Beware Domain Name Renewal Phishing Attacks

/in /by

Most phishing attacks are easy to identify, but we’ve just seen one that’s more likely to evade detection. Those who own personal or business Internet domain names—to personalize their email or provide an online presence for their website—may receive fake messages claiming that a domain has been deactivated due to a payment issue. Because scammers can determine when domain names are due to expire and the name of the company hosting the domain, the urgency triggered by a message that appears to be from the domain host and arriving near the renewal date may cause someone to click a link they shouldn’t. This particular one wasn’t even that well crafted and still caused the recipient brief concern until they manually went to DreamHost and verified that nothing was wrong with their domain payment. Stay alert out there!

(Featured image by iStock.com/weerapatkiatdumrong)

Social Media: Phishing scams are becoming more sophisticated. A message that seems to come from an Internet domain host and arrives around the time of a domain renewal could deceive even experienced users.

Try Blip for Fast Transfers of Any Size Between Platforms

/in /by

For file transfers, Apple users routinely rely on tools like AirDrop, Messages, email, cloud services, and public sharing websites, but these solutions can fall short when dealing with very large files, sharing across platforms, or confidential data. For such scenarios, Blip offers a reliable solution that works across Macs, iPhones, iPads, Android devices, Windows, and Linux machines. It transfers files of any size directly between devices, with no intermediate servers, encrypting its traffic for security. It handles uncompressed folders, offers high transfer speeds, and automatically resumes interrupted transfers—particularly valuable features when working with large media files or project folders. Blip is free for personal use or $25 per month for commercial use, making it easy to determine if it will be helpful for your business.

(Featured image by iStock.com/Makhbubakhon Ismatova)

Social Media: Looking for a better way to transfer large files across devices and platforms? Blip offers secure, direct file transfers between Apple devices and other platforms, with no size limits and automatic resumption of interrupted transfers.

Apple Silicon Macs Can’t Boot from the DFU Port

/in /by

Booting from an external SSD (hard disks are too slow) provides a convenient way to test specific versions of macOS or troubleshoot problems with your Mac’s internal storage. However, a little-known gotcha has caused untold hair loss among those trying to boot from an external drive. Macs with Apple silicon cannot start up from external drives connected to their DFU (device firmware update) USB-C port. The only way to determine which port this is on a given Mac is to look it up on Apple’s website. If your Mac won’t boot from an external drive, connect it to a different USB-C port.

(Featured image by iStock.com/ardasavasciogullari)

Social Media: If your Apple silicon Mac won’t boot from an external drive, the issue may be related to which USB-C port you’re using—the special DFU port cannot be used for booting from external drives. Learn how to identify that port on your Mac.

Make Sure to Check Settings on Multiple Devices

/in /by

We recently helped someone having trouble with 1Password requesting their password repeatedly on their iPad, but not on their iPhone. Since 1Password’s data syncs between devices, this person didn’t realize they needed to configure the app’s security settings separately for each device. It’s appropriate for 1Password to separate security settings—one device could be used in a much more sensitive environment than another—but it’s also easy to see how a user might be confused about the difference in behavior. All this is to say that if you are annoyed by an app or operating system behaving differently depending on the device you’re using, compare the settings and ensure they’re set appropriately for each device.

(Featured image based on an original by iStock.com/towfiqu ahamed)

Social Media: Is your app behaving differently on different devices? The culprit might be device-specific settings. To avoid frustration, check and synchronize your preferences across all devices to ensure consistent behavior where appropriate.

Consider Business Cyber Insurance

/in /by

When discussing digital security, we typically focus on preventive measures, such as using strong passwords with a password manager, enabling multi-factor authentication, keeping systems up to date, maintaining regular backups, and training employees to recognize potential security threats. While these practices are essential, they don’t guarantee complete protection.

No one is immune to online attacks—the most security-conscious organizations and individuals can still become victims. Even security experts occasionally click something they shouldn’t have or forget to keep a little-used system up to date. A single employee opening a convincing phishing email, a momentary lapse in judgment, or a zero-day vulnerability can lead to devastating consequences.

According to the FBI’s Internet Crime Complaint Center (IC3), cybercrime-related losses from 2020 through 2024 are estimated at $50.5 billion, with IC3 receiving 4.2 million complaints. Most concerning is the rising trend in the frequency and severity of these attacks.

Given these statistics and the reality that perfect security is impossible, many are looking to protect themselves from possible financial losses. Just as fires and accidents make home and auto insurance necessary, these ever-increasing threats from phishing, malware, and other forms of digital attack make cyber insurance an important consideration for both companies and individuals. We’ll focus on businesses here and explore personal cyber insurance in a future article.

