On my WD MyCloudMirror Gen 1, which cannot be updated to OS5 and sits on my LAN, I have taken the following precautions:
- passwords on all users - even those with low-privilege user accounts
- disabling ftp server - (I understand that the FTP server would allow people to upload and then run files using the default FTP passwords or anonymous remote access with write access enabled).
- disabling cloud access
- all backed up
But from the management app I can still use the Web File Viewer app to see the files. Does the WFV actually communicate via the web, or is it just a fancy name from browsing the NAS over the LAN?