Protecting Network Accessed & Other Storage Devices

<  Back to Fact Sheets
Protecting Network Accessed & Other Storage Devices
What’s the Threat?

It’s good cyber security practice to backup your data and files. In fact it’s one of the key recommendations by the Australian Signals Directorate on good cyber security practice. But backup storage devices are not immune to attacks themselves and a lot of individuals and organisations may think they are following best practice, but don’t think about the security of these devices. IDCARE continues to see persistent threats from malware and ransomware targeting backup devices. Often these threats focus on devices that have not been “patched” or “updated” with the latest version of their provider’s system. Just like those annoying updates for the applications on our phones, backup storage devices also need updating (more of countermeasures below).

Popular Backup Storage Devices

Backup storage devices are also known as external hard drives and Network-attached storage (NAS). Popular brands include Seagate, WD Black, Synology, ScanDisk, QNAP, Lacie, and Samsung. The key difference between backup storage devices that are external hard drives and the NAS variety, is that the latter has a lot more functionality and is ‘networked’. These devices are not necessarily connected to one device, but can be used to store backup files across a network or multiple devices. NAS can continue to be available when computers are turned off. NAS devices can also allow users to access their content whilst working remotely, effectively “logging in” to access files wherever a person can get online.

Protection Measures
  • Choose complex passwords. NAS devices can be subject to a brute force attack where attackers robotically persist with trying to crack the password.
  • Limit Internet of Things device connectivity. Yes, your fridge and TV can connect to your NAS. Whilst this may be inadvertent or not very useful at the moment, we find that IoT devices tend to lag on their security and their updates.
  • Disable default Admin Account and Create a New Administrator Account. Like most Modems and Routers and IoT devices the standard factory password for administrator accounts are widely publicised and known. To address this deficiency, disable the default account and create a new one with a new password.
  • Use one that uses Multi-Factor Authentication (MFA). This means that logging in requires that users must also enter a code that is only accessible by the individual account holder. It means that the chances of a brute force attack diminish considerably.
  • Hard disk encryption. Encrypt your NAS and backup drive contents so that should unauthorised access occur, the information accessible cannot be decrypted.
  • Turn off services you are not using. Limit your footprint and exposure to only what’s required.
  • Enable auto-updates. Like anti-virus, the best way to update applications and operating systems is to make it automatic.
  • Use a Virtual Private Network. With a VPN installed on your NAS device the traffic (files) sent over the VPN network will ensure they remain private and secure.

For additional support or information, contact IDCARE by submitting a Get Help Form or call 1800 595 160 (Aus) or 0800 121 068 (NZ).


Identity Care Australia & New Zealand Ltd (IDCARE) provides identity and cyber security incident response services (the Services) in accordance with the following disclaimer of service:

  • IDCARE is Australia and New Zealand’s national identity and cyber incident community support service. IDCARE is a not-for-profit and registered Australian charity.
  • The Services provided do not constitute legal advice. IDCARE recommends that you consult your own legal counsel in relation to your legal rights and obligations, including but not limited to your legal rights or obligations under Australian and international privacy and data protection laws.
  • While every effort has been made to ensure the accuracy of the content provided, to the maximum extent permitted by law all conditions, terms, representations, and warranties (in each case, whether express or implied) in connection with the provision of the Services which might otherwise be binding upon IDCARE are excluded.
  • IDCARE’S liability for any loss or damage suffered by any person or organisation (including, without limitation, any direct, indirect or consequential loss or damage) arising out of or in connection with the Services (including without limited liability for any negligent act or omission, or statement, representation or misrepresentation of any officers, employees, agents, contractors or consultants of IDCARE) shall be limited to the fees paid by you to IDCARE in respect of the Services. For the avoidance of doubt, this limitation of liability extends to any liability arising from any actions performed or not performed as a result of any recommendations made in the course of providing the Services.
  • If you would like to provide feedback please use our Feedback Form.


IDCARE is here to provide you with specialist support and guidance when faced with a cyber and identity related issue. Contact one of our Identity & Cyber Security Case Managers to learn more about our Support Services and how we can help you.   

Get help

Submit a web request

Call Centre Icon


1800 595 160

Mon - Fri: 8am - 5pm AEST

QLD: 07 3555 5900
ACT & NSW: 02 8999 3356
VIC: 03 7018 2366
NT, SA & WA08 7078 7741

Call Centre Icon

call our NEW ZEALAND

0800 121 068

Mon - Fri: 10am - 7pm NZST

AKL: 09 884 4440