If you are REALLY paranoid, there is an additional step you can do if your router supports it, called MAC address filtering. Every network device has a unique identifier called a MAC address. It will usually appear on the device and typically looks like six groups of two characters separated by hyphens or colons. With MAC address filtering, you give the router a list of specific devices that you authorize and those are the only ones that can connect. Depending on the implementation, the router may allow a physical connection (e.g., via Ethernet cable), with MAC address filtering enabled on the assumption that the purpose is to keep out remote users, not users physically there.
The typical process for doing this is to access the router menu by entering an IP address in your browser (the IP address is a series of four numbers joined by periods that you use instead of a "friendly" name that starts with
http://...). The IP address would be specified in the router user manual. You will generally need to enter a password. The default password will be specified in the user manual and it is a smart idea to change it once you are in (and make sure you can recall it later or there will be no way to change or add to the filtering list).
There will typically be a menu of things you can access and change (don't mess with any settings you are not familiar with). If MAC address filtering is supported, it will be a menu item. If you go to that page, there will be a table where you can enter the authorized MAC addresses. Be sure to enter your own computer's MAC address; otherwise, you may have no way to connect to the router or to undo it once you enable the filtering. Worst case if you get locked out because of the password or filtering, you can always reset the router back to factory settings but you might then have to reconfigure some stuff.