Step 1: Be Informed:
The Joomla project takes security seriously and even has a dedicated taskforce team responsible for keeping the CMS secure. To get immediate notification of when there is a new security release available, you should either subscribe to the Joomla Security Center newsfeed via email or RSS. For security related news I always prefer to be notified by email as I do not use a feed reader that often.
Step 2: Backup & Test Regularly:
Disasters happen all over the place, and your website is not immune them. As a webmaster, you should get into the habit of making regular backups of your Joomla website. Backups should also be made before you perform a security upgrade. You should also take time to ensure that your backups are valid and working copies. Fortunately, there is a popular Joomla component called Akeeba Backup that allows you to backup your site quickly and easily. Akeeba core is completely free and there is also a nifty Akeeba kickstarter utility to help restore your made by akeeba backups. The Akeeba Professional (paid) version even allows for cloud backups, encrypted archives and much more. Always remember to test your backups by running the kickstarter utility to ensure you have everything and it works as expected - especially before doing an upgrade.
Step 3: Supercharge with Joomla Admin Tools:
They say "Admin Tools is a true Swiss Army knife for your site". With Admin tools and Akeeba backup in place, you can perform an both a backup and an upgrade to the latest version of Joomla at the same time. This handy time saver is a must have for any Joomla website. Admin tools free also provides a host of other security related features such as fixing file and directory permission nightmares and database optimizations. The Professional version provides even more security related functionality that one can make use of to strengthen their defenses against hackers.
Install Admin Tools to easily update your joomla site core and keep it up-to-date.