What Is Business Cyber Insurance

Cyber insurance for businesses helps companies recover from security breaches and online attacks. Unlike traditional business insurance policies, cyber insurance focuses on the risks of using technology to operate or to store sensitive data online. Businesses of all sizes are vulnerable, but small and medium-sized businesses are often targeted because they lack the robust security infrastructure of larger enterprises.

Industries that are especially at risk include healthcare, financial services, retail, and professional services, but no sector is immune. You may have cause for additional concern if your company collects customer information, processes payments, or maintains a significant online presence, but realistically, every business that uses email or conducts online banking is vulnerable.

What’s Covered

A business cyber policy typically includes two core types of coverage:

  • First-party coverage: This coverage responds to direct costs incurred by your company, including legal expenses, data breach response and notification costs, ransomware payments and recovery expenses, business interruption losses, data restoration, system replacement, and crisis management.
  • Third-party coverage: Also known as liability insurance, this coverage protects you against claims from others affected by the breach, including legal defense costs, settlements, regulatory fines and penalties, and PCI-related fines associated with credit card processing.

What’s Not Covered

However, it’s essential to be aware of common exclusions to business cyber insurance, the most important of which are:

  • Weak security processes: Insurance doesn’t exempt you from maintaining a strong security stance—if you aren’t requiring strong passwords, providing security training, and correcting known vulnerabilities, the policy won’t cover you. Insurers will likely require verification of minimum cybersecurity practices before providing coverage.
  • Prior breaches: Just as health insurance may not cover pre-existing conditions, cyber insurance typically does not cover events that occurred before the policy was taken out.
  • Insider attacks or misconduct: Deliberate or fraudulent acts by company leadership or employees generally aren’t covered. Employees are a company’s greatest resource, but they can also be its greatest weakness.

Shopping for Business Cyber Insurance

How much will business cyber insurance cost? It varies based on your company size and revenue, industry sector, type and amount of sensitive data stored, security practices, coverage limits and deductibles, and claims history. That said, small businesses with yearly revenues under $1 million typically have annual premiums ranging from $500 to $2,000. Mid-sized firms often pay between $2,000 and $10,000, and large companies can expect premiums in the tens of thousands.

It’s common—and entirely understandable—to hesitate to purchase cyber insurance due to concerns about the cost. However, the potential financial impact of an incident is often significant. IBM’s 2024 Cost of Data Breach Report found that the average cost of a data breach was $4.9 million globally, but $9.4 million in the United States. Although IBM doesn’t break out costs by company size, those costs are likely for larger companies. Nonetheless, a Financial Times report notes that users at small and medium-sized businesses were twice as likely to encounter threats as those at large companies.

Choosing the right cyber insurance broker is as important as selecting the policy itself, and you’ll want to involve your security team in the search. Look for someone specializing in cyber coverage who has technical expertise in cybersecurity practices, strong relationships with underwriters, and a track record of providing active claims support. A good broker will not only find competitive pricing but also help tailor coverage to your specific risks and ensure you’re prepared to meet underwriting requirements.

When comparing cyber insurance options, pay attention to the details. Confirm that the policy addresses risks specific to your situation and provides sufficient financial protection for your potential exposure. Pay close attention to exclusions—there will be more than those listed above. Research the insurer’s claims process and reputation for responsiveness, as timely support during an incident is crucial. Finally, inquire about additional risk management services offered by the insurer that may provide valuable preventative resources to complement your coverage.

Start Researching Cyber Insurance Now

Unfortunately, the frequency and risk of cyber attacks are on the rise. Proactive security measures are key, but a single mistake or oversight could have dire outcomes. Cyber insurance provides an important safety net in the event of a breach or attack that evades your best efforts.

We won’t pretend that finding and purchasing cyber insurance is simple, but we can help with finding a good cyber insurance broker, evaluating the policy, answering application questions, and ensuring that your company meets the necessary security requirements.

(Featured image by iStock.com/Who_I_am)

Social Media: Cyber insurance can protect your business from crippling financial losses after a security breach. Learn what’s covered, what’s not, and how to shop for the right policy for your company.

Share Wi-Fi Network Passwords Using QR Codes

/in /by

A neat feature built into iOS, iPadOS, and macOS is that when you are connected to a Wi-Fi network, your devices will offer to share the Wi-Fi password if others near you try to connect to the same network. However, for this feature to work, they must be in your Contacts, and at times, it doesn’t activate as quickly as you’d like. Apple’s new Passwords app on an iPhone, iPad, or Mac provides a manual alternative that may work better. Tap the Wi-Fi collection to see all your remembered networks, select the desired network, and tap Show Network QR Code. When others scan the QR code using their phones, they will instantly join the network.

