If you reset config to factory default with a fairly recent version of Routeros (i.e. 6.42 or newer) and you see around 10 firewall filter rules (as opposed to none), then you’re quite fine to go online. Assuming that the device wasn’t hacked before and that you didn’t disable or reorder firewall rules …
It’s a good point to start with.
You can improve it further: https://wiki.mikrotik.com/wiki/Manual:Securing_Your_Router
What is important is that you go through each filter rule and understand their purpose, it helps understand how the router works.
/ip firewall filter
(input chain, traffic to the router itself)
(forward chain, across the router (lan to lan, lan to internet, internet to lan)
(output chain, traffic from the router itself - rarely used)
/ip firewall nat all come down to two methods of mapping packet IPs, to different IPs, normally as described below, but think of this as being applicable everywhere
Source Nat private LANIP mapped to your public WANIP
Destination Nat public WANIP addressed traffic mapped to a private LANIP (server for example).
Netmap special case for one to one mappings of blocks of IPs
/ip firewall raw - this is stateless rules blindly applied before any other firewall rules so be careful using. You could block legitimate traffic easily. Very efficient in that is consumes least CPU cycles when blocking traffic.
/ip routes - very key to the setup. YOu will see an entry here the router made by defautl and is associated with your /ip dhcp client settings (you will see a checkbox marked stating create default route).
The key here is that source nat only tells the router how to map IP addresses it doesnt actually move traffic. IP routes does, so they work together but are separate functions.