[_hnwo]

Why is it open to the internet?

Don't do that.

You say it was "behind your router" but I think you've specifically opened ports to your NAS (or you have some sort of NAT and the NAS has done it)

Restrict access (if you must open it to the internet, open to only specific IP addresses) or better yet disable it, and use an ssh port-forward if you really have to get to it.

[macNchz]

I don't have any Synology products, but I have a few things on my home network that I like having access to remotely, and my solution has been to put a Raspberry Pi running dyndns and OpenVPN between my home network and the open internet. This way I only need to make sure the Pi is up to date and that OpenVPN is configured and hardened properly, and my potential attack surface area doesn't change no matter how many things I add to my network that I want to access remotely.

[xorcist]

So you advocate to buy a NAS and then disconnect it from the Internet, for security reasons? Might just as well turn it off completely, if your use case is similar to mine.

Is it really to much to ask to use the Internet as it was intended? We should consider these products broken.