Safety / security of contents of word doc on MacBook Air hard drive

To add to the others' responses, if you are your father are concerned about security of what's stored on his Mac, the very first thing he should be doing is using FileVault: Encrypt Mac data with FileVault - Apple Support.

Why? If that Mac's data are not encrypted, and you should ever find yourself in the unfortunate position of not being able to turn it on for any number of reasons or if the Mac should ever become lost or stolen or you just want to dispose of it or turn it in for recycling, then its entire contents can be retrieved — with varying degrees of difficulty ranging from trivial to "some effort required." FileVault slams the door on all of those possibilities, provided his login password is not something easily guessed.

File encryption is performed by default in hardware on newer Macs, but you did not indicate which model he has.

So: Step 1 is enable FileVault.

Venturing off topic a bit, if your father is concerned about losing the documents stored on his Mac, they need to be backed up: Back up your files with Time Machine on Mac - Apple Support. Use encryption when asked for the same reasons: if an unencrypted backup should fall into enemy hands, it can effectively be used to create a duplicate of the Mac it backs up.

Someone hacking through the router firewall is not the only risk.

There are scammers out there who prey on the unwary, especially on those who are elderly and not very familiar with computers. They will call victims, falsely claiming that they are Tech Support people associated with a well known company like Microsoft, Apple, or an anti-virus software company who just want to help. (Or, alternately, that the victim or a distant relative is in hot water, and the victim better pay up … or else.)

One of the things they like to do is to convince victims to download and install remote access software, which lets the scammers see (and maybe even control) the victims' computers as the scammer guides the victim through the steps of emptying their bank account.

The defense against these scams is to recognize the calls as such, and HANG UP, without providing any of the requested personal information or installing or running any remote access software.

It is best not to say even "Yes" or "No" in response to a suspicious call from someone you do not know. (Or to even answer the phone in the first place, if you're pretty sure it is a telemarketing or scam call.)

https://consumer.ftc.gov/articles/how-avoid-scam

When you're using your router's WiFi, you are on the user side of the firewall. No one on the public side can see any devices on your side of the router.

The only way that could happen is if someone knows the login password for your router so they can be on the same side of the firewall as you are.

You're welcome. 🙂

I'm well aware of that.

The question was if anyone could directly access the data without the user's help. The answer is no.