Is there a way to add more security to a NAS?

I transferred from using a hard drive in my system to run an ad-hoc media server to a NAS for my house about 4 months ago.  Basically just so I could listen to my music or audio books wherever I am (usually in the yard but sometimes halfway across state) without the need to change out books and music on the phone memory card.  The week after I started using it, I was hit with unauthorized usage and they downloaded a movie.  I know it was my fault as I allowed it to broadcast on my wireless router without the need for a password to access it (very stupid mistake as I saw the setting and left it checked.)  So of course I got hit with high data usage as the programming for the NAS allowed 3rd party connections to bypass the password in the router and use my internet. So I unchecked the box.  A few months later, I ended up copying my music and audio books to a temp drive and I added 2 more hard drives and upgraded the size to make it a redundant raid system.  That allowed me to put documents, family pics, family videos, and other on the go items to the NAS wherever I was.  So, I had to reinstall the settings and protections into the NAS box.  Then, I get hit again!!! This time they went for a game, and I already have a legal copy of it (got bored with it actually so they could have just asked me for it.)  And I know it wasn't broadcasting in the clear again.  There is a browser that gives access to both the file system of the NAS as well as access to the internet (I can't turn it off as it is part of the plex media server.)  But not sure on how they got in this time.

My question is, is there a way where I can block a NAS from being used in this way?  I started using media servers due to the size of audio book files and added music in just for the heck of it.  Is there a way to lock it into it into certain devices and not just let anyone else enter?  Or some kind of verification I can add besides just the one password?  I am currently 3rd party on the modem and router so they're not Cox issued, but I never noticed any breaches through them.  So I'm figuring that it has to be through the Netgear NAS.

I'm basically a self taught computer freak, so I can probably be talked through whatever procedures I need to follow.  If anyone has any advice, I would appreciate it.