Difficult because all of the computers serviced by the single router will have to be in the same subnet, therefore if file & printer sharing is enabled, they will communicate freely.
It could be done with a firewall - give each business a range of fixed IP addresses for its computers and configure the firewall's "trusted" area only to allow access to that IP address range. Anyone familiar with firewalls could over-ride that in 30 seconds!
An alternative solution would be to connect two more routers, each operating in a different subnet, to the existing router so that, for example, the main router operates in the 192.168.0.x subnet, one business connects to a "sub-router" operating in the 192.168.1.x subnet and the second business uses the 192.168.2.x subnet. The Subnet Mask of 255.255.255.0 will prevent the individual subnets from communicating.
Actually, you would only need two routers, because one business can work directly with the main router and the second business with the "sub-router". Different subnets would still keep them apart.
This would be easier with a wired network, because they couldn't connect to the wrong network. With "wireless" and a bit of collusion between staff, they could connect to the wrong wireless network. The encryption keys would need to be kept under wraps!
...if that makes sense.