Securing your own server for remote access

I would like to know what recommendations forum members have for securing their servers for remote access? As a small startup business having an open ssh port, even with a strong password is pretty insecure?

Turn off password access in sshd_config and just use key auth. Make sure all ports except ssh are closed. Those two things cover the biggest issues, but of course there’s plenty more (keeping software updated, for instance!)