The whole idea that our personal data could be indexed by Google without us even knowing it is more than daunting, it’s downright scary. NAS, network attached storage, devices are becoming one of the more popular devices to backup to in small businesses. Which is great, as they are typically very easy to setup and get backups going to them using backup software. But what a lot of people don’t think about when they buy and setup a NAS device, is that other software and services are included and installed on that NAS, unless of course, they were looking for a specific feature when researching the right device to meet their needs. NAS device manufacturers are putting all sorts of little services and features into their devices in order to try to distinguish their NAS devices from others or to target a specific market. What people don’t realize is that some of these features that connect to the cloud are enabled by default and could be exposing their private and important data to the internet without their knowledge, depending on how they are using the NAS device.
NAS Devices and Privacy: Are you unknowingly leaving your important data open to the internet?
An investigation by CSO, a company focused on providing news, analysis and research on security and risk management, reveals that some NAS devices and external hard disks connected to routers with FTP enabled have been indexed by Google. That means that the personal files on these devices have been open to the internet, which can be found via a simple Google search. CSO goes on to explain an example, in which they found what they considered to be a backup of a family’s computer stretching all the way back to 2009 via Google. CSO points out that users with Seagate Personal Cloud, Seagate Business NAS, Western Digital My Cloud and LaCie CloudBox hardware have in particular been affected since these devices come from the factory with some of these features already enabled. If you are worried that you might be in a similar situation, and are concerned about exposing data that you did not want to expose, CSO has a very thorough guide explaining how you can go about checking whether any of your files have been indexed via Google.
Besides locking down your NAS and other cloud connected devices, you want to be careful how you store the data on your devices. For instance, instead of just simply copying their data to a NAS device, if the family in the example above had diligently back up to their NAS device using a piece of software such as NovaBACKUP to backup to the NAS, in at the very least an archive type format or even better an encrypted archive format their data would not have been nearly as easily retrieved. Just think, if that NAS device that was open to the internet contained business critical documents, or worse medical patient records that were exposed, the ramifications could be significant. Take this as a wake up call to at the very least check to see what your NAS device and other storage devices can do, what is enabled, and how you are storing data to your NAS device.