You need to give more details on your setup. It really is based on what OS your using.
Generally speaking. I would look up on steps to secure your web server and implement that.
If you do open it up to the cloud you need to have your firewall close all ports except the one's needed 80, 995 etc. The biggest one that most people forget to do is "hide" the apache version your using. A quick google search can get you setup on that.
Personally I like to have a honeypot setup.
You can activate "captcha" when creating tickets. Go to Settings/Tickets...Human verification