Tyler Cross
Updated on: November 17, 2024
Fact-checked by Kate Davidson
Network-attached storage (NAS) devices play a vital role in many tech ecosystems, but they aren’t 100% secure. In this article, I’ll explain what NAS devices are, go over their utilities and vulnerabilities, and explain what you need to do to keep your data safe.
There are tons of different types of NAS devices in use, each with different vulnerabilities. That said, there are some general tips you can use to keep the information stored in your NAS from falling into the wrong hands.
NAS systems are great for centralized storage, but you need additional cybersecurity tools to stay safe. For one, you’ll still need an antivirus to protect your endpoints from any threats that make it into the NAS. And because hackers can read your unencrypted data as it goes from the NAS to your computer, it’s essential to use a VPN whenever you connect to your NAS. There are lots of options, but ExpressVPN is my favorite. Editors’ Note: ExpressVPN and this site are in the same ownership group.
LEARN MORE ABOUT EXPRESSVPN HERE
What Do NAS Devices Do?
Like your common thumb drive, NAS systems are used for storing digital data. But where you need to physically plug a thumb drive into your computer in order to transfer data, all you have to do is connect to a NAS device to get the job done. This is super convenient in business and institutional environments, where a larger number of networked devices can benefit from a centralized storage system.
NAS is similar to cloud storage services like Dropbox and Google Drive, but there are distinct advantages. For one, offices and homes relying on NAS don’t need to use a third-party provider, which can be appealing if you need to store sensitive data. Cloud service providers are frequently targeted by hackers and are subject to data breaches. Though NAS systems aren’t immune to hackers, they are sometimes considered safer.
In short, NAS devices allow connected devices to share files without the need for physical interaction. Unlike most cloud services, they don’t rely on third-party hardware and are more of a closed system.
How Safe Is NAS?
Generally speaking, NAS systems are safe — but they are by no means invulnerable. Keep in mind that there are hundreds of different models for NAS devices, and that these can run on a number of different operating systems. Both of these factors will affect the security of an NAS setup, as will the apps and devices that connect with the NAS, the password, and the established protocols for how users engage with it.
Beyond basic password protection, NAS systems offer other tools to stay secure. Many devices use data redundancy through systems such as RAID configurations to protect against data loss due to hardware malfunctions.
Another positive is that most NAS devices can be set to encrypt data stored within the system. Just know that the data is only encrypted while in the NAS; it gets decrypted as it’s transmitted from the NAS to another device. For this reason and others, it’s best to use a VPN like ExpressVPN while connecting to a NAS device. A good VPN will encrypt all your data and make it unreadable.
On the other hand, as physical objects, NAS devices face vulnerabilities that cloud storage alternatives do not. They can be damaged by accidents and natural disasters, suffer hardware failures, and be compromised by physical tampering. Furthermore, NAS devices are still vulnerable to ransomware, social engineering attacks, and other threats.
It’s also worth mentioning that no data storage solution is safe unless you keep regular backups. Whether you lose your data due to a hardware malfunction, malware, theft, or anything else, having a backup means will allow you to recover from serious incidents.
Editors’ Note: ExpressVPN and this site are in the same ownership group.
The Risks of Using NAS
NAS is a great storage solution in a lot of environments, but it isn’t perfectly safe. Before implementing NAS at your home or office, you need to consider the risks. The good news is that most of these risks can be mitigated by following best-use practices and using the right cybersecurity tools.
The main risks NAS systems face include:
- Unauthorized access. Weak passwords, default settings, and data leaks can all lead to hackers gaining unauthorized access to your NAS. It’s critical to protect your NAS with a strong password and enable MFA. Make sure everyone who accesses your NAS does so using the best security protocols, and consider requiring employees to use a high-quality password manager whenever they access the NAS. Careless users can inadvertently allow others to compromise the system.
- Disgruntled employees or human error. Be careful who you allow to access your NAS. A disgruntled employee could steal or leak your data as a way to get revenge against you or the organization that runs the NAS.
- Malware. Threat actors are constantly working on new strains of ransomware specifically designed to infect NAS devices. If your device falls victim to such an attack, hackers will attempt to extort you. While many NASs have some forms of anti-malware protection, it’s usually not enough. I highly recommend protecting your endpoints with a top antivirus like Norton.
- Network vulnerabilities, including data leakage from other devices. This point is a bit more abstract, but essentially, any device connected to your network is a potential vulnerability. All of these devices will need to be able to send and receive data from the NAS device. As a result, if your network or any devices connected to the NAS are compromised, your NAS could meet the same fate.
- Physical theft. Since NAS systems take the form of physical objects, they can be stolen. Control who has access to the physical location, and make sure they take every security precaution to protect the premises.
- Command injections. This may be the biggest threat that NAS systems face. A command injection is when hackers inject lines of code into your system to trick it into running arbitrary functions and creating new vulnerabilities. The arbitrary code could steal your data, spy on you, or infect the device with crippling malware. Command injections are particularly effective at stealing data from your NAS and due to their adaptability, NAS developers struggle to keep up with the newest injections.
