A few suggestions:

1. Enable directory security forcing password logons.
2. Change your default TCP port to something besdies 80 (makes it harder for port scanners to find your web server).
3. Install firewall software such as ZoneAlarm and restrict the IP addresses that are allowed to ener your web server.