatures and patterns, sending an immediate alert as a recognized security threat is found.
SIEM (Security Information and Event Management): Collects and analyzes activity logs from every app and system to identify complex or hidden attack patterns.
Managed security monitoring services: An external team of security experts to watch your network 24/7 if you lack the internal staff to do so.
VPN monitoring: Tracks login times, locations, and data volumes through a business VPN to flag suspicious access or activities, like an account transferring unusually large amounts of data.

Privacy and security concerns with network security monitoring

Security should never come at the expense of privacy. While network security monitoring requires looking at traffic, it should be done ethically.

Using end-to-end encryption for your emails and files means that even if you’re monitoring your network for threats, the private content of communications remains visible only to the intended recipients. Monitoring should protect the network’s integrity, not spy on employees’ private lives.

By combining strong encryption with proactive monitoring, you create a layered defense that keeps your business safe and your data private.

Network security monitoring is key for reducing the risk of cyberattacks and data breaches

Network security monitoring helps businesses detect threats that slip past traditional defenses. By analyzing network traffic, identifying unusual behavior, and responding quickly to suspicious activity, organizations can dramatically reduce the impact of cyberattacks.

A business VPN combined with network security monitoring is a strong foundation for small businesses, providing clear visibility without overwhelming your team or requiring enterprise-level resources.

How to disable Microsoft Edge, step by step

Greg Govin — Thu, 25 Jun 2026 16:46:54 GMT

Microsoft Edge is pre-installed on, and deeply integrated with, every Windows 10 and 11 computer. Even if you use a different browser, Edge continues to run in the background, pops up where it doesn’t belong, and overrides your chosen defaults.

If you are wondering how to disable Microsoft Edge to free up system resources, or just want it to stop bugging you like a petulant child, this guide will help.

Four simple ways to disable Microsoft Edge
Advanced ways to get rid of Microsoft Edge
Why you should disable Microsoft Edge
Alternatives to Microsoft Edge
Don’t just stop at disabling Edge
Frequently asked questions

Four simple ways to disable Microsoft Edge

In newer versions of Windows, Microsoft Edge is deeply integrated into the system. Forcibly removing the browser can cause system instability and crashes, especially if you’re unsure of what you’re doing. For most users, disabling its ability to run in the background and opening on startup is an effective compromise.

Method 1: Stop Edge from running in the background

This stops Edge from silently consuming your memory and CPU in the background, freeing up your computer to run other programs more smoothly.

1. Open Microsoft Edge.

2. Click the three-dot menu (⋯) in the top-right corner.

3. Select Settings.

4. In the left sidebar, scroll down and click System and performance.

5. Select System.

6. Toggle these two features off:

Startup boost
Continue running background extensions and apps when Edge is closed

You may have to restart the browser for the changes to take effect.

Quick tip: If you usually close Edge by clicking the X in the corner, try going to Menu → Close Microsoft Edge instead. This should shut everything down properly, rather than just hiding the window.

Method 2: Stop Microsoft Edge from opening on startup

Even after turning off Startup Boost, Edge might still launch when you boot your computer. Here’s how to prevent that using Task Manager on Windows 11 and 10:

1. Press Ctrl + Shift + Esc to open Task Manager.

2. Click the Startup tab (or Startup apps on Windows 11).

3. Find Microsoft Edge, right-click it, and select Disable.

Method 3: Change your default browser

This makes sure that when you click a link in an email, a document, or anywhere else, it opens in the browser you actually want.

On Windows 11:

1. Press Win + I to open Settings.

2. Go to Apps, then Default apps.

3. Search for your preferred browser and click on it.

4. Click Set default.

Note: Some users report that Microsoft sometimes overrides this setting and opens Edge anyway. Go to the Default App settings page and look under the By file type section. Changing your preferred browser separately for each file type should reduce how often Edge gets unintentionally launched.

On Windows 10:

1. Press Win + I to open Settings.

2. Go to Apps, then Default apps.

3. Under Web browser, click on Microsoft Edge to change your default browser.

Method 4: Uninstall Microsoft Edge (EEA users only)

If your device is in the European Economic Area (EEA), you can uninstall Microsoft Edge through normal Windows settings, thanks to the EU’s Digital Markets Act. This works on Windows 11 version 23H2 or later, and the EEA covers EU countries plus Iceland, Liechtenstein, and Norway. (Windows determines eligibility from the region set during device setup).

1. Press Win + I to open Settings.

2. Go to Apps, then Installed apps.

3. Find Microsoft Edge and select Uninstall.

How to get rid of Microsoft Edge: Steps for advanced users

If you have the technical know-how, you can remove the app entirely. But with Edge being so integrated into modern versions of Windows, removing it can cause issues such as Windows Search and widgets to not work properly, Microsoft integrations breaking, and PDFs not opening.

If you decide to continue, proceed cautiously and ensure you have a System Restore point created first. Note that future Windows updates may reinstall Edge.

Registry edit

Editing the registry can make an uninstall button for Edge appear in Windows Settings (this may not work on 24H2+).

1. Run CommandPrompt or PowerShell as administrator. Press Win + X and select Terminal (Admin) or PowerShell (Admin).

2. Run this command:

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge" /v "NoRemove" /t REG_DWORD /d 0 /f

3. Restart your computer.

4. Go to Apps, then Installed apps.

5. Find Microsoft Edge and select Uninstall.

PowerShell force uninstall

You can force Edge to uninstall with this method.

1. Open File Explorer.

2. Go to: C:\Program Files (x86)\Microsoft\Edge\Application\

3. Open the folder with the highest version number

4. Open the Installer folder

5. Right-click an empty space

6. Select Open in Terminal or Open PowerShell window here

7. Run the uninstall command:

.\setup.exe --uninstall --system-level --verbose-logging --force-uninstall

Why you should disable Microsoft Edge

Edge is built into Windows in a way that makes it feel almost impossible to escape. It’s designed to be “always on,” which means it reserves space in your RAM before you even click a button. If you’re running an older laptop or just like your computer to run lean, this background activity eats up resources that your actual work or games could be using.

