The majority of small businesses will already have a router, but a firewall is specifically designed to protect your network. With more complex threats, the functionality and features of firewalls and routers have evolved to include services such as intrusion prevention (IPS), antivirus, web filtering and anti-spam; often – all in one box.
With Verizon reporting that 43% of data breaches affect small business, all SMBs should really have a network firewall protecting their business.
We work with a growing number of small-medium businesses (SMB) who have a need to protect their businesses from hackers, ransomware and other threats.
(This was last updated in June 2019)
Small Businesses are a target
Small businesses have historically lacked the security capabilities that are often found at larger enterprises, primarily due to the cost and complexity of firewalls.
The reality is that data breaches increasingly hit smaller organisations, either because attackers want their data or to gain access to the larger businesses they work with. Compliance and regulations such as GDPR only emphasise the need for SMB to be ready to defend themselves against attack.
According to the 2019 Verizon Data Breach Incident Report, data breaches were more common in small than large organizations with 43% of breaches affecting small businesses. These figures emphasise the need for a small business to use a firewall to defend their business.
Router or Firewall?
This is a difficult one. The truth is most routers have firewall functionality, and firewalls have router functionality – therefore the terms are often used interchangeability. Generally speaking, firewalls have a more advanced feature set that is designed to offer a superior level of defence than when compared to a traditional router. These devices can also be referred to as VPN Routers, VPN Firewall or Firewall Appliances – they generally mean the same thing.
Many would see your typical wireless router as more of a commodity device, suitable for home users and perhaps home offices. Very rarely do consumer routers have the same levels of performance or security capability. If you own or work for a small business, you should really be considering a firewall to protect the business. In this post – we explain why. A managed firewall for small business should be an important piece of equipment to safeguard your business against internet threats.
Feature set
The features that you should be looking for when choosing the best small business firewall or router should include:
- Internet Connection Support. Many firewalls will support ADSL, VDSL, Fibre, Ethernet and in many cases 5G. Make sure the firewall you select is compatible with your internet connection.
- Wireless Support. Most small businesses will use WIFI in some form. Nowadays you should be looking at 802.11AC/802.11AX for the best performance and where possible, you should be able to secure the wireless network using a Pre-Shared Key, usernames/passwords and ideally, the firewall should feature a WIDS (Wireless Intrusion Detection Service)
- Antivirus. Gateway antivirus means the firewall scans your downloads and e-mails for viruses on the device, adding an additional layer of defence to your existing antivirus on your PC/Servers.
- Intrusion Prevention Service (IPS). The IPS scans traffic and looks at patterns that may indicate a potential attack or exploit against your network or desktops/servers. The IPS can identify the pattern and instantly block the attack. Effective IPS solutions rarely feature on an SMB router, but are common on a small business firewall such as the Fortigate.
- Web Filtering. The primary purpose of web filtering is to control what websites your staff can access or not. Besides filtering content, an important feature is blocking access to known “high-risk” websites, those websites that host viruses and other malware.
- Reporting. This is key. The ability for your firewall to alert you or your managed firewall provider in the event a virus, malware or attack is detected. This should be easy to use, preferably in the form of a weekly executive summary.
- Virtual Private Networks (VPN). VPNs allow remote access to the workplace from home, mobile or on the road. Leading SMB firewalls will support IPSec and SSL VPNs that allow you to connect into the office network from anywhere on the internet. Site-to-Site VPNs allow you to connect multiple sites onto one network, linking up remote offices, factories and other sites.
- Zero Trust Network Access (ZTNA). Similar to VPN, ZTNA provides secure remote access, but has added features to provide more granular levels of control.
- Software Defined WAN (SD-WAN). SD-WAN gives you greater flexibility when it comes to controlling internet access or guaranteeing service to particular applications.
- Technical Support. This is important. Technical support can be provided by the vendor or by your managed firewall partner. This means you don’t have to worry about the configuration, monitoring or setup.
What about management and setup?
Most firewalls and routers can be made to work by a competent IT person, but unless configured effectively – rarely will this configuration result in an increased level of protection.
We would recommend that you engage an expert who can not only configure the firewall, but they can tailor the configuration to suit the exact needs of your business. This ensures you get the maximum value from the firewall, but also the highest levels of protection – which is the primary purpose of the device.
Many customers choose to focus on their core business and outsource the management of their firewalls to a company like Manx Technology Group (MTG). MTG then look after the configuration, setup, monitoring and support. If you need help – give us a shout. We service customers throughout the world with their firewall management and configuration.
Regulated Industries and PCI-DSS
In some industries, there is a requirement for a small business to have robust network security or cybersecurity controls.
- PCI-DSS has various requirements such as ‘Install and maintain a firewall configuration to protect cardholder data’ and ‘Build and maintain a secure network and systems’. Firewall vendors such as Fortinet ease compliance with PCI and with a business firewall, effective configuration and management – you can meet the various requirements set down by PCI.
- ISO 27001 is an information security framework that many businesses have adopted to manage information security, risks and controls in their business. Annex A.13 deals with network security, segmentation and suchlike. In a similar approach to PCI, a firewall can be used to implement a sufficient level of network security.
- Financial Services in many markets has to demonstrate high levels of network security, not least because of regulations such as PCI.
- Retail is another market touched by PCI but with the advent of GDPR – there is a heightened need to protect customer data. Retail is another big user of WIFI for EPOS and handheld devices, which is why a firewall can also assist with wireless PCI compliance.
How much does a small business firewall cost?
Small business firewalls generally range in price from £200 to £1500 depending on the performance, features and security capabilities. We cover this off in a similar blog post entitled – How much does a firewall cost?
There is typically an annual subscription that covers the antivirus, updates, IPS signatures and other subscription services – which are vital if you want to maintain a high level of protection. This cost can be as much as 20-30% of the purchase price.
The final cost that you need to consider is the management cost, we would recommend all small businesses opt for a managed firewall service. Outsourcing the management and monitoring of the firewall ensures you get a 24×7 service, watching over your business and responding to threats. For more information about MTG’s firewall management service or managed firewalls, please view the respective pages.
The cost of the managed firewall service will depend on the hours of cover, the number of sites and the level of protection required. It is typically a great value service that provides an extra level of protection for the SMB.
MTG can supply and manage firewalls for your business in the UK, Isle of Man and Channel Islands. With solutions from small business to enterprise – speak to us today via e-mail, phone or live-chat.
Fortinet Firewalls for the SMB – advanced Threat Protection
We work with a number of different vendors such as Cisco, Draytek, Palo Alto and Sophos – however, we would always recommend Fortinet as the firewall vendor of choice. For small business clients, they have a great value range, an extensive feature set and provide the highest levels of protection for a small business.
MTG believe the Fortinet family of products are the best small business firewall/router for the reasons set out above.
What next?
Review the questions below, if you answer yes – you should consider replacing your existing firewall or router with a UTM or Next Generation Firewall. We manage and support firewalls deployed throughout the world on behalf of our customers (as part of our IT support agreements).
- Is your current firewall/router approaching 3 or more years of age?
- Are you concerned about cybersecurity in your business?
- Are you a regulated business or does your business have obligations in regards to cybersecurity?
- Are you ready to add more security to your network?
- Have you upgraded your internet connection or network bandwidth?
- Are you ready to expand or upgrade wireless access in your office? Are you worried about wireless security?
- Are you concerned about malware and data breaches, and interested in increasing the security in your business?
- Do you host your own servers, e-mail or website?
- Do you want someone to manage the network security so you don’t have to worry about it?
If you would like more information on the Fortinet range of firewalls and the complete range of security solutions for SMB, please contact MTG today.
Submit the contact form on our website, click ‘Request a Quote’ or e-mail sales@mtg.im or call +44 1624 777837
(Updated October 2024)