Ask any IT professional if you need a firewall. They will tell you yes. They’ll scream it from the rooftops, hire a skywriter, get it tattooed on their forehead. Yes, you absolutely need a firewall. There is a reason why every government agency and virtually every fortune 500 company has robust software and hardware firewalls. A health care business can’t even begin operation until they can prove HIPAA security compliance, which as you might have guessed, includes both hardware and software firewalls. The natural follow up question is, “why?” That is a much more complicated question.
What is a firewall? For starters, it helps to know what a “firewall” does. At its most basic, a firewall decides what traffic gets in and out of a network or computer. Quite simply, it is your bouncer. Traffic from email, Facebook, and video streaming service show up, your bouncer will lift the velvet rope and let them in. Then viruses and malicious actors show up, the bouncer tosses them out on their tails. If you don’t have a bouncer, they’ll just walk right in with all the rest of the traffic, putting your systems at risk. The firewall achieves this through something called an Access Control List, or ACL. ACL do exactly what they sound like they do: they tell a network or system what types of traffic can come and go. Hackers and other malicious actors know exactly which ports and traffic types are typically left open and they seek to exploit those weaknesses. Fortunately, with the right configuration from professionals, ACLs can be used to slam the door in their faces.
Can a firewall do anything else? ACLs are just one of many functionalities available on modern day firewalls. Most hardware “firewalls” are actually many devices in one. They act as a centralized network management device capable of DHCP, DNS, network segmentation with VLAN, VPN, NAT policy and more. Don’t worry if all those letters don’t make sense to you. Network administrators can configure some or all of those features for you. The bottom line is a good hardware firewall can be your one stop shop for your small office network.
Isn’t there a firewall on my computer already? Yes there is! There are hardware firewalls, which are a physical box, and software firewalls. Mac OSX and Windows have built in software firewalls ready to use. It usually is not a choice of one or the other, but instead it is best to have both! A hardware firewall exists at the perimeter of the network, patrolling to make sure nothing can get inside and guards all computers and devices on the network. A software firewall on your computer only protects the one computer. Even homes in gated communities have locks on their doors. One of the software firewall’s primary roles is to protect you from yourself. If malicious software ends up on your computer, a software firewall will prevent it from communicating with the rest of the computers or the internet. A truly secure solution protects both the individual computers and the network. That means a hardware firewall and a software firewall.
Why would someone hack my small business? Why would malicious actors even bother with most small or medium businesses? The truth of the matter is, hackers will take whatever target they can get, big or small. They scour the entire web looking for their victims. In 2017, nearly 2 out of 3 cyberattack victims were small business. Unlike a Fortune 500 company, most small businesses cannot handle the stress of an attack. Sadly, 60% of small businesses will fold within 6 months of a cyberattack. Part of the reason why small businesses have become such a sought after target by criminals is pretty simple: 90% of small businesses have zero protection in place for company and customer data. While a firewall isn’t the only piece of the complete security apparatus, it is an essential one. Combined with antivirus, robust authentication, and comprehensive employee training, a small business can protect their assets and their customer data.
How do I configure and manage a firewall? Firewalls are easier to manage than they used to be but they still require an intimate knowledge of networking. Firewalls used to require entry into a command line interface, but now have much easier to navigate GUIs. However, even these interfaces will not hold your hand. Most firewall devices, such as the Dell Sonicwall TZ-500 or the Cisco Meraki MX64, are considered all in one appliances with next generation features that all need configured as well. Additionally, once configured, firewall devices still require mindful and vigilant monitoring. Target’s famous breach of 40 million credit card numbers in 2013 is a prime example why careful monitoring is important. On November 30th, Target’s security systems warned of a breach and, if configured properly, could have automatically removed the malware. Unfortunately, Target either did not see or ignored these messages and three days later customer data began flowing out of Target to the hackers’ servers in Russia. In the end, it took Target over two weeks to tackle the intrusion. The best way to protect yourself is to have professionals configure and monitor these devices. With their help, a small business can unlock the full potential of these Next Generation Firewalls on the market now. A managed service provider can even help formulate a full cyber security plan that includes protecting every aspect of your company from hackers and scammers.