hi @HansG welcome to the forum 
yes - upgrade to supported version 
there are some options especially reverseproxy which can be used to add another security layer. sso could be another option. both options are pretty complex so I don’t think you can add one of them faster than Nextcloud upgrade (I don’t use native install but from discussions regarding php74 I’m under impression is not hard to install php8 on Debian 11).
Hopefully this helps: HowTo: Upgrade to Nextcloud 26 on Debian Bullseye
Maybe the simplest option would be to block external access and use vpn - I started with Docker Wireguard container in minutes and now it’s integrated into fritzbox. If you block external access beware of letsencrypt certificates if any - access from the internet required to refresh the cert!