Means
Ability to Modify Cloud Resources
Access
Aiding and Abetting
Bluetooth
Bring Your Own Device (BYOD)
Clipboard
Delegated Access via Managed Service Providers
FTP Servers
Installed Software
Media Capture
Network Attached Storage
Physical Disk Access
Placement
Printing
Privileged Access
Removable Media
Screenshots and Screen Recording
Sensitivity Label Leakage
SMB File Sharing
SSH Servers
System Startup Firmware Access
Unauthorized Access to Unassigned Hardware
Unmanaged Credential Storage
Unrestricted Software Installation
Unrevoked Access
Web Access
- ID: ME008
- Created: 25th May 2024
- Updated: 01st August 2025
- Contributor: The ITM Team
Network Attached Storage
A subject can write to a Network Attached Storage (NAS) device outside the organization’s control. In remote or hybrid settings, the subject’s ability to access NAS devices on their personal LAN — from a corporate-managed endpoint — introduces a persistent and often unmonitored risk vector.
These consumer-grade platforms (e.g., Synology, QNAP, WD My Cloud) fall outside the scope of organizational governance, yet remain fully accessible when the subject is working from home. If reachable, they provide a standing means to stage, duplicate, or transfer sensitive enterprise data.
This capability is particularly dangerous when VPN configurations permit split tunneling, unintentionally allowing local subnet access alongside corporate resources. Even in the absence of deliberate misuse, the continued accessibility of these unmanaged file-sharing services expands the subject’s technical means and circumvention potential.