Keep updated, subscribe to the security list, read and follow the fine manual:- https://www.debian.org/doc/manuals/securing-debian-howto/