As a business owner, ensuring the security of your IT infrastructure and customer information is crucial. Here are some steps you can take to handle your business IT and information security needs:

1. Conduct a risk assessment: Start by identifying potential risks and vulnerabilities in your IT systems. Assess the potential impact of these risks on your business and prioritize them based on their severity.

2. Develop a security policy: Create a comprehensive security policy that outlines your organization's approach to information security. This should include guidelines on data handling, access controls, password policies, and incident response procedures.

3. Train employees: Educate your employees about the importance of information security and provide training on best practices. This can include topics such as identifying phishing emails, creating strong passwords, and securely handling customer data.

4. Implement access controls: Restrict access to sensitive information by implementing strong user authentication mechanisms, such as multi-factor authentication. Grant access privileges based on the principle of least privilege, ensuring employees only have access to the data they need to perform their job functions.

5. Encrypt sensitive data: Utilize encryption techniques to protect customer information and payment data both in transit and at rest. This ensures that even if the data is intercepted or stolen, it remains unreadable without the encryption key.

6. Regularly update and patch software: Keep all software and operating systems up to date with the latest security patches. Vulnerabilities in outdated software can be exploited by attackers to gain unauthorized access to your systems.

7. Backup and disaster recovery: Implement regular data backups and test the restoration process to ensure your business can recover from potential data loss incidents. Consider using offsite or cloud backups to protect against physical damage or theft.

8. Implement a firewall and antivirus software: Install and regularly update a firewall to monitor and control network traffic. Additionally, deploy reputable antivirus software to protect against malware and other malicious threats.

9. Monitor and log activities: Implement a centralized logging system to track and monitor activities across your IT infrastructure. Regularly review logs for any suspicious activities or signs of unauthorized access.

10. Engage with a managed security service provider (MSSP): If you lack the expertise or resources to handle your IT security needs internally, consider partnering with an MSSP. They can provide services such as network monitoring, vulnerability assessments, and incident response support.

Remember, information security is an ongoing process. Stay updated on the latest security practices, regularly review and update your security measures, and adapt to new threats as they emerge.

It's always a good idea to consult with an IT professional or cybersecurity expert who can assess your specific business needs and recommend appropriate solutions.