Just sharing some of the method i took to secure my QNAP NAS, if you have additional idea on how to further secure the NAS please comment. thanks

1. Disable default admin account and create a new administrator account
2. use very strong password,
3. 2nd factor authentication,
4. hard disk encryption (it will be more secure to manually enter the password every time NAS reboot instead of saving it)
5. turn off services that you are not using
6. forced https connection only and use custom port number
7. install anti virus, anti malware,
8. enable auto update,
9. turn off 3rd party app install,
10. enable qnap security counselor,
11. turn on notification for all events
12. subscribe to security advisory newsletter
13. more tips https://www.qnap.com/en/how-to/faq/article/how-to-make-your-turbo-nas-more-secure/