Microsoft also uses Edge as a funnel for its own services, sometimes overriding your default browser settings to push Bing or personalized ads through Windows Search and widgets. It can feel like your own computer is trying to push you to use Edge on every corner of the operating system, in the same way that Microsoft Authenticator users were forced into using Edge to store passwords.

Then, there’s privacy. Your browser is how you access the online world, and it can see everything you type and every site you visit. While Edge is generally secure from hackers, as a closed-source tool, we won’t know just how invasive it actually is. And when Microsoft’s business model involves targeted advertising, keeping Edge around essentially grants the company access to your private online life.

Alternatives to Microsoft Edge

There are better alternatives. Consider using the best browsers for your privacy, such as:

Mozilla Firefox: Probably the most effective choice to stop being tracked. Firefox has a built-in enhanced tracking protection that actively breaks the invisible web trackers that follow you from site to site. It’s also the only open-source competition to Google’s browser engine.
Brave: Designed with a strong privacy focus, Brave automatically blocks ads and trackers the moment you open it. A fully independent search engine, Brave Search, is also built in for a more private search experience.
LibreWolf: Essentially a privacy-maximized, custom version of Firefox. LibreWolf collects no telemetry, uses privacy-friendly search engines, and implements various hardening features to protect your privacy.

Microsoft Edge is also used to store passwords. If you’re planning to disable the browser, you’ll need a new password manager. Proton Pass is an end-to-end encrypted password manager that ensures only you can access your passwords and other stored data. Even if you weren’t uninstalling Edge, moving your passwords out of Edge is good, because it exposes your stored passwords.

Proton Pass is free to use, and you can store as many passwords as you want. Plus, we’ve made importing your passwords from Edge easy.

Don’t just stop at disabling Edge

Disabling Edge is the first step to going online more securely, and choosing a private browser is half of the picture. To truly go online privately and safely, you need to shield your online activity from your internet service provider (ISP) and any other network you connect to.

Whether you choose Firefox or any other browser to replace Edge, be sure to pair it with Proton VPN. When you go online with a VPN, your ISP (and by extension your government) can’t see what you do online, and websites you visit can’t see your real IP address.

Proton VPN has a strict no logs policy and is based in Switzerland, outside of US and EU surveillance programs. Proton is supported by paying subscribers; unlike Microsoft, we will never show you ads or collect your data and sell it. You can trust us to keep your digital presence truly private.

FAQ: How to disable Microsoft Edge

Why does Edge keep coming back after Windows updates?

Microsoft considers Edge to be a system component because of how deeply integrated it is with Windows. System updates often repair and patch the system, which may include reinstalling any missing core apps and files.

Why does Edge keep running when I haven’t opened it?

The Startup Boost feature is the main culprit. It pre-loads Edge into memory when your PC starts, so that it launches faster when you do use it. This consumes memory and processing power even when you’re doing something unrelated on your computer.
Edge is also deeply embedded in Windows. Some Windows features may open Edge, such as Windows Search or when you open PDF files, even if you’ve changed your default browser.

How to turn off Microsoft Edge in Task Manager?

To stop Edge processes that are currently running:

1. Press Ctrl + Shift + Esc to open Task Manager.
2. Click on the Processes tab.
3. Look for Microsoft Edge in the list.

Right-click any Edge process and select End task.
Note: If multiple processes are listed, you may need to repeat this for each one. To prevent it from returning automatically, you must also disable Startup Boost within the Edge browser settings.

Is it safe to completely remove Microsoft Edge?

It can be risky because of how deeply integrated Edge is in Windows. Force-removing it can break the system and cause errors in some apps or features. Unless you have the technical expertise, it’s best to just disable Microsoft Edge instead.

Password fatigue: why too many passwords put your business at risk

Ben Wolford — Thu, 25 Jun 2026 14:06:07 GMT

Password fatigue builds gradually. It’s caused by the mental load of creating new logins and accounts, numerous password resets, and inevitably losing track of the dozens or even hundreds of passwords that it isn’t possible to keep track of. Inevitably, team members will try to manage password fatigue with insecure practices.

These practices present a significant security problem for your business because small workarounds can create significant exposure. A reused password can help an attacker access multiple services. A weak password can fail under a dictionary attack. A password shared informally can leave no clear audit trail. Password fatigue has to be managed by designing easy and efficient access management within your business network.

What is password fatigue?

How password fatigue appears at work

Why password fatigue creates business risk

Creating stronger passwords isn’t enough

The real solution to password fatigue

How Proton Pass for Business helps reduce password fatigue

What is password fatigue?

Password fatigue is the frustration and overload that people experience when they have to manage too many passwords across too many accounts. In a business setting, this means creating, remembering, resetting, updating, and sharing credentials across dozens of everyday tools. These may include email, messaging platforms, project management software, HR systems, finance tools, cloud storage, and other work applications.

Over time and with enough accounts, password management can become too complex to handle manually. Each service or account may have different rules for length, special characters, resets, lockouts, or multi-factor authentication. Over time, keeping every password unique, strong, and easy to access becomes difficult to sustain.

This is the point when password fatigue becomes a business risk. When people face too many passwords and too many rules, they often reduce the burden in practical but unsafe ways. They reuse passwords, create predictable patterns, save credentials in notes or spreadsheets, or share access informally when a colleague needs to get into an account quickly.

How password fatigue appears at work

When you’re trying to assess your business for password fatigue, it can be difficult to spot as it manifests in different ways.

