Just sharing some of the method i took to secure my QNAP NAS, if you have additional idea on how to further secure the NAS please comment. thanks
- Disable default admin account and create a new administrator account
- use very strong password,
- 2nd factor authentication,
- hard disk encryption (it will be more secure to manually enter the password every time NAS reboot instead of saving it)
- turn off services that you are not using
- forced https connection only and use custom port number
- install anti virus, anti malware,
- enable auto update,
- turn off 3rd party app install,
- enable qnap security counselor,
- turn on notification for all events
- subscribe to security advisory newsletter
- more tips https://www.qnap.com/en/how-to/faq/article/how-to-make-your-turbo-nas-more-secure/