Spam is an ever present problem, and it's not really something you can eliminate. There are a couple of things you can do to manage your current levels of spam, but that's about it.
The single most important thing, is to stop using any email client with Outlook in the name. Quite simply, Outlook and Outlook Express are a spammer's ideal email client. Lax security, and a number of default settings that make their life very easy.
In its stead, I would recommend Mozilla Firefox with the following settings. First, disable the loading of remote images in email messages. It's possible to use the loading of an image to tell if an email address is "live" or not. Second, disable cookies in messages. There's absolutely no good reason why an email message needs to have a cookie embedded in it. Third, set the HTML to limited/simple, or better yet, disable it completely. Fourth, disable scripting and plugins for the email client. While none exist presently for Thunderbird, this is how Outlook and Outlook Express crippled the email systems of many Fortune 500 companies. Scripts embedded into email messages would start sending out mass mailings. Fifth, enable the adaptive junk mail filter. This is a special filter that will "learn" what you consider to be spam over time. Over time, it should be possible to achieve around a 98% success rate.
Do note that there are dozens of email clients you could choose from. I only recommend Mozilla Thunderbird because it combines a number of different techniques for dealing with spam and email security.
As to security in general, there are three main things to concern yourself with.
First, you want to make sure you avoid using Internet Explorer as much as humanly possible. Whether you think is the cause, the fact still remains that Internet Explorer is the almost exclusive target of Internet based attacks. Probably better than 95% of all spyware enters via security holes in Internet Explorer. So I would recommend not using it at all. The one and only exception to this rule, would be visits to the Windows Update website to get the latest round of security patches for Windows and other Microsoft products. These checks should be done at least once a month. In its stead, you have three major choices: Mozilla Firefox, Opera and Seamonkey. Seamonkey is actually the continuation of the old Mozilla suite, so it's the same as Mozilla Firefox and Thunderbird rolled into a single package. All other browsers are likely to be Internet Explorer based, so don't solve the underlying problems of Internet Explorer.
Second, make sure you have a firewall. Personally, I'd consider getting a router with a firewall. That way, you've got one central firewall for all systems, and you only have to make firewall rules once. Otherwise, being a small business, all the "free" firewalls people might recommend are not free for you. So, to that end, I would just use the firewall in XP. Despite what uninformed fans of other products might tell you, it's just as capable as ZoneAlarm or any of the others. Maybe not quite as easy to configure, but it's also not full of alarmist language designed to make you think there's an army of evil hackers just outside your door, trying to get in, for a number of simple and harmless things.
Third, you want to have some sort of anti-virus program. I'm not a huge fan of McAfee's products, since they tend to cause a performance drop of about 20% in your system, just by doing their normal functions. The consumer versions also require Internet Explorer to perform updates. Not good. From all accounts, Norton products have continued their steady decline of late, and Norton routinely has false-positive issues with virus definitions. Harmless programs, sometimes system critical ones, are flagged as having some virus or trojan and advise you to delete the file. I tend to use either AVG or Avast, which are free to me as a personal user, as a small business, you will be expected to pay. However, both programs are good about being light on resources and I have yet to run into a single false-positive problem with either.
Finally, if you choose not to heed my advise on Internet Explorer use, it would be wise to have an array of spyware removal programs. I'd recommend the major free ones: Spybot S&D, AdAware, Microsoft's Anti-Spyware and Ewido. Between them, there isn't much you're going to miss. If it were me, as a small business owner, I'd prefer not to even have to concern myself with such things. The time it takes to ensure my system stays free of spyware, not to mention the time lost to clean up spyware, and the potential damage to my business if sensitive data is leaked via this spyware... All things that can be almost completely avoided with the use of a non-IE based browser and an email client with Outlook in the name.
I run a small home business with 7 PCs on Windows XP.
I do not have my own domain and emails come via my ISP and as a result, SPAM is a big problem. I do not have a router.
Can someone please advise me how to tighten security; the type of anti-virus products, and how to minimise, if not eliminate, junk & spam emails.
Clue-less
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic