Windows comes with encryption if your using PRO/Business Editions FYI. The problem with the NAS is, if it doesn't have the encryption 'onboard' the hardware, it doesn't know what to do / what it is and can cause the RAID to break (the High Risk I mentioned). As the link I provided gave a example and as there is other examples out there, you could encrypt a 'folder' on the NAS using several encryption software solutions and only the key inputted by the user would be successful in penetration even if the NAS was stolen. I would suggest if there is a high risk of theft that the location of the 'hardware' be secured down physically as well.
Numerous steel locks (unless your a targetted specific company) and cabling is fine for normal theft stopping (remember they are under the clock, the longer it takes the more likely they will be caught, so they normally are 'smash and grab'). Next would be a open steel meshed case, so the equipment is both visible (cameras), locked away from any access, and yet still 'breathe' and not overheat. This also is true for all the computers themselves, encrypted or not, they are MORE likely to just 'pawn them' then anything else not caring about data intrusion (again unless specifically targeted for Espionage). The same 'steel' case cane be put around the computers cases themselves as well, drilled into the furniture, and thus would need (like a ATM) to carry the whole thing out to 'steal' a computer.
Assigning Laptop would be more economical and secure, as the normal business process would be to unplug them all and then secure them in the vault, safe, cage, etc. Also would keep your Uncle 'modern' as many 'customers' may wish a 'in person' or other 'locational' visit, which then your Uncle and staff isn't 'hindered' being tied to a desktop and can carry their information with them for the client.
Physical threat analysis is limited, as there comes a point to the cost vs benefit ratio depending how hardcore you want to go. Like for example what is the point of having WIFI if your hardwired everyone? Personally this is where benefit crashes into cost, as the ability of the 'mobile workforce' and being able to just 'pick up' a laptop and walk it into a conference room with a client is MORE business savvy then being 'tied down' to a wired connection (and much less likely to cause the wired port constant plug / unplug breakage).
I see where your trying to help, and as a Engineer, I seen wonderful stuff provided, but when it comes to 'customer service' and 'doing business' there is a crux point one needs to balance between the 'absolute security' you COULD do, and what security you SHOULD do.