People here likely know how to do all that safely, but lots of less technically inclined people end up with their data encrypted and have to choose between starting over or paying a ransom. I have a QNAP device so I follow their subreddit and there's a steady stream of people who have lost everything to ransomware because their NAS was visible from the internet. I follow the standard advice from that subreddit - keep it behind a firewall with UPnP turned off and no ports forwarded to the NAS and never enable MyQNAPCloud (or whatever it's called).
Yup. QNAP software quality (and hardware) is complete garbage. I’ve off and on tried to incorporate them into my “system” and they always let me down. You’re putting everything at risk using one of their boxes.