Password reuse

The most common pattern is password reuse. If an employee has too many passwords to remember, using the same password across several accounts can feel efficient. But if one password is exposed in a breach, phishing attack, or malware infection, every account using it becomes accessible.

Predictable passwords

Another pattern is predictability. People may use a company name, season, year, keyboard pattern, pet name, or small variation of an old password because those patterns are easier to remember. A password like Spring2026! may satisfy a basic rule, but it is still easier to guess than a long, random password.

Unmanaged storage and informal sharing

Password fatigue can also lead to unmanaged storage and informal sharing. Team members may write passwords in notebooks, save them in spreadsheets, rely on browser-saved passwords, or send access through chats and email threads. These shortcuts work in the moment, but they spread credentials across places the business cannot easily monitor, audit, or revoke.

Sharing itself is not always the problem. Many businesses have legitimate reasons to share access to certain accounts, especially where a vendor tool doesn’t support individual accounts, single sign-on, or role-based permissions. Secure, controlled sharing in a business password manager is safe because access can be restricted, updated, and revoked through a managed system. But when team members share outside your business network and approved tools, you lose control of the entry points to your network.

Why password fatigue creates business risk

Reused passwords, predictable patterns, uncontrolled storage, and informal sharing all weaken the controls businesses rely on to prevent unauthorized access.

So, password fatigue is a threat to your business’s access management. If one exposed credential is reused across multiple systems, an attacker may be able to move from one account into email, SaaS tools, cloud platforms, or admin systems. Because they’re using a valid login, this activity may look legitimate at first and be harder to spot.

Password reuse enables credential stuffing

Credential stuffing works because password reuse is so common. Attackers will use exposed username and password combinations from one breach to try to access other services, knowing many people reuse credentials across accounts.

For businesses, just one leaked password can cause serious issues. An exposed email password may let an attacker reset access to other tools. A project management account can reveal client information, internal files, links to other systems, or operational details. Access to an admin account can be even more serious, allowing attackers to change settings, create new accounts, or escalate privileges.

Once an attacker has a single set of credentials, password reuse enables them to begin moving laterally through a business network. They can explore the environment, test access to other systems, and look for higher-value accounts. Reused passwords make that process easier because one exposed credential may open more than one door.

Weak passwords reduce brute-force resistance

A weak or predictable password is easier to guess through brute-force, dictionary, or pattern-based attacks. Attackers use automated tools, leaked password databases, and common substitutions.

Password fatigue increases the likelihood of weak passwords because people optimize for memorability. They choose what they can remember, not what is hardest to crack. A strong password should be long, unique, and random, but asking every employee to manually create and remember dozens of long, unique, random passwords isn’t realistic. Without a business password manager, the advice is technically correct but operationally weak.

Informal sharing removes accountability

When several people use one shared login, it becomes harder to track who’s using it and when. If a file is deleted, a setting changes, a payment is approved, or data is exported, the logs may only show the account activity and not individual users.

Shared logins can also make offboarding harder. If an employee had access to shared credentials through chat history, documents, or screenshots, removing their individual account may not remove their practical access. Secure sharing through a business password manager helps teams collaborate without sharing sensitive data in uncontrolled channels.

Scattered passwords slow incident response

During a security incident, teams may need to revoke access, rotate passwords, review activity, and confirm which systems are affected. Password fatigue makes this harder when credentials are reused, stored in too many places, or shared informally. The security team may not know which passwords exist, who has them, where they are stored, or which accounts depend on them.

That uncertainty increases response time and business disruption. IBM’s Cost of a Data Breach Report 2025 places the global average cost of a data breach at $4.4 million, even with a decrease from the previous year.

Creating stronger passwords isn’t enough

Telling employees to use stronger passwords does sound reasonable. But stronger passwords alone can’t solve password fatigue. In some cases, this approach can make the problem worse.

A stronger password is only useful if it is unique, stored securely, and used consistently in the right place. If employees are expected to create and remember every strong password themselves, the burden becomes too high. They may respond by reusing one strong password everywhere, making predictable variations, or saving passwords somewhere unsafe.

People can remember a few important secrets, but they can’t reliably remember dozens of unique, random, high-entropy passwords across changing business tools. When a password policy ignores this reality, it creates a gap between what your business says people should do and what people can actually do.

This is why modern security guidance has moved away from rules that create unnecessary password strain. If a control pushes people toward weaker behavior, it may reduce security rather than improve it.

A better approach is to design password security around how people at your business work. They shouldn’t need to memorize every password, create strong credentials manually, or paste secrets into chat to keep work moving. You need to make secure behavior the easiest option.

The real solution to password fatigue

Ultimately, moving away from placing more burden on employees is the best approach. Solving password fatigue does not mean asking employees to remember more, try harder, or invent stronger passwords on their own. This places the burden on individual memory instead of outsourcing it to a reliable tool.

A business password manager removes that burden from the daily workflow. Instead of expecting employees to remember every credential, it lets them generate strong, unique passwords, store them securely, autofill them when needed, and share access in a controlled way. Instead of trying to force people to try harder, this makes the safest behavior the easiest choice.

Password generators are useful, but they need to be used correctly: a password generator is a feature, not a standalone business solution. The real value to your business is when strong password generation is built into a business password manager that can also store, autofill, share, and manage credentials. That is also what makes a business password manager stronger than the password manager built into a browser.

The password managers built into browsers can help one person save their own passwords, but your business has no administrative oversight over it: there’s no controlled sharing or clear ownership of company credentials. For a business, a business password manager makes unique credentials the default across every work account, without adding more work for employees or losing control over where access lives.

Managed password vaults also give every credential a proper home. Instead of passwords ending up in notes, spreadsheets, browser profiles, or documents, teams have one secure place to store and access what they need. This reduces password sprawl and gives administrators a clearer view of access, offboarding, and password rotation when something changes.

