1. Use strong FTP password.
2. Use strong host password.
3. Use strong website Admin password.
4. Use updated CMS and plugins.
5. Avoid file uploading tools for users.
6. Use an updated antivirus on your computer.
7. Use a trustable hosting company. If possible, a dedicated server is safer than a shared one.
There are some tools like websitedefender.com that are useful to be alerted on important changes on a website. It can help.
There are some companies that can secure a website but beeing 100% secure is something almost impossible.
Hope it can help you.