How to secure my organisations codebase?

We are a small tech startup. Currently, we have the entire codebase hosted in a private GitHub repository. Is this a good solution going forward (as we’re planning to expand the team rapidly) or should we shift it to something more secure?