Server security is very important. This is to ensure your server is patched up with the latest security updates and to make sure only authorized people have access into the server itself.
For web servers the security can be seen as two elements. The front end and back end.
Typically the front end would be the website itself, where by you would update your front end CMS (WordPress, Joomla, Drupal) and any additional plugins you have. It is also advisable for you not to use the default usernames such as (Administrator, Admin, Root) as these are the most common usernames. As for the password for the front end, you should follow normal password recommendations such as having a mixture of uppercase, lowercase and numbers for the password.
The backend is also very important. It would contain all the files and permissions and the database. Having a secure backend is vital. Typically the back end is updated automatically, cPanel updates its backend automatically when ever there is an update available. This can be useful, however it can also cause issues. Updating the backend means changing the version of the backend. If your front end requires an particular version and the update changes this, it would render the front end to be unavailable. Some people prefer to update the back end manually, or choose to update it at an later stage to ensure the front and back end is compatible. Of course, this would put your back end at risk until the update has been performed.