Controlled sharing is part of the same shift away from password fatigue. Some business credentials still need to be shared, but the question is how to do it safely. With informal sharing, passwords end up in insecure locations. With controlled sharing in a business password manager, access can be managed more deliberately. Teams can share credentials through vaults, limit who has access, update passwords, and revoke access when needed.

Ultimately, a business password manager enables stronger password behavior without creating extra work. Autofill helps employees access tools without typing or remembering complex passwords. Built-in password generation means they don’t have to invent strong credentials themselves when trying to meet your password policy standards. Organized vaults make access easier to find, while admin controls help the business keep policies consistent.

How Proton Pass for Business helps reduce password fatigue

Proton Pass for Business is a secure business password manager that helps teams reduce password fatigue by replacing manual password habits with a secure, manageable system. Employees can generate strong, unique passwords, store them in encrypted vaults, and access them when needed without relying on memory, browser-saved passwords, or unsafe workarounds.

For administrators, Proton Pass for Business supports centralized credential management for teams. It helps businesses reduce password reuse, limit informal sharing, and improve visibility into how credentials are managed. Instead of passwords living in spreadsheets, chats, browser profiles, or personal notes, teams can use a dedicated password manager built for business use.

Proton’s SMB Cybersecurity Report 2026 reinforces the fact that password fatigue is not only an individual behavior problem, but also a systems problem. The report found that 48% of small and medium-sized businesses surveyed don’t have a password manager in place at their organization, and even some that do still share credentials through email, messaging apps, shared documents, conversations, or written notes.

That is why adoption, policy, and controlled sharing need to work together. Proton’s guidance on creating a password policy makes the same practical case: a strong policy should give employees the tools to follow it.

Proton Pass is designed around Proton’s broader security model. It uses end-to-end encryption for every stored credential including metadata, is open-source, holds independent audits, and relies on Proton-owned infrastructure.

Proton Pass for Business gives both large organizations and smaller teams without large security teams a practical way to reduce password reuse, replace unsafe sharing, and make secure access easier to follow every day.

Malicious apps on Google Play: how to prevent Android malware

Kate Menzies — Wed, 24 Jun 2026 18:06:10 GMT

As an Android user, you might assume it’s safe to download apps from the Google Play Store. That’s understandable, but not entirely accurate.

Stringent security checks make the Play Store the safest place to get Android apps, but not an entirely safe one. Google’s app store is a prime target for both cybercriminals and developers who monetize (and therefore compromise) your data, and will never be 100% risk free.

That’s why you need to shop for apps conscientiously: vetting apps before downloading them, auditing apps you’ve already downloaded, and securing your device data in case of a breach.

How malicious apps get past Google

Last year, Google blocked 1.75 million policy-violating apps from publication and banned over 80,000 developer accounts. Google Play Protect, which is built into most Android devices, blocked 266 million risky installation attempts.

But Google can only do so much. Cybercriminals consistently find ways to bypass Google’s pre-publishing and pre-installation scans.

Popular strategies:

Submitting clean apps for review then pushing malicious activity via remote updates.
Disguising malicious apps as simple (and functional) utility apps such as a document scanner or PDF reader.
Disguising malicious apps as a security or antivirus app, a particularly devious and effective disguise — if a user is anxious to fix a problem, they’ll be less likely to scrutinize before installing.

2,029 apps are published on the Play Store every day, so it’s inevitable that some malicious apps slip through Google’s net. Last year, Bitdefender uncovered an ad fraud campaign codenamed Vapor that involved at least 331 malicious apps, some of which were collecting user credentials and credit card data.

These apps were downloaded from the Play Store over 60 million times.

Legitimate apps can still put your data at risk

Malicious apps aren’t the only hazards to watch out for on the Play Store. There are also legitimate apps that quietly collect and store your personal and tracking data, and share it with third parties, such as ad networks.

Last year, NowSecure tested 25,000 apps across iOS and Android and found 75% of iOS apps and 70% of Android apps tested collected both sensitive data and tracking domains.

Google allows these apps on the Play Store because their developers openly disclose what data they collect and why in the data safety section of the app’s product page.

Google tightened its policy up in 2025, blocking 255,000 apps from gaining “excessive access” to sensitive data. That leaves thousands of apps unblocked that collect data within the letter of Google’s policy, but still far in excess of what users might expect.

This isn’t just a privacy concern: it’s also dangerous. Legitimate but data-hungry apps routinely share user data with advertising SDKs and analytics partners. These third parties can then pass that data on to unscrupulous data brokers.

Every link in this chain is a potential breach-point. If your data is compromised, you might not find out about it until it’s too late.

What to look out for: a five point checklist

There’s no authoritative, up-to-date blacklist of banned (and should-be-banned) apps that you can refer to.

But there are things you can look out for to identify risky apps:

Check the data safety section: Has the developer explained what data they collect and how they will use it? An empty data safety section is a big red flag, of course, but so is a policy that doesn’t match with the app’s functionality. A torch app shouldn’t need to know your contacts.
Read the permissions on install: Once you’ve installed an app, it will often request access to your location, contacts, storage, location, and/or microphone. Sometimes that makes sense, but other times it might seem excessive. Again, does a wallpaper app need to know your location?
Check the developer name and history: Is the developer a named company with other published apps and a web presence? Or is it a one-person account with this single app to their name, and no trail to add context?
Check if reviews are real: Fake reviews tend to show up in obvious patterns. A wall of five-star reviews posted in a short period is a known manipulation tactic. Check for critical reviews interspersed with positive reviews, and for a wide spread of dates.
Watch out for free utility apps: The most common disguises for both malicious apps and data-harvesting apps are free flashlight and battery apps, keyboard apps, free photo editors, weather apps with location access, and ad-supported games. If an app is free and you can’t see how its function could possibly make its developers money, then the answer could be that your data is their revenue model.