(Featured image by iStock.com/PrathanChorruangsak)

Social Media: While Apple’s automatic sharing of Wi-Fi passwords feels like magic, it doesn’t work in every situation. For a more reliable manual approach, use the Show Network QR Code feature in the new Passwords app.

Don’t Assume That Top Google Search Results Are Guaranteed Safe

/in /by

We hate to encourage paranoia, but all is not well with Google Search. Recently, we’ve heard of multiple instances where people were nearly taken advantage of due to relying on the top result in a Google search. In one case, a user called a purported HP support phone number directly from the search results but ended up speaking with a scammer. In another, a user thought they were downloading the latest version of Dropbox but got malware instead. In neither case could we reproduce the error, but they may have resulted from “SEO poisoning,” a malicious technique in which cybercriminals manipulate search engine optimization (SEO) strategies to elevate harmful websites in search results. In short, don’t assume that a site at the top of Google search results is guaranteed safe when downloading software or contacting a company. It’s best to navigate directly to a company’s official website before trusting that corporate information and software downloads are legitimate.

(Featured image based on an original by iStock.com/Armastas)

Social Media: You know that the phrase “I read it on the Internet, so it must be true” is absurd, but you should extend that skepticism to Google search results. We’ve seen two recent instances of malicious content bubbling to the top of searches. Trust but verify.

With iOS 18.2 and Later, You Can Share the Location of Lost Items in Find My

/in /by

In iOS 18.2, Apple enhanced the Find My app, enabling you to create a temporary Web page that shares the location of a lost AirTag or other Find My-tracked item. You don’t need to know the person’s email address or share any other information, and the link automatically expires after a week. It’s a great way to enlist others in the search for a lost item, but the big win is sharing with an airline to help them track the location of misdirected luggage. It’s easy: open the Find My app, tap Items, select the desired AirTag or other item, tap Share Item Location, and then share the provided link via text message, email, or any other method. The item’s location automatically stops being shared if it’s reunited with you, or you can end sharing manually.

(Featured image by iStock.com/yacobchuk)

Social Media: The new Share Item Location feature in Find My enables you to share the location of a lost AirTag or another item tracked by Find My with anyone, including airline reps who can use it to locate lost luggage for you.

Apple Says More Personalized Siri Will Be Delayed

/in /by

As we’ve been covering Apple’s staged rollout of Apple Intelligence, one announced feature that has remained tantalizingly in the future is the enhanced version of Siri that would have onscreen awareness, understand your personal context, and be able to interact with apps. The company has quietly admitted that this new version of Siri isn’t ready yet and now says it anticipates rolling it out in the coming year. That probably means in conjunction with some version of iOS 19 and macOS 16, expected to debut in September 2025 and receive updates through early 2026. In short, don’t expect this new Siri anytime soon. We’d prefer to see Apple get Siri to succeed at all the tasks it’s supposed to handle now—too many of the things we try to do with Siri fail.

(Featured image based on an original by iStock.com/Bogdan Malizkiy)

Social Media: If, like us, you’ve been eager to try the Apple Intelligence-enhanced version of Siri that Apple announced at its Worldwide Developer Conference in 2024, we’re sorry to say that we all have longer to wait.

Security Precautions to Take While Traveling

/in /by

When we think about digital and device security, we mostly think about the fixed locations where people spend most of their time—home, school, and work. But what about when you’re traveling? Some security concerns remain the same when you’re on the road, but new ones crop up.

We’ll assume that you already keep your devices up to date, use FileVault on Macs, have at least a six-digit iOS passcode, have strong password habits, and use multi-factor authentication wherever possible. Other options are more specific to travel.

As with our more general article about increasing security last month, we’ve divided our list of suggestions into two parts: things that everyone should do and measures that only people who worry about being specifically targeted should employ.

