The best thing you can do is to contract a good company or a good security analyst to verify your server, source code and everything involved in your product. The cheapest way to do that is execute a white hat security assessment. If you have some security consultants working with you, ask to them review your source code and verify the patterns that your programmers are doing wrong.
Once the security consultants find wrong stuff in the source code, they could teach the programmers do the right way. Security must be frequently studied by your team. Of course you need some specialist, but if the company has a small team, everyone can grow together.