This post was updated on July 7, 2025
Work pressure and irregular staffing make any holiday or travel season the perfect occasion for threat actors. Besides direct attacks on your infrastructure, phishing and other scams targeting employees become more successful through exploiting communication and staffing gaps. Routine maintenance also becomes more difficult with fewer (qualified) hands to do the job. And if there are any remote or hybrid employees in the mix, it looks like you (sysadmin, tech consultant, designated IT person) will be the go-to person, even if you’re technically away on the beach somewhere along the equator.
But why is it so hard to catch a break for IT professionals? Synology’s solutions are already comparatively simpler to manage and maintain than other data center equipment, so why don’t we take it up another notch? That’s why we’ve been building some tools to make large deployments easier to manage and easier to protect. So how to ensure that phishy links clicked on by employees don’t lead to unwarranted access? And how to keep your Synology devices protected, available, and fit to perform throughout the holidays, without having to drop into your admin account?
Ensure login and data security while taking it easy
We introduced Synology Active Insight to give you a birds-eye view of your entire deployment, whether just a handful of units or several hundred. With Active Insight, you’re getting performance, system health, resource use, security alerts, and Hyper Backup task statuses all consolidated in one intuitive portal and mobile app.
Synology Secure SignIn is more than a new name for our login security options. It offers safer and faster ways to implement passwordless login and two-factor authentication (2FA), Windows Hello and macOS TouchID for biometric authentication, support for FIDO2/U2F hardware keys (like YubiKeys), and a login approval process through the new companion mobile app. Secure SignIn lets you protect all your Synology devices conveniently — ensuring that giving away passwords doesn’t equal granting access.
Set up hardware monitoring
To make sure that you can confidently leave your Synology deployment unattended, you’ll want to ensure you receive important notifications and are able to check in on all the key information about your servers. Enable Active Insight on your devices and take a minute or two to explore the different metrics and views available.
Active Insight not only consolidates key performance and usage metrics from all your devices but presents them in a way that helps you identify potential issues before they become problematic. To save you time, warnings and other important information are grouped together at the top of the dashboard.
When issues do occur, timely notifications are sent to the account holder (likely you or your team email), plus anyone else you have set up via “Groups” in Active Insight. This means it is also easy to map specific devices with different colleagues, which is helpful when certain devices have dedicated maintainers or different priorities.
Figure 1: Easily add other users to groups to keep them in the loop about devices they manage.
Active Insight can also create routine reports, aggregating key information into reader-friendly PDF reports and raw data if you have a use for that.
Figure 2: Configure and receive good-looking status reports that can easily be shared, printed, and sent around.
About that password theft
We’re not done yet with Active Insight, but it’ll be a great time to take a pause and review all accounts with administrative privileges (and even user accounts with wide access to apps or folders). If you haven’t been using two-factor authentication, or are looking for one that’s easy (or easier) to use, take a look at what’s currently available on DSM 7.x.
Sign-in method | First step | Second step |
2-Factor Authentication (most secure) |
|
|
Passwordless (more convenient) |
|
N/A |
Traditional |
|
N/A |
Figure 3: Available combinations of authentication options, based on DSM 7.2 systems. Synology recommends implementing a 2-factor authentication scheme for all administrators and users.
DSM also has options for passwordless sign-in. As the name implies, it provides options to log into your Synology system or its applications without using a password. This raises your overall security posture by a smidge, mostly by making it simpler to push for stronger passwords and hopefully unique combinations.
For any administrator, we strongly recommend enabling two-factor authentication, which is available across all Synology applications, including Synology Drive, Office, Photos, and the Active Backup recovery portal. To enable sign-in approval, users can grab the companion Secure SignIn app from the Apple App Store or Google Play Store. If you prefer OTP, in addition to Secure SignIn, any 3rd-party authenticator apps (e.g. Google Authenticator, Authy, etc.) would also work. That being said, there are certain caveats that you should be aware of. File protocol access via SMB, for example, does not natively support 2FA nor any “passwordless” implementation. For that, you should continue to adhere to best practices, such as limiting direct file protocol access to LAN, gated behind a VPN for remote endpoints.
Figure 4: The Secure SignIn app doesn’t only provide one-time passwords and login approval. It also sends push notifications to inform you of logins to your account.
Rolling out Secure SignIn to some or all users is simple and can be done in stages. You can toggle the option to require advanced login options for everyone, select groups, or certain individual users and let DSM take care of the onboarding.
Figure 5: Users can be prompted to set up 2FA before the next time they sign in to their Synology applications.
Monitor suspicious logins
DSM 7.x and Active Insight are designed to provide a comprehensive overview of login activities across your Synology storage fleet.
The overview pages give you easy access to total number of logins per device, numbers, and types of suspicious login activities (based on, e.g., frequency, timing, geographical location, device used, or IP address), as well as rankings to help identify at-risk devices and a convenient log overview.
Figure 6: The dashboard view lets you check at a glance if login stats and usage are as you would expect across your fleet.
Is consulting a performance dashboard not your idea of a holiday? Luckily, by signing up for Active Insight, you enable automated warnings. These are triggered if the system detects successive failed, geographically distant, or non-standard logins on any of your devices, or if Active Insight in any other way identifies a login as suspicious. Did a forgotten user account just sign in after three months of quiet? No worries — you will get a notification.
Check-in on your backups
Cross-infections with malware, including ransomware, can precipitate massive data loss. That is, unless you keep up-to-date copies of your crucial data on different media and isolated from your main deployment — in other words if you adhere to a 3-2-1 backup strategy with good versioning. Remote, versioned backups are your best bet to get systems up and running quickly after an attack, natural disaster, or other calamity.
Hyper Backup should be your go-to solution to secure all crucial data, applications, and configurations on your Synology system, preferably with remote backups to a secondary NAS or to the cloud (where you can easily check and access your backups wherever you are). Of course, you make sure to check that all your backups are up and functioning before you leave, but Murphy’s law applies to IT, too.
This is why Hyper Backup tasks are also viewable on Active Insight. Visit your dashboard to view not only failed or incomplete backups, but also backup times, storage usage, and transfer sizes across your fleet. Make adjustments before issues arise, and you won’t ever need to be without emergency copies when disaster strikes.
Figure 7: The backup dashboard gives a clear overview of backup statuses, as well as the scope and size of backups for each device.
Needless to say, backup monitoring in Active Insight also comes with automated emails and push notifications in case backup matters take a southern turn, custom warnings can be configured, and you can choose to receive periodic summaries in easily shareable PDF and CSV files.
Interested to know more?
Explore the features yourself with the interactive demo, check this guide for the steps to set up different Active Insight functionalities on your devices, or simply sign in directly to the online dashboard using your existing Synology Account to start protecting your Synology devices better.