Sensible Travel Security Precautions for Everyone

These suggestions are appropriate for everyone who travels, and they’re aimed primarily at avoiding relatively common problems: loss, theft, data loss, and generalized snooping:

  • Focus on physical security: As a tourist, you may be targeted by thieves, so it’s important to keep your iPhone in a secure pocket whenever you’re not using it. Carry an iPad or laptop in a bag that can’t be snatched, or leave them locked or at least concealed in your hotel room.
  • Enable Find My for all your devices: You should have already done this, but if not, enable Find My to improve your chances of finding a device you lose or accidentally leave behind. It might help if the device is stolen, but local police cooperation for recovering stolen items can vary widely. Don’t attempt to recover a stolen device yourself.
  • Put AirTags in your luggage and laptop bags: AirTags can help you track down lost luggage—you can now share their locations with airlines—and prevent you from accidentally leaving bags behind. An AirTag may also help with locating a stolen item, but always work with local law enforcement.
  • Enable biometric authentication and Stolen Device Protection: Using Face ID or Touch ID wherever possible and having Stolen Device Protection enabled on your iPhone in Settings > Face/Touch ID & Passcode is even more important when traveling.
  • Use a VPN or iCloud Private Relay: Because you may be using Wi-Fi networks whose security you know nothing about, it’s best to use a VPN like Mullvad VPN, NordVPN, or ProtonVPN to encrypt all your traffic. At a minimum, use iCloud Private Relay, which requires an iCloud+ subscription and won’t encrypt traffic from most non-Apple apps.
  • Use iCloud Photos or another backup option: To ensure you don’t lose precious vacation photos, use iCloud Photos so all your photos are uploaded to the cloud whenever you have access. This will almost certainly require an iCloud+ subscription for sufficient storage space. If Wi-Fi and cellular are too slow or unavailable, consider an external SSD to which you can manually export photos and videos for backup. To speed up the process, you could create a shortcut that automatically copies all photos taken that day.
  • Use iCloud Backup: It’s best to use iCloud Backup to back up your entire iPhone every night. That way, if your iPhone is lost or destroyed, you may be able to buy a replacement and restore from backup in relatively little time. You will probably need an iCloud+ subscription to have enough backup space.
  • Practice dealing with a lost or stolen device: If the worst happens and you lose one of your devices while traveling, you need to know what to do. Immediately go to Find My on another device or iCloud.com and mark the device as lost. If there’s a chance of getting it back, stop there. However, if you believe the device was stolen, your data is at risk, and tracking it is no longer useful, use Erase This Device in Find My to wipe it. Activation Lock will remain enabled to prevent anyone from reusing the device.

Increasing Travel Security for People Who May Be Targeted

Not all travel is fondue and gamelans. If you’re a journalist, activist, government employee, or corporate executive with access to sensitive data, you could be a target while traveling. This is particularly true if you are headed to countries like China, Russia, or others with authoritarian governments and powerful intelligence agencies. Along with the suggestions above, we recommend:

  • Be aware of local laws and government practices: It’s important to read up on regional laws regarding data access and potential government capabilities at your destination. Knowing what to expect can help you reduce your risks and take appropriate precautions.
  • Use caution with cellular access: Even if your carrier allows roaming, consider using a dedicated eSIM for international travel, separate from your personal one. That way, you can use local cellular networks without revealing your home number. Be aware that your traffic may be monitored.
  • Enable Lockdown Mode: If you’re concerned about your iPhone or iPad being targeted by local law enforcement or government intelligence agencies, turn on Lockdown Mode in Settings > Privacy & Security > Lockdown Mode. To increase security, it blocks most attachment types in Messages, complex Web technologies, incoming FaceTime calls from unknown callers, non-secure Wi-Fi network connections, and incoming invitations to Apple services. Plus, it excludes location information from shared photos, requires approval to connect accessories, and more.
  • Reduce and protect your use of cloud services: While using a VPN is essential, you should still avoid using cloud services much if government entities might have access to stored files. If you need to upload files, encrypt them first using the free and open-source Cryptomator.
  • Know how to disable Face ID and Touch ID: If you find yourself in a situation where you believe you may be compelled to unlock your iPhone or iPad with your face or fingerprint, press and hold the side or top button and either volume button to display the power off slider. This temporarily disables biometric authentication, requiring your passcode for the next unlock.
  • Use dedicated travel devices and accounts: If you’re traveling to a potentially hostile part of the world, we strongly recommend carrying only devices—preferably iPhones or iPads, which are more secure than Macs—configured to contain none of your personal data or regular accounts. Keep them with you at all times, assume they could be confiscated, and be aware you might be compelled to share passcodes or other account information. Create a separate Apple Account for such devices.

Best of luck in your travels! With just a little preparation, you can reduce the chances that something bad will happen during a vacation. If you’re traveling on business to somewhere more concerning, putting in additional effort could prevent truly problematic things from happening.

(Featured image by iStock.com/metamorworks)

Social Media: Security at home is one thing, but what about when you’re on the road? Many of the same precautions apply, but depending on your level of concern and where you’re going, additional techniques can help keep you and your data safe.