Firewalls for SMB

Protecting Your Small Business: Why Cybersecurity Matters.

 

As a small business owner, you’re focused on generating revenue, building your business and excellent customer service, but overlooking cybersecurity protections can jeopardize your business. In 2014, sixty percent of all online attacks targeted small and medium sized businesses precisely because they do not have the same resources and IT budget as better protected enterprises. The worst part of this story is that small businesses may not recover after an attack and go out of business within six months.  Ransomware exploits such as WannaCry lockout businesses from their data until a ransom is paid. Even if paying the ransom unlocks your systems, your business will lose the ransom funds, miss any revenue during the lockout, and suffer irrecoverable loss of confidence by customers in your business.

Attacks come from both inside and outside of your organization, so a comprehensive approach to security addresses each area and plans for business continuity and data recovery.

In this article, we’ll look at one of the tools for preventing external security threats. A firewall is the first line of defense for your network and computers. Set up correctly, it screens out malicious activity before it reaches your computers.

Firewall Basics

The primary purpose of a firewall is intrusion prevention (IPS), or shutting out hackers trying to access your network. Firewalls are set up with rules that help them identify what application activity is expected and permitted, and this starts with identifying what “ports” are open. If an application or hacker attempts to use a port that isn’t permitted, they are prevented from accessing the network.  Firewalls come in software and hardware versions, but to protect your business you need a hardware based firewall. Software firewalls react to threats that are already on the network or that are attempting to exploit specific applications.

Is My Firewall Secure?

Do any of the following describe your network?

  • Using an “out-of-the-box” consumer grade modem or router provided by your internet provider or purchased from a store
  • Uncertain if there is a firewall or what protections are in place
  • Using default firewall administrator passwords
  • Using no password protection to connect to the network, or using older forms of network authentication security such as WEP or WPA that are susceptible to brute force attacks.
  • Have not established separate “guest” networks to segment your critical business functions from visitors’ computers and any possible threats they bring with them
  • No controls for preventing employees from accessing risky websites and content
  • IP Addresses are not locked down
  • No reporting or analytics on network traffic through the firewall
If you answered “yes” to any of the above, it’s time to shore up your network defenses!
  1. First, determine if you are using a consumer modem, router or firewall. Consumer grade modems are priced attractively, fast, and often come with a basic firewall capability. Consumer grade modems and routers are targeted for home use and optimized for activities such as media streaming, but do not have the level of security necessary to protect your business. Business grade firewalls provide enhanced security, reporting, and control over who accesses your network and what they are allowed to do. Additionally, business grade firewalls provide the option for additional connections to your internet provider for business continuity and additional capacity when your business grows.
  2. Change the administrator password. Using the default password or no password is equivalent to handing over the keys to your business to hackers.  Administrator access should be granted only to the staff whose job it is to configure and maintain your firewall.
  3. Quarantine visitors’ traffic from your business computers by segmenting the network. On consumer grade modems, this is called a “guest network” but the term used for business firewalls is VLAN (Virtual Local Access Network). Guest networks should be configured with password security, and use a different password than your business network.
  4. Review password security protocols for connecting to the network, and update if you are using WEP or WPA. At a minimum, your network should require WPA2 security. This is an opportunity to change an old password that may have been shared with non-employees or past employees.
  5. Establish content controls by identifying what types of websites and services employees need to access during business hours, and locking down harmful sites and unused ports. The objective is to provide the right level of access for your employees to do their jobs while keeping out potential threats. This requires an understanding of the applications your business uses and what ports those applications use, so IT and management should work together to determine how employees are allowed to use the office network.
  6. Enable antivirus protection at the firewall. This scans downloads and emails and provides an extra layer of protection over the antivirus programs installed on employee’s computers.
  7. Enable / Configure Intrusion Prevention System (IPS)
  8. Check for and install any firewall firmware updates. Consumer grade routers and modems generally do not receive ongoing maintenance and patch updates from the manufacturer.
  9. Monitor firewall reports and analytics for attempted security breaches. These reports are only available in a business grade firewall.

Help is Here.

If these steps to securing your network sound like gibberish, you’re not alone. Small companies want to focus on their core business and often turn to outsourcing IT services to a managed service provider. A trusted service provider can review your network security, choose and configure a business firewall that meets your business needs and budget, and provide ongoing monitoring. Firewall security is just one of the solutions provided by Ariel IT’s businessCARE™ suite of small and medium business services.