Don’t let my page-long list of its risks scare you away, though. As you’re about to see, there are a lot of tips and tools you can use to keep yourself safe.
Tips for Using NAS Safely
Using NAS safely isn’t hard, but it requires you to be vigilant. Make sure you treat these tips more like requirements. Skipping even one of these can put all of the data on your NAS at risk.
- Use strong passwords. Your NAS needs to be protected with a strong and unique password that no one could possibly guess. Use a combination of upper-case letters, lower-case letters, numbers, and symbols. Change all default passwords immediately and don’t use simple passwords like 12345. You should also require everyone accessing the NAS to use a password manager. Some NAS devices come with password management software, but it’s worth considering more user-friendly and feature-rich options like 1Password.
- Enable Multi-Factor Authentication (MFA). A password, however uncrackable, shouldn’t be the only thing someone needs to access your NAS. Enable MFA so that users need to provide additional authentication through a third-party app, phone number, or email. Most NAS options offer this by default, so just make sure not to turn it off.
- Make sure your NAS firmware, OS, and apps are up-to-date. Unless you’re running the latest version of your NAS device’s firmware, you’re creating an opening for hackers. Make sure that you regularly check your OS and apps for new updates. Companies typically update their services regularly to patch exploits and vulnerabilities.
- Change your default ports. Hackers frequently launch attacks on default ports, since that’s what most people use. To secure your system, change your default ports and close all ports that you don’t use for communication. This doesn’t prevent hackers from probing your defenses, but it does make it less likely that you’ll be hit by automated intrusion attempts.
- Keep backups. Always keep backups of your important data, just in case. This is true of regular hard drives, cloud storage services, and NAS devices. That way, if your storage gets stolen via ransomware or something else, you can immediately restore everything you’d have otherwise lost.
- Use a good firewall. Most NAS devices come with a firewall, but you’ll need to set it up properly to protect your system. Additionally, you’ll need to protect every device that connects to your NAS with a third-party firewall. Remember, ransomware and other threats can spread from your NAS to other devices and vice versa, so it’s essential to have the proper defenses set up on every link in the chain. The best commercial antiviruses come with firewalls that can work with most computers and other endpoints. In particular, I really like Norton’s smart firewall because of the wealth of customization options.
- Install reliable antivirus software. Ransomware and other threats can cripple your NAS device and steal your data. As such, you need to take measures to protect your network. As most NAS devices use Linux, you’ll need to look for a Linux-compatible antivirus. That said, the rest of your devices need protection too. A good antivirus will scan any file on your device, including anything transmitted from the NAS to your endpoints. Norton is my top pick, but
Bitdefender is notable for having a business plan that works on Linux devices as well.
- Use a VPN whenever you use your NAS. While most NAS systems encrypt data, this is only applied during storage. To stop someone from viewing your data while it moves from the NAS to another device, you’ll need a VPN that protects incoming and outgoing data. Many companies require users to use a VPN while connecting to NAS, and you should too. There are lots of options, but my top pick is ExpressVPN thanks to its top-notch security and great features.
These tips are essential for protecting your NAS and wider network. What’s more, following these practices will improve your security even absent an NAS system.
Editors’ Note: ExpressVPN and this site are in the same ownership group.
Frequently Asked Questions
What is the point of NAS?
NAS provides a centralized data storage system that can be accessed by remote users. It connects to your network, rather than your computer, and has security features designed to prevent unauthorized access. Many modern NAS devices also provide data encryption (the storage itself is encrypted, but without a good VPN your data isn’t protected during transmission).
Think of it like the network equivalent of a thumb drive. It’s something that you plug in to give yourself extra storage space, but thanks to its centralized design, it’s pragmatic for businesses or households with multiple people who need to access the same data.
Should I use NAS?
Using NAS is very convenient if you need a centralized place to store, share, and remotely backup and restore data. It’s a practical choice, whether you’re a home user who needs to manage a lot of data or a business that requires a centralized data access point and doesn’t want to rely on external hard drives or cloud services.
But, if you don’t have a pressing need for centralized data control or a ton of extra storage, you do not need NAS. You also don’t need it if you already have enough hard drive space or you have a cloud service provider that you trust. It even has unique security risks. Speaking frankly, it’s not something everyone needs.
What tools make NAS safer?
There are a number of practices and cybersecurity tools you can adopt to make your NAS system safer. For example, a good antivirus, like Norton, will keep your endpoints safe from ransomware, while a good password manager will make accessing the NAS safer and alert you if your password has leaked on the dark web. Beyond software, it’s important to set up protocols that everyone with access to the NAS follows, and to protect the physical device from harm.
What types of threats should I be aware of while using NAS?
NAS is vulnerable to a variety of threats, including malware, unauthorized access, network vulnerabilities, and ransomware attacks. While most of these devices come with some security features, like backup and recovery options, they aren’t safe on their own.
There are plenty of ways to protect yourself, though. Consider employing a reliable firewall and antivirus engine. A firewall protects your network from intrusion and exploit attempts, preventing hackers from striking via your Wi-Fi, while a good antivirus prevents malware and ransomware from being able to infect your files. Most modern devices also offer MFA options, which prevent unauthorized access.
