These are some general things that you should consider:
Create regular backups and check whether they are fully restorable
Run regular updates, both for Moodle and server OS code
Enable firewalls
Review open ports
Force secure passwords
Check file permissions
Your Moodle site security settings are available by navigating to Administration | Site administration | Security.
The IP Blocker page allows you to configure an Allowed IP list, a Blocked IP list, and tells you which list to process first. This is useful if you want to limit your Moodle site access to block access from IPs, which are sending you disruptive traffic.
The Site policies page allows you to configure a great many security settings, including but not limited to forcing log in, user file space limits, allowing EMBED or OBJECT tags, specifying username characters, Acceptable Usage Policy (AUP) settings, cron settings, account lockout settings, and specifying required password characters...