Start with the basics:

• Harden SSH by only allowing public key authentication and use strong keys to authenticate instead of passwords.
• Setup fail2ban (lots of online resources, check Linode guides) to block malicious IPs temporarily.
• If the data you store is something only you should see, then it should not ever be connected to the internet, airgap wherever possible.
• And finally, keep your shit updated.