Make sure that your router's admin password, the password that protects administrative functions accessed by web GUI, telnet command line or ssh or whatever, is changed from the default to something appropriately strong.
Don't allow access to the admin functions of your router from the internet, not unless you filter or lock down the range of IP addresses that are permitted to log in.
Even if you think to yourself, there's no problem, as there are no evil users on my LAN, that's not really good enough these days as there are malicious JavaScript programs in web pages that will attack your router and reconfigure it to be evil by for example changing the DNS server settings or possibly worse.