As part of the setup of the local network, File-and-Print Sharing is installed in most cases, with sharing of the disk(s):
And on most private networks, passwords are usually not defined.
Lets have a closer look to the network configuration:
we need to check the combination "TCP/IP -> Dial-Up Adapter" (which is used for the Internet connections):
And this is the security problem: when installing "File-and-Print Sharing", then Windows configures by default a Binding (=connection) between each protocol (in this case the TCP/IP used for the Internet connection) with the "File-and-Print Sharing" !
Result: your system is wide open for connections FROM the Internet, everybody knowing your IP-address can now connect to your disk !
as minimum protection, define at least a Sharing password for your disk.
Better: do NOT allow a connection from the Internet to your local disk
Un-check (= interrupt) the Binding between the TCP/IP protocol used on the Dial-Up adapter with the "File-and-Print Sharing".
For a higher level of security, you need to install a Firewall.