There are numerous ways to help improve security on your Windows server. Starting with the basics, we strongly recommend the following:
1) Keep your Operating System and all software completely up-to-date
2) Configure and actively use the Windows Firewall and additional security applications to monitor and filter malicious connections
3) Change the Administrator username
4) Disable all services unless required for your server's functionality
5) Disable all anonymous connections to the server and it's services
6) Randomize the ports used for each of the following services:
- RDP (Remote Desktop)
- SQL
- FTP
7) Restrict access to services by IP Address (especially RDP)
8) Monitor your server logs and 'Event Viewer' for illegitimate connection and login attempts
Ther are numerous articles on the Microsoft knowledgebase regarding these topics and many more:
https://technet.microsoft.com/en-us/library/cc995076.aspx
https://technet.microsoft.com/en-us/library/cc526440.aspx