You are overwhelmed and so am I. This is the state of IT, especially in one-person shops. So, how do we begin to address the dozens of things we know we should?
And as far as security, making progress often seems impossible. One of the key problems is that in small businesses we don't have dedicated security personnel, we do it all- but we are judged almost exclusively by the overly simply question "does it work?". Not "is it secure?", nor "is it compliant?", just "does it work?". This makes spending the time to plug holes and getting the resources to address security issues difficult (at best).
So, what can we do about security? Worry about it. Do not obsess about it, just worry a little, it is a great first step. Go to seminars; read books, papers and blogs; listen to podcasts or whatever you can fit into your schedule- and learn what to worry about. This will not magically make the Spare Time Fairy appear in your life and grant your wishes, but it should start to make you think before you act. And that is the point, to start factoring security into your decisions before you make them so there is less cleaning up to do later.
If a little worrying helps you get there, so be it.