How to protect your data

Even if you’ve done your due diligence, you may still end up downloading a malicious app from the Play Store. But with the right protections in place, you can limit the damage that app can do.

Encrypt your connection with Proton VPN

Malicious apps will often attempt to transmit your data (including your browsing behavior, location, and device identifiers) over an unencrypted connection.

Enter Proton VPN: a secure VPN which

Encrypts all data to and from your phone at network level, making transmission and interception of browsing behavior, location, and device identifiers significantly harder
Prevents network-level surveillance on public WiFi (a common attack vector for compromised apps)
Blocks data transmissions that analytics SDKs rely on (via built-in tracker blocker NetShield), limiting what data developers can share with third parties

Protect your credentials with Proton Pass

Malicious apps use invisible keyloggers and phishing overlays to steal login credentials. This can be particularly damaging if you — like many — reuse the same passwords across multiple accounts.

Proton Pass is a secure password manager that addresses both problems:

Generates unique passwords for every account you create, so if one gets breached, they don’t all get breached
Protects passwords, passkeys and credit cards with end-to-end, zero-knowledge encryption. This means your credentials are encrypted on your device before they leave it, and not even Proton can access them.

Know how to remove malware

If you’re concerned that your device may have been compromised, or you want to know what to look for when it is, make sure that you recognize the signs that your phone has been hacked.

Can iPhones get viruses? What’s possible, what’s likely, and what to do about it

Jessica Bernard — Wed, 24 Jun 2026 13:23:16 GMT

iPhones have long had a reputation for being impervious to viruses and malware. But is this reputation deserved, or is it just a myth? In this article, we take a look at the likelihood of an iPhone being infected, what safety measures you can take, and how to protect yourself from viruses and other types of malware.

Do iPhones get viruses?
Signs of viruses or malware on your iPhone
How to get rid of a virus on iPhone
Is it ok to jailbreak my iPhone?
Security tips: What to look out for

Do iPhones get viruses?

Maybe your iPhone is hot to the touch, or perhaps it’s running out of battery too fast. The good news is that it’s extremely unlikely to be a virus. The bad news is that it’s still possible your iPhone is affected by malware.

Viruses vs. malware on iPhone

Malware (a combination of the words “malicious” + “software”) is intentionally designed and deployed to steal, disrupt, or destroy data, or to gain control of a device. There are different types of malware, including trojans, spyware, ransomware, and, of course, viruses.

A virus is so named because of the way it behaves. Once it infects its host, it replicates across files. The reason iPhones are considered safe from viruses is that every third-party app on an iPhone is isolated not only from every other app, but also from operating system data. This makes it virtually impossible for a virus to self-replicate on an iPhone.

How Apple protects against malware

Apple’s defense strategy relies on an architecture designed to prevent malware (including self-replicating viruses) from ever establishing a foothold. Instead of relying on third-party antivirus software, iOS (Apple’s proprietary operating system for the iPhone) integrates security through three primary layers:

Strict sandboxing: Every app runs in its own isolated environment (a “sandbox”), preventing it from accessing data from other apps or core system files unless explicitly permitted by the user.
App Store vetting: Apps undergo both manual and automated reviews before being published. This significantly reduces the risk of malicious code entering the ecosystem, unlike on open platforms (such as Android) where sideloading is much more common.
Automated security patches: Apple delivers frequent, mandatory iOS updates that patch known vulnerabilities immediately. This ensures that exploited loopholes are closed rapidly across supported devices.

Learn more about Android vs iOS security

Perhaps because they’re so confident in the security measures they have in place, Apple has no official support resources that use the term “virus.” Instead, they focus on concepts like “unauthorized modification” and “threat notifications”.

While this reinforces the idea that iPhones are immune to viruses, it makes it harder to take action if you suspect your iPhone has been compromised. And although there’s no evidence that viruses have successfully targeted iPhones, there have been notable malware attacks.

Real-world attacks

While iOS is designed to block self-replicating viruses, it remains vulnerable to other forms of malware under specific conditions, such as jailbreaking, compromised development tools, or targeted state-level exploits.

AdThief (2014)

Malware type: Adware/hijacker

This malware targeted users who had jailbroken their devices. Once installed on approximately 75,000 devices, it swapped legitimate ads within apps with its own malicious ones. The impact was financial: cybercriminals hijacked the ad revenue stream, stealing income from developers.

It serves as a prime example that once the OS sandbox is broken via jailbreaking, even simple revenue theft becomes possible.

XcodeGhost (2015)

Malware type: Supply chain Trojan

This was a landmark incident in which the attack method wasn’t a phone virus but a compromised development tool. Attackers created a fake version of Xcode (Apple’s official coding software) that was infected with malware. Chinese developers who downloaded this counterfeit tool unknowingly built compromised versions of popular apps—including WeChat and Angry Birds. When users installed these apps from the App Store, the malware activated.

This showed that even apps vetted by Apple could be carriers if the source code itself was poisoned before review.

Pegasus (2016–present) and Graphite (2025-present)

Malware type: Zero-click spyware

Unlike previous examples, Pegasus and the similar Graphite don’t require user interaction. Developed by the Israeli firms NSO Group and Paragon Solutions respectively, they exploit zero-day vulnerabilities in iOS to gain root access. Once inside, they can extract messages, photos, location data, and microphone feeds.

These are the most serious threats to date, demonstrating that sophisticated actors can bypass iOS security entirely through undiscovered flaws. Targets are generally high-profile people such as journalists and politicians, rather than the general public.

LightSpy (2020–present)

Malware type: Cross-platform spyware/web-based exploit

Targeting both macOS and iOS, LightSpy uses malicious websites to deploy its payload. When users visit a compromised page — often via phishing links or deceptive ads — the site attempts to install surveillance software that can harvest contacts, messages, and files without any further interaction.

You don’t need to download anything or tap anything suspicious — just visiting the wrong webpage can be enough. Since Safari is the default browser on iPhone and opens web links automatically, it’s the most likely entry point for this kind of attack if the device isn’t running the latest software.

Signs of viruses or malware on your iPhone

There’s no definitive way to check for viruses on the iPhone, but there are signs you can look out for.

1. Unusual account activity

Messages sent from your device that you didn’t send
Unknown trusted devices linked to your Apple ID
Unexpected password changes or purchases

Threat notifications
- If Apple identifies a threat, you’ll receive alerts to your email, phone number, and within your Apple Account

3. Technical anomalies

Battery drain or overheating without clear cause
Apps crashing unexpectedly or unknown apps appearing
Settings changing without your input

4. Pop-ups or phishing attempts

Messages urging you to install profiles, click suspicious links, or provide credentials—these are often scams but can indicate attempted compromises

Learn more about how to know if your phone is hacked

How to get rid of a virus on iPhone

Because Apple doesn’t use the term “virus” in its official support documentation, you won’t find any specific steps for virus removal on its website. However, if you’re experiencing the above symptoms, you can take practical steps to troubleshoot what might be acting like a virus — such as adware, browser hijacks, or configuration profile malware.

Since no antivirus app for iPhone can scan your entire system, you’ll need to perform a manual diagnosis using built-in tools:

1. Run Safety Check (iOS 16 or later)

If you suspect an app has too much access to your data, use Apple’s Safety Check feature to review and reset permissions.

Go to Settings → Privacy & Security → Safety Check.
Tap Manage Sharing & Access and follow the prompts to reset sharing with people and apps.

This ensures that any potentially compromised app immediately loses access to your contacts, location, and photos.

2. Clear Safari data
Often, what looks like a virus is actually aggressive adware or malicious scripts trapped in your browser cache, which can cause pop-ups.

Go to Settings → Apps → Safari.
Scroll down and tap Clear History and Website Data.

This removes cookies and cached scripts that might be triggering unwanted ads or redirects.

3. Review configuration profiles
Malware sometimes installs a hidden “profile” to force changes to settings or redirect your internet traffic.

Go to Settings → General → VPN & Device Management.
If you see Device Management listed, tap it to view installed profiles.
If you don’t see any profiles, you have none installed. If you see anything unfamiliar or suspicious, tap the profile, select Delete Profile, enter your passcode, and restart your device.

4. Perform a factory reset
If the issue persists after trying the steps above, the most definitive solution is to wipe the device clean.

Warning: Before doing this, ensure you have a recent, clean backup of your data via iCloud or a computer.
Go to Settings → General → Transfer or Reset iPhone → Erase All Content and Settings.

This completely wipes the phone, removing any malware. You can then set it up as new or restore from a backup created before the symptoms started.

Note: If you believe your device has been targeted by sophisticated spyware (such as Pegasus or Graphite), a factory reset may not be sufficient. In these rare cases, contact Apple Support directly for advanced assistance.

Is it OK to jailbreak my iPhone?

We strongly advise against jailbreaking your iPhone. While removing Apple’s software restrictions grants access to unofficial apps and customization options, it also dismantles the security architecture that protects your device from malware. For most people, there is no practical reason to accept this risky trade-off.

When you jailbreak an iPhone, you bypass three critical layers of protection:

You break the sandbox: Jailbreaking removes the isolation between apps. Once the sandbox is broken, a malicious app can access data, contacts, and system files belonging to other apps. This is how traditional viruses operate on other devices.
You lose App Store vetting: Apps installed via third-party stores or sideloading haven’t undergone Apple’s security review. This increases your risk of installing adware, Trojans, or spyware.
You block security updates: Jailbroken devices can’t easily install the latest iOS security patches. Without these updates, known vulnerabilities remain open, leaving your phone exposed to new exploits.

Keeping your iPhone unmodified is the single most effective defense against malware. The convenience of custom themes or unauthorized tweaks isn’t worth it if it turns your secure iPhone into an easy target for hackers.

Security tips: What to look out for

While iPhones are naturally resistant to viruses, your biggest risks come from social engineering and risky behavior. Security breaches are most likely to occur when you’re tricked into granting access or installing malicious software. Here’s what to watch for:

Phishing and smishing: Be extremely skeptical of unsolicited emails, texts (smishing), or iMessages claiming you have a package delay, a compromised account, or that you’ve won a prize. These messages often contain links to fake login pages designed to steal your credentials. Always mark suspicious messages as junk and delete them immediately.
Fake “virus scanners”: If you see an app on the App Store claiming to scan for iPhone viruses, don’t download it. As we noted earlier, iOS architecture makes system-wide virus scanning impossible. Apps that make this claim are often scams designed to harvest your data or sell you useless subscriptions.
Malicious websites: Avoid clicking links in suspicious messages, even if they appear to come from legitimate companies. Before installing an app, be sure to check its credibility yourself. Look for high download numbers (millions usually indicates a reputable app), read recent reviews for red flags, and check the permissions it requests. An app shouldn’t need access to your microphone or contacts just to show a flashlight.

The best way to protect yourself against phishing and data theft is to use tools that manage your security for you. We recommend using a dedicated password manager like Proton Pass to generate and store unique, complex passwords for every site, so if one is breached, the others remain safe. Proton VPN’s NetShield Ad-blocker DNS filtering feature will also prevent malware and trackers from connecting to malicious domains.

A strong data security plan could help you win new business, research finds

Alanna Alexander — Tue, 23 Jun 2026 22:22:35 GMT

Data security is rarely at the top of a new business pitch. But new research suggests it should be.

Our large-scale survey of 3,000 founders, executives, and IT leaders at small and medium-sized businesses across six countries — the US, UK, Brazil, France, Germany, and Japan — found that security has moved firmly into commercial conversation.

As many as 66% of business leaders said demonstrating secure handling of client data was “very important” or “critically important” to winning new business.

Part of what’s driving this shift is exposure. Data breaches often involve a third party — suppliers, vendors, hosting partners, or outsourced IT support. When a business works with you, they’re aware they’re trusting you with their data. Because if that data is breached on your watch, their reputation is on the line too.

Does security deserve a slide or two in your next pitch deck? Here’s what the data shows.

Clients are asking how you’ll protect their data

When a prospective client shares customer records, financial data, internal documents or any other sensitive data with you, they retain responsibility for it. Regulators, their own customers, and their board still hold them accountable.

A breach in your systems can trigger their compliance obligations, damage their customer relationships, and put their brand in the headlines. It makes sense, then, that businesses are asking harder questions before signing.

If you have a clear, confident answer, you have an opening. Without it, expect more questions, clearance delays, or — depending on how regulated your prospective client’s industry is — a lost deal.

Security has become one of the primary barometers potential partners use to decide whom to trust.

Your competition is already sharing their security practices

Businesses operating in highly regulated industries — financial services, healthcare, legal — have been ahead of this trend for years. Compliance requirements forced them to document and demonstrate their security posture early. So, they lead with it.

When asked whether they highlight secure file-sharing as a selling point when competing for new business, the overwhelming majority of respondents said yes.

Businesses are increasingly treating security as something worth leading with, not just something to have.

Proactively presenting your security practices makes you the easy choice. It tells a prospective partner’s IT team that their data will be handled within a defined, auditable framework. It tells the Procurement team that you’ve already done the due diligence they would otherwise have to chase. And it tells the Legal team that the liability question has been thoroughly considered.

That’s the kind of partner risk-averse buyers want to work with.

How to present a convincing data security plan

If you’re reconsidering how to pitch your security practices, here’s where to focus:

Don’t just list the tools you use. Our research shows 92% of SMBs already have modern security measures in place — password managers, MFA, VPNs, employee training. Tool adoption is the baseline, not the differentiator. Tell prospective clients exactly how these measures protect their data: Instead of “We have a password manager,” say “All our clients credentials are managed centrally, access is role-based and limited to the team members working on your account, and we have an off-boarding process that revokes permissions the day someone leaves.”
Strengthen your defenses around client data. Use tools that integrate naturally into existing workflows so that the secure option is the easy option. Enforce MFA across every service that supports it. Maintain and audit your credential management process regularly.
Be prepared to show your data protection plan. As regulatory scrutiny of vendor relationships increases across industries, clients are asking more specific questions: Where does our data live? How is it encrypted? What happens to it when the relationship ends? The businesses that have clear, documented answers to these questions move through procurement faster and create fewer reasons for a client’s legal team to pause.

Security can help you build trust with businesses — and, so often, trust is what procurement decisions are made on. Use your data security practices to differentiate yourself and you’ll start seeing the results in faster deal cycles, smoother approvals, and stronger client relationships.

Get more findings and insights in the full report

Our complete Proton SMB Cybersecurity Report 2026 covers the reality of the security and threat landscape facing SMBs today, including what’s actually causing breaches despite heavy investment, where human error keeps slipping through, how cloud and AI are opening new blind spots — and the strategies to turn your security stack into something clients trust and competitors can’t easily match.

Download the SMB Cybersecurity Report 2026

Cloud storage email scams: How to spot them and what to do

Elena Constantinescu — Tue, 23 Jun 2026 22:04:19 GMT

Cloud storage email scams are increasingly common. These messages are designed to make you believe your files are at risk — and push you into clicking a link or entering payment details before you have time to think it through.

A form of phishing, these “cloud storage full” scams exploit a simple fear: that your photos, documents, or backups are about to be deleted. Fake renewal pages are built to collect your payment details, phishing websites mimic real cloud services to steal your login credentials, and links redirect to products to generate affiliate revenue. In some cases, malicious websites attempt to install unwanted software on your device.

Some scam emails impersonate well-known providers like Apple, Google, or Microsoft to appear more credible. Others use generic names like “Cloud+” or “Cloud Storage,” but are designed to look convincing enough to create doubt. Here’s how to tell the difference, check your storage account safely, and avoid getting caught out.

How to spot a cloud storage scam
Examples of cloud storage scams vs. legitimate “storage full” emails
What to do if you receive a cloud storage scam email
Why you keep receiving cloud storage scam emails, and how to stop them
Stay ahead of scammers with Proton

How to spot a cloud storage scam

Scammers rely on a consistent set of tactics. Before you act on or click any links in an email, check for these warning signs of a scam:

Unusual sender address: Messages often come from random domains or long, unreadable email addresses that don’t match the company being impersonated.

Generic branding: Names like “Cloud”, “Cloud+”, or “Cloud Storage” are commonly used instead of real product names.

Urgent or fear-inducing language: Warnings about your cloud storage getting full or files being permanently deleted on a specific date are a hallmark of phishing attacks, designed to pressure you into acting quickly.

Suspicious links: Links may redirect through unrelated domains or lead to fake login pages designed to mimic real services.

Fake account details or scans: Some messages include made-up account IDs, or links to fake pages that perform a “storage scan” and always report that your account storage is full.

Generic greetings: Messages often use “Hello” without your name, or address you by your email address.

Unrealistic offers: Massive discounts that sound too good to be true, such as “80% off upgrades” or “limited-time recovery deals”, are a strong indicator of a scam.

Examples of cloud storage scams vs. legitimate “storage full” emails

Cloud storage scams can be especially convincing because they often appear alongside real storage alerts from services such as iCloud, Google Drive, OneDrive, or Dropbox.

For Apple users, an iCloud scam may claim that your iCloud account has been blocked, your photos and videos will be deleted, your payment method has expired, or your cloud service has been disabled. The goal is to make you click a malicious link that leads to a fake login or payment page designed to steal your Apple ID or banking details. The Guardian provides a good example:

Source: The Guardian

A legitimate “storage full” email is less threatening and will direct you to manage your storage through the official app or account settings. Go to Settings → [your name] → iCloud to check. If storage is actually full, the official account page will show the issue and provide safe options to manage or upgrade storage.

Source: The Guardian

What to do if you receive a cloud storage scam email

If you receive a suspicious storage alert, follow these steps:

Do not click anything in the email

Cloud storage scam emails often include fake buttons or links such as “upgrade storage,” “renew account,” “claim free space,” or “fix payment.” These links may lead to phishing pages designed to steal your password, payment details, or personal information.

Do not click links, buttons, or attachments in the email.

Check your real cloud storage account directly

Log in to your real account directly, such as Proton Drive, iCloud, Google Drive, OneDrive, or Dropbox, and check your storage, billing, and security settings there. If there is a real issue, it will usually appear inside your official account.

Mark the email as spam or phishing

Simply deleting the email removes it from your inbox, but it does not help your email provider identify similar scams in the future.

Use your email provider’s “Report phishing,” “Report spam,” or “Block and report” option. This helps train spam filters and may reduce similar scam emails over time.

Do not reply to the sender

Replying can confirm that your email address is active. Scammers may then send more scams or sell your address to other spam lists.

Do not respond, even to say “stop” or “unsubscribe.” Instead, use only unsubscribe links from companies you recognize and trust. Proton Mail provides an auto-unsubscribe option to make this easier for you.

Delete the scam email after reporting it

Keeping scam emails in your inbox increases the chance that you may accidentally click them later.

After reporting the message as spam or phishing, delete it from your inbox. You can also empty your trash later to remove it completely.

Change your password and turn on 2FA if you clicked a link

If you clicked a link and entered your password, scammers may now have access to your cloud storage account or other accounts where you reuse the same password.

Change your cloud account password immediately by using a strong, unique password that you do not use anywhere else.

And, if you don’t already have two-factor authentication (2FA) enabled, make sure to turn it on for extra security. If a scammer has your password and tries to break into your account, 2FA can alert you by prompting for a second step, such as a code or approval request. If you receive a prompt you didn’t request, deny it and change your password immediately.

Check your account activity and payment details

If you entered login or payment information on a fake page, scammers may try to access your account, change settings, or use your card details.

Review recent account activity, connected devices, recovery email addresses, and payment methods to remove anything unfamiliar. If you have a paid Proton account, you can enable Proton Sentinel to help protect you from account takeover.

If you entered card details, contact your bank or card provider to freeze your card or account.

Report the scam

Cloud storage scams are part of larger phishing campaigns, and reporting them helps anti-phishing organizations track and fight these attacks.

Forward suspected emails to APWG (Anti-Phishing Working Group), an international nonprofit focused on fighting phishing, online fraud, email spoofing, malware, and related cybercrime. You can also report them to your email provider and the company being impersonated.

Why you keep receiving cloud storage scam emails, and how to stop them

Even after reporting and blocking, you might still keep receiving scam emails, and there are a few reasons why:

Your email address is on spam lists

Your email address may have appeared in a data breach, on a public website, in a mailing list, or in a marketing database sold by a data broker. Once scammers have your address, they may repeatedly target you with cloud storage scams.

Dark web monitoring is a Proton Pass feature that checks whether your email has appeared in known breaches. You can also remove your email address from public pages where possible and use email aliases when signing up to online services or apps, to hide your true email address.

You opened, clicked, or replied to a scam email before

Opening a suspicious email can sometimes confirm your address is active, especially if the message loads tracking images. Clicking links or replying gives scammers an even stronger signal that your inbox is being monitored.

Do not click links, open attachments, or reply to suspicious messages. Access your cloud storage account only by typing the official website address or opening the official app, and turn off automatic image loading in your email settings. Proton Mail removes invisible tracking from every email you receive, to hide your email activity from senders.

Scammers rotate senders and domains

Blocking one sender may not stop the scams because scammers often change email addresses, domains, and display names. The next message may look similar but come from a completely different sender.

Report these messages as phishing instead of only blocking the sender, which helps your email provider recognize similar scams and improve filtering for future messages.

Your spam filter is still learning

Some scam emails are designed to bypass spam filters by using images instead of text, strange spacing, misspellings, shortened links, or compromised email accounts that appear more trustworthy.

Continue reporting scam emails as phishing, and create custom inbox filters for repeated phrases such as “storage full,” “cloud renewal,” “payment failed,” or “account suspended.” Also check your spam folder occasionally to make sure legitimate emails are not being filtered incorrectly.

Stay ahead of scammers with Proton

Cloud storage scams work because they target two things people care about: access to their inbox and access to their files. Protecting both makes it much harder for scammers to trick you, steal your information, or pressure you into handing over payment details.

Proton Mail helps protect your email from phishing attempts with spam filtering, phishing protection, custom filters, tracker protection, and simple reporting tools. It also protects your emails with end-to-end encryption and zero-access encryption, so your inbox stays private by default.

Proton Drive gives you a safer place to store and back up your important files, photos, and documents. With end-to-end encrypted cloud storage, your files are encrypted on your device before they’re uploaded, meaning no one — not even Proton — can access them without your permission.

If these scams have made you rethink where you keep your emails and files, Proton is easy to try. With a free Proton account, you get both Proton Mail and Proton Drive, giving you a more private inbox and secure cloud storage from the start.

Create a free Proton account