Picking back up in our Cyber Security for the Small Business Series, I wanted to talk about one of the simpliest and cost effective ways to protect your company and it's critical data from emerging threats - Firewalls.
Some of you may be familiar with what a firewall is, what is does and how important they are, but for those of you who aren't, I will do my best to explain it, without speaking "Geek".
First off, a firewall is a system that sits between your company's network and the internet whose job it is to block unauthorized access while allowing outgoing access when permitted. Yeah, pretty generic right?
Think of a firewall as your front door at your house or business. Some are composed of different materials, some have different types of windows, and some have simple locks and others have complex deadbolts or smart locks. Better yet, some doors have Access Control systems (those annoying little key fobs you carry on your key rings) that allow or deny access based on the door, time, etc. A firewall is exactly that, a secure door to your network.
Firewalls are essential to securing your businesses information from the outside world. Without them, it's the same as leaving your front door open and unmanned 24 hours a day. Do you trust your neighbors and anyone driving by that much? I hope not!
What kind of firewall do I need?
This is the most common question I get when I speak with SMB throughout the US. It's a great question because it's not "what kind of firewall do I have to have?". What your business needs is what's called a Next Generation (NextGen) Firewall.
Next Generation? I don't know what the current generation is! Well, Next Generation firewalls build on the old and then apply a whole different set of security features that your business MUST have in order to protect your data. Content Filtering, Intrusion Protection, Botnet and Malware Filtering and Sandboxing to name a few. But in order to keep this non-technical, I'll just say this - If you bought your firewall from BestBuy, it's not NextGen. Coincidentally, if you buy your computer equipment from either of those two places or some place similar, shoot me an email and I'll tell you why that's bad for business!
What a NextGen firewall does is build on the traditional technologies by adding support for emerging threats. These firewalls can lock your connection down so tight that you can literally only do exactly what someone has previously allowed you do to! NextGen firewalls are also connected to international monitoring groups that are constantly watching to see new threats, checking on things that look out of order and immedaitely updating your system should something new come out. NextGen firewalls also do some predictive analysis to protect you should something look strange.
If we equate it back to the door analogy. Think of a traditional firewall as a door your builder puts in. It's a solid door, with no windows and a deadbolt lock. A NextGen firewall is the most secure door to date. It's made from Carbon Fiber, has a one-way mirror, a smart lock that requires your fingerprints to open and better yet, it can tell if someone shady is outside and then locks itself down tighter and calls the Cops just in case they are up to no good.
Now, the one thing that businesses miss when it comes to their firewall is that it's not a piece of equipment that you install and then never touch. It's not a "set it and forget it" piece of hardware. Firewalls require frequent maintenance, updates, and most importantly require someone to monitor what's going on with it. NextGen firewalls are made to allow for all those things very simply and cost effectively, but it has to be done.
You, as the business owner or person in charge of IT need to make sure that happens. What would happen around your office if no one made sure the door was locked when everyone left?
We'll get more into the different technologies and services your firewall needs and the best practices for configuration later, but let's start simple - get the right equipment, get it setup the right way and for cripes sake - make sure it's being monitored!