Assuming you are not using a control panel and going headless, then:
1. Create and add ssh-key, so you do not use password login by ssh
2. Set root login in sshd_config to 'without-password' Or create a sudo user and set it to 'no'
3. Install CSF and tune the csf.conf, take your time to read the csf.conf carefully to set optimally
4. Check auto update settings, look for automatic updates from ubuntu community online docs.
5. Make sure you reboot every so often, once every month to 3 months to get the latest kernel updates. OR use ubuntu pro, which is a paid subscription in general.
Depending on what the use case is for your server, there are other optimizations you can do... Will vary.
If you plan to create and manage many servers, consider using ansible or something like it to manage the server configurations and updates/reboots.