As system administrators we use NIST for quite a few references. Namely, the NIST National Vulnerability Security Database. NIST has established standards for just about every facet of Information Technology.
There is so much uncertainty for some consumers of information technology especially when one is not trained in the finer points of a technology. NIST is a well known source of information in the IT Community, and is a government agency with the United States Department of Commerce. This is a trusted source of information for security vulnerabilities and IT Standards.
For a small business with limited resources the first step is to document your environment so that you have a baseline and something to compare to the standards, or gold standard to work up to.
Having an authority and/or someone with experience can save you time and prevent security mishaps. NIST is just one place to consider for information but it is a great starting point. Consider NIST a great resource to baseline to Security posture for your organization.