Start with the basics:
- Harden SSH by only allowing public key authentication and use strong keys to authenticate instead of passwords.
- Setup fail2ban (lots of online resources, check Linode guides) to block malicious IPs temporarily.
- If the data you store is something only you should see, then it should not ever be connected to the internet, airgap wherever possible.
- And finally, keep your shit updated.
99%. These are the PYONGMEI branded headphones we see in amazon