1. If you are going to use a cloud-based server, make sure they are monitoring and patching the Spectre vulnerability and its variations. Cloud servers are especially vulnerable. This vulnerability has the ability to bypass any security measures put in place including encryption for data that is being processed at the time the vulnerability is being utilized as an exploit.
2. Encrypt everything possible. Salt and hash personal information in databases. Use strong encryption for sensitive files and data.
3. Review and tighten up file access for each service. Too often accounts with full access are used to ensure software ‘works’ because they had permission issues in the past. If possible, each service should use it’s own account and only have restricted permission to access what is vital and only give the minimum required permissions.