Roughly, I’d set up a new WP instance, installing it on an internal server that is not visible to the ‘outside’, and protected from outside use via firewalls.
If the info is just for you, you can use htaccess rules to deny access to all but your own IP address. You’d probably want to restrict access to your local subnet as further protection. You could even password-protect (via htaccess) the root folder of the WP instance.
Then, strong passwords (and a user name that is not ‘admin’) with no other users allowed (if just for yourself).
If you need access from the ‘outside’ (as from home to the WP instance at work), you should set up secure VPN access, with perhaps access only allowed to your home IP.