Don't know you exact situation but this work can be expensive. But there are a few options.
1.) Most Expensive way is contracting a information security service provider to do the work.
2.) Getting an assessment done buy a information security product re-seller... This may not get you an deep dive, but most will come in and provide input for free as they want to sell you products.
3.) Do a self assessment... Use open resources to guide your decisions.
Sans Top 20 Critical Controls:
Designed to be mostly implemented in order, but 1 to 5 and 12 will reduce most risk. Each section has good information plus lists of some quick win controls.
http://www.sans.org/critical-security-controls
Australian Government Top 35 Strategies:
http://www.asd.gov.au/infosec/top-mi...2014-table.htm
Vulnerability Assessment Software:
If a small business there is a free community edition for less than 32 IPs
https://www.rapid7.com/products/nexp...-downloads.jsp
If you have any questions please feel free to ask.
Chris