Feasibility & server security of ERPNext in LAN-only setup?

I’m contemplating setting up & testing ERPNext in Ubuntu 16.04 server in Virtualbox on my (win10) computer. Should I be concerned with ‘securing & hardening’ this server given that it’s only on my LAN at this point (behind a firewalled / password-protected router). … Specifically: do I need perform all 20 or so steps required for a machine to “face the world internet”… or can I just install Ubuntu server 16.04, install ERPNext and work with it as such? … I figure only installing openssh on ubuntu and running ERPNext install scripts would be sufficient unless advised otherwise.

On the day I decide to ‘go live’, I will opt for a paid hosted solution and purchase a user license from ERPNext.

I assume that the ERPNext instance on my computer could be easily ported to the hosted solution? Please confirm.

Thanks in advance!

Or you can use the vm image. https://erpnext.com/download