You haven't really defined what you mean by "how safe for your data are they". In your first post you mention the near loss of months of data from a broken hard drive, in your second you worry about it being stolen by a big corporation.
It sounds like you need a decent backup solution, and you need it yesterday. Technology goes wrong, and people fuck up, if losing data is going to be more than a mild irritation then you can't just put it on a drive and hope that it's still there tomorrow. There are a lot of good pointers above, but you must understand that if you just put your data on a NAS that does not make it safe from getting lost. It's just a hard drive, it can go wrong just like any other. If someone accidentally deletes all the data from spreadsheet and saves that to the NAS - bang, it's gone, you're not getting it back. No matter how "in control" you think you are by running your own storage solution.
You have two solutions:
1. You can hire someone who knows what they're doing to install and run a storage solution on-site, with hourly backups, nightly off-site backups, multiple redundancy, etc. Set up a VPN and train your staff to only work on files over the VPN.
2. You can purchase the equivalent services from a big company as suggested above. And no, it's not the same as when you tick the box to tell Google "please follow me everywhere so you can suggest a coffee shop and sell advertisers my taste in donkey porn". They are selling these storage services by their security, as MrCharley says, to some of the biggest companies world-wide.
Think about it. How much will data loss cost? When you get the monthly payroll, do you give a stack of fivers to the tea-boy and tell him to stand in a windy field and count it out? Well that's the equivalent of what you're doing with a month's worth of work on a hard drive or a self-installed NAS. Or do you let the bank do it? Despite all the evil bankers and 2008 and scare stories about bank fraud, realistically it's the safer thing to do.