1. After initial login always make another account thats not root 2. Remove the ability to ssh into your server. Make it rsa key login only. Non-technical description: don't let people use username and password for ssh 3. If using aws make a new .perm per instance group. Por ejemplo you manage a bunch of servers for AwsomeCo. Make an 'AwesomeCo.pem' file and save it in your records for that company 4. For static sites really evaluate if you need a "whole" server. You can host static sites on s3 and people can't even tell the difference 5. Tag things\....every platform has a way to tag "resources". Come up with set key-value pairs you will use across platforms. Ex keys would be: name, team, reason, region, poc 6. Before creating new things for teams set up IAM. Dot all ya "i"s and cross ya "t"s. Easier to do this first vs doing things as you go 7. If you can use a linux/unix based command line. Windows has the ubuntu command line on the store you can use. Nit sure about you but terminal ssh feels easier than putty (easy = less clicking) 8. Change server 'hostname'. You not going to remember the ip but you will remember 'Co-billing, Co-website, Co-wordpress,ect.' 9. If you maintain a lot of servers you might want to alias them locally. You can use the same format as the hostname if ya want. 10. Get an SSL cert as soon as the A record or whatever is configured