Good security is about defence in depth, layers of security. There is no one thing that will make you secure but one of the easiest things to do that gets you the best bang for your buck is patching your software.
On windows this is called Automatic Updates, in Debian it's called Unattended Upgrades but it's essentially the same thing. There is an Unattended Upgrades page on the Debian wiki that is pretty good. Enabling updates basicly boils down to:
sudo apt-get install unattended-upgrades apt-listchanges sudo dpkg-reconfigure -plow unattended-upgrades vim /etc/apt/apt.conf.d/50unattended-upgrades # Edit line 71 to send emails to a monitored address
If your current update strategy is to SSH into boxes and run
sudo apt-get update && sudo apt-get dist-upgrade whenever you remember then you should look automating it with unattended upgrades. Of course a full dev > test > production patch cycle is best for large mission critical things but for small setups like the one box that runs this website unattended upgrades are perfect.