The biggest risk is probably 0 day or just a uncorrected vulnerability in the CS: GO server software.
Against a 0 day, you're pretty helpless. You can give the user running the CS: GO process with as few permissions as possible. If your server is compromised, the attacker can only act with the permission of that user, as long as he also does not exploit a local elevation of privilege. Being the victim of such a 0-day is not very likely, but it is always a residual risk when exposing a service to the Internet.
To avoid being compromised via an uncorrected vulnerability, well, patch your CS: GO server regularly. Find out where users are notified of new fixes and vulnerabilities and monitor these sources. If you can't fix it immediately, consider stopping the server until you can fix it.
In case you don't offer the server 24/7 and mainly play yourself, stop the server when it is not needed. Reducing the attack surface also means reducing the service uptime.