Recently I have revived my Seagate Dockstar and attached a 4 TB USB HDD to be used as Network Storage.
The former USB HDD used for this purpose has 1 TB and contains a mixture of data (Multimedia, backups, banking software data base, scanned copies of bills for tax and warranty purpose etc.)
I have copied the contents of 1 TB HDD to a 1 TB Partition of the new 4 TB HDD. Beneath this I have created two further 1.5 TB partitions intended for multimedia and temporary backup data. Actually I am on the way to sort the data from first partition to the partitions intended to keep it...
Up to now the SMB access to all the partitions is public, without username/password.
As my son is 16 years old, I see a realistic risk to catch a crypto trojan sooner or later ...
Thus I wanted to protect at least the most sensible data in the first partition.
Is there any other way than to define a set of different SMB users with according more granular SMB shares and keep the passwords of the users with right to access sensible data secret (no credential storage in windows explorer)?
Are there additional things to do to harden the sensible data against crypto trojans? (Beneath backups to offline media, e.g. USB HDDs only powered during backup process)