Our top 5 recommendations for server administrators are
1. Always use the latest version of the OS and the software and ensure your software has active support.
2. Install and use only services you need. Left over services which you dont need can often lead to open doors which are not being managed as you are not using the service.
3. Restrict and toughen access, from firewall, who gets SSH access, 2 factor, brute force protection etc where-ever required.
4. Use non obsolete encryption at all places. From encrypted passwords, HTTPS, SFTP, to how your application connects to the database, to data at rest encryption. By non obsolete we mean use SHA 512 with salt instead of just MD5.
5. Have a good backup system including remote backup. Dedicated Mirror servers, or cloud image backups, with backups being pushed to remote locations and archived over for few days, giving you ability to go back at from 1 day to at least one week behind.
As a bonus extra tip, enable required levels of logs for auditing. It's a terrible feeling when things go wrong and you realise you cannot diagnose the issue, because those specific logs were not enabled.