The greatest risk is probably a 0 days or just a patch-less vulnerability in the CS: GO server software.
Against a 0 day you are quite helpless. You can give user running CS: GO processes as few permissions as possible. If your server is compromised, the attacker can only act with the permission of this user, as long as a local privilege escalation does not exploit as well. It is not very likely that you will be the victim of such a day 0, but it is always a residual risk when exposing a service to the Internet.
To avoid being compromised through an unpatched vulnerability, well, patch your CS: GO server regularly. Find out where users are informed about new patches and vulnerabilities and monitor these sources. If you can't patch immediately, consider turning off the server until you can patch it.
In case you don't offer the server 24/7 and play mainly yourself, shutdown server when not needed. Reducing the attack surface also means reducing the time that the service is available.