There is so much to go over regarding hardening an operating system and overall making a secure/stable network for your business or as an individual. For this topic I am going to avoid specific operating systems and primarily talk about a more generalized approach to hardening/securing a stable network and system OS.
First and foremost it is important and ideal to install a trusted OS/ISO to your system. This is important because without a trusted OS unwanted bloatware can be not only be system demanding (regarding subprocess's), but also vulnerable towards attacks. Also certain bloatware/subprocess can be malicious depending on the OS/ISO installed.
Keeping your system up-to-date regarding system patches/updates is also vital. This includes driver patches/updates and all application patches/updates too. This can be easily achieved by setting up automatic updates which is also recommended.
To continue, installing a trusted anti-virus and firewall will not only stabilize your system/OS but also actively keep it secured from threats/downloaded media. Being cyber-safe can also help with security as anti-virus and firewall applications are not 100.00% guaranteed to stop all malicious media/applications if installed.
Finally, the steps above are just a generalized approach to hardening your OS and network, but are the three most important steps (in my mindset) to achieve this.
If you would like an in-depth hardening guide specifically regarding windows operating systems, this is by far the best guide I have found online and is the most trustworthy. If the hyperlink above does not work the url is, https://www.cyber.gov.au/acsc/view-all-content/advice/guidelines-system-hardening