Your number one protection is a super long and complex password (that you better backup on several jump drives if your memory is as bad as mine, LOL) CAPITAL LETTERS, small letters, numbers and dingbats ( ^&%^%$ ) When you enter them in the command line, you'll undoubtedly have to put your password in " " or ' ' to tell the command line it's one entry.
After that, again, a super strong passphrase for your account with whatever service (such as Amazon) you use.
Then limiting access to your server (closing all ports except the ones that are required, and only open to limited people) Such as port 9999 open to all, and 22 open only to your personal IP address. if you have a dynamic IP address, it's ok, you can access the amazon control panel and change those security requirements (hence the need for a secure password for your account) Fail2ban requires a static IP address, but you can create one by making a domain via No-IP which routs your current IP address to a domain name you make up with this program, and so it keeps your limited port open to your network regardless of whether or not your ip service provider changed your ip address.
Finally, Fail2ban (weird name, says it fails to do its job, LOL) will ban any computer trying to "break in" or is DDOS'ing your ip. It blocks the ip address attacks are coming from which keeps your node open and available to do it's work and get paid
One last thing, you can use a remote wallet, which means you can have a wallet with all your coins on your home computer, and link it to the server. Some people feel better that their coins are at an IP address other than the one listed everywhere for the server. However, you'll still want to be sure your home computer has no malware.
Finally, in the future, Evan said he will make it so that the local wallet at home can be taken off-line once the masternode is started. It used to work when testing, but it wasn't a real feature, more of a bug, and right now, it is not working on the current implementation of Masternodes.
Thanks! And keeping the local wallet off-line is something I'd definitely feel more comfortable about. I hope he adds that back. The remote wallet thing is probably what I may do, but I assume that means that wallet needs to be on/connected all the time linked to the server? I guess that is where a raspberry pi type of thing could work, assuming there are even linux wallets that work on it?
And I definitely will need to write down any complex passwords. It once took me like an hour just to figure out some nxt clone password phrase I entered one time.... going through tons of combinations. I tend to forget which password goes with which coin.
You're funny.
I'm so sorry! If I had a mac and could do this, I'd do it to keep everything up to date, but I can't 
all the way down to 0.0179.
Hope you will lost your DRK and never bay them back 