There is additional discussion and suggestions on what one can do if they have an OS3 My Cloud that either cannot be updated to OS5 (ie first gen v4.x single bay My cloud) or that is running v2.x firmware that one does not want to update to OS5 for whatever reason.
At the very least one can disable all methods of remote access on their My Cloud by accessing the My Cloud Dashboard and disabling remote access options (FTP, Cloud Access, etc.) in the Settings section.
One should go a step further and access their local network router and see if their router offers the capability to block all inbound/outbound connections through the router firewall to the My Cloud.
One could even go a further step and disconnect the My Cloud from their router and connect it directly to a local computer that has an available Ethernet port and use the My Cloud, on that one computer, as a glorified external hard drive.
How to Access a My Cloud When Connected Directly to a Computer
https://support-en.wd.com/app/answers/detail/a_id/16312
In the end though, because WD has indicated the v4.x single bay My Cloud will no longer receive security updates, any security vulnerabilities that currently exist, or that are discovered in the future, will not be patched by WD. And those vulnerabilities will potentially be exploitable so long as the unit is operating with the latest/last OS3 firmware (v04.05.00-342).
