Most NAS aren’t designed to be exposed to the World Wide Net. The login page isnt designed to handle things like DDOS or brut force attacks. Most of them don’t have 2 factor login option built in.

This plus, the fact you are exposing all of your data via this web interface. Allowing hackers to easily crypt mine/delete/steal your data.

I know this is a feature in Unifi, but disabling access from countries with know bot farms (China, India) etc.
Unless you need access to them.

SSH port really doesnt matter. If it is an exposed SSH port, it will probably get picked up if its 69 or 22.