There are a lot of good IT employees out there, so this is not meant to scare you. But if you read on, and this sounds familiar, I hope this can help a bit.
Owners and Managers rely on communications the same way their employees do. They are also often on the same systems. Using a shared server for email and files is very common. Having user permissions on those servers is also common.
If you have an in house IT staff, you are likely sharing everything there is to know in the company with them as well. So your data is only secure as THEY want it to be. You may be thinking to yourself, "What can I do about it? I'm not a tech and I will have to trust someone!" Well, that is correct!
There are a few ways I would consider if I were in your shoes.
Strongly consider outsourcing your work. This is something my company does, for purposes of disclosure, however the reasoning is simply this; If your IT company does its job right it will be less expensive than hiring an employee. You will also benefit by having a staff of people that can work through issues instead of one person who cannot possibly know everything. And believe me, many of them won't admit where the strengths and weaknesses are.
An outside IT consultant is also going to have very little use or interest in what you are doing in your business. They can also be contractually obligated to do their job in a manner consistent with common practices, or to document everything they do. An internal IT employee could potentially use their skills to enforce a feeling of helplessness, such as leaving you in the dark about how key technology is configured in your office. I call this the "job security" tactic. I have seen employees do this to keep an upper hand, and have helped write policies to try and prevent it.
If you want to have internal IT, then put outside consultants on a retainer as a backup with there own set of permissions. Use them to verify the work, or maybe to manage the staff member. If done correctly you can have a trail of what each has done, and have monthly or weekly documentation prepared for review. Essentially a system of checks and balances.
You can also have a 'system' for Owner and Managers use only. Whether that be an internal server managed by outside IT, or even using one of the many Software as a Service providers to manage your content "in the cloud" (referring to a server on the internet, generally in a large hosting company).
Everything that is completed by internal or by outside IT staff should also be documented (and confirmed, if you have both staff types) and stored in a secure location, such as a Safe Deposit box. This will help protect the company should you need to make a change, or even more importantly, in case of disaster. Having a good system backup won't always tell you how the system is working! Have a good full network document that shows text configuration of your phone system, how your internet is connected to the office, a copy of your router and or switch configurations and any changes as they happen in order.
Consider consulting a lawyer for a Non-Disclosure Agreement and a review of your Employee Handbook to protect your company from employees and contractors as well. The best defense is often a good offense.
Simply put, security is in your hands. You may feel comfortable with what you're currently doing. But don't be caught off guard, be proactive!