As @ski522 has said - you don't have to do anything to your RPi.
Technically correct, but if you don't want every script kiddie and their mother launching DDOS attacks from your Pi, not to mention having a backdoor into the rest of your home network, you'll at least change the password on the Pi to a secure one first. It would be better to use a different user name as well. Remember, by opening either of these ports, you're opening up yourself to the rest of the Internet getting to your Pi. Better install a solid door so they can't just walk in.
Back when I had SSH open to the Internet (for my own use only) I was getting hundreds of login attempts per day. They were trying common usernames, and I assume had a list of common passwords. I'm 100% certain that by now "pi" and "raspberry" have been added to that list. Don't even consider leaving these as default.