This is a short list, largely borrowed from digitalocean

Log in with your provided root credentials

ssh root@

Create a user (just hit enter and skip the info if you want)

adduser username

Enable the user to use sudo

usermod -aG sudo username

Disable root SSH login

nano /etc/ssh/sshd_config

Modify the file like below. Pick a high port number between 1024 and 34627. Hit ctrl-x, ‘Y’ and finally hit enter to save.

PermitRootLogin no  
Port 12345

Finally reboot and log in with the new settings

ssh username@ -p 12345

From now on we might need to use ‘sudo’ to run certain commands. You might want to consider using a ssh key instead. As it is more secure.
[TODO] Insert that info.

If you do not use a external firewall you might want to use a software based one.
Check digital oceans guide for more details.
Here are some example commands

   sudo ufw allow 12345  
   sudo ufw default deny incoming  
   sudo ufw default allow outgoing  
   sudo ufw enable  
   sudo ufw status

   sudo ufw deny  
   sudo ufw status numbered  
   sudo ufw delete 2  
   sudo ufw delete allow OpenSSH  
   sudo ufw status verbose  
   sudo ufw reset

Lets reboot and check if everything is working with

sudo reboot

Update everything

sudo apt-get update 
sudo apt-get upgrade  
sudo apt-get dist-upgrade