There is no such thing as a 100% secure website... so the question "are these enough?" is not really the right question to ask. Although I do understand why you ask it.
There is no silver bullet, where if you do x, y and z you will be safe and secure for the rest of your life.
Drew and bcworkz have made some very good suggestions.
The codex is a very good resource on Security, and you should read it.
Backups are essential. But you have to have a good backup strategy and make some sound decisions on how often and what you backup. Think about the fact that you might not know about a security breach until 2 - 3 months after it has happened... so you need to store a reasonable number of backups... I've written an article on this at http://www.wpsecuritychecklist.com/wordpress-backup-the-plugin-and-the-plan/ which should be good reading regardless of which backup plugin you use.
Shared hosting could be more risky than a dedicated server... unless that dedicated server is not kept up to date with OS, Web Server, Database Server and PHP... in which case you might be better off on a shared server where the environment is kept up to date...
So there are many questions to answer when it comes to WordPress Security. I have tried to cover as many bases as possible in The WordPress Security Checklist, which you can get for free at http://www.wpsecuritychecklist.com/
Yes, I have written it. But it's free and if you don't like it I'll refund your money :-)
It does sound like you have done a lot of good things to secure your site though...
Make sure you have a good baseline backup and don't panic!