A few simple practices you can apply that will take you towards the goal of bulletproof-security.
The subject of security will be everlasting, as long as the internet and people exist. Security will never be satisfied; after all security is a learning, changing, fluid process. There are however, a few simple practices you can apply that will take you towards the goal of bulletproof-security. This is not a complete list, but something to get you started.
Servers hosting Ruby on Rails applications:
use encrypted backups of every database to an external service (e.g. Tarsnap)
host your user-generated content somewhere in the cloud (e.g. Amazon S3)
use automatic security issue detection (static code analysis; e.g. CodeClimate)
regularly review from devs not related to project (3rd person perspective)
upgrade libraries regularly (bundle update every now and then; CodeClimate watches your Gemfile for vulnerabilities in gems too!)
order pen tests every few months (preferably from an external company)
In reality, this list should be 3 times longer and include multiple solutions. Those are, however, the simplest things we chose to get you going. Let us know in comments if you think this basic list is missing something!