Many times when working with new SMB's and reviewing their network infrastructure, we will ask "Do you have a firewall" and sometimes the answer is "I don’t think so” “Do I need one”. After investigating, we see the router, and then the discussion begins, ISP Router firewall, software firewall and hardware firewall capabilities..

It's important to use at least one type of a firewall , whether hardware, software or a combination of both. Firewalls are important components that help protect the organization from unauthorized access to its systems. There are other security measures, like anti-virus software, encryption and intrusion detection/prevention systems, that help combat a variety of threats.

However, a firewall is the “first line of defense” because it can be used to secure access to the network and to stop malicious attacks. A firewall that is designed and operated with security in mind will help prevent attacks from occurring by restricting certain types of traffic that could result in unauthorized access.

Simply, a firewall (selective) allows traffic based on selected criteria such as source or destination IP addresses, for instance. A firewall (non-selective) denies all traffic not in the log of approved applications.

So to answer the question: Yes, as a best practice for network security and data protection a firewall is recommend for all SMBs.

With cyberattacks and data breaches increasing at an alarming rate, without firewall security, it will leave your business vulnerable to a cyberattack.

When it comes to security, the concern we should have is passwords. Whether you are a bank customer or business owner, your password is the key that can unlock valuable information about you and your personal/business assets. This information can be obtained and taken by malicious individuals who want to cause harm.

Passwords are one of the most important components and must be kept safe from hackers. These passwords are very easy to hack because we tend to reuse the same password for different sites or services. Once a password or password file has been compromised this information can be used to further harm you and your business/personal assets.

This article will provide you with some tips and tricks on how to keep your passwords secure and prevent any potential harm.

First thing when it comes to making your password stronger is not to use the same password across all services. This is a very bad practice and can result in you losing access to most of your banking information or your personal accounts. When it comes to passwords, we tend to keep them short, simple and easy for us because we are afraid of being hacked. This will make it much easier for hackers to hack into our system and steal sensitive information from us.

You might be worried that using a strong password is an inconvenience and might take away your time. The truth is, the most important thing to remember is that passwords are one of the first lines of defense between you and potential hackers. Just like your lock on the front door, it can stop a lot of unauthorized people from entering your house!

Password strength should never be compromised for convenience.

Small Businesses today are challenged with investing in network security and keeping up with technology with limited resources and budgets. Ransomware is a type of