I do the exact same thing. We did two things to keep our site secure:
- Require Login. Not everyone at the “company” (university in my case) should have access, only certain staff, so we restricted access this way.
- No port 80 access through the firewall. You cannot access Discourse (or anything on the specific server for that matter) from outside the company network. This includes search engines (who are already prevented by #1, but I digress). If an employee needs access offsite, they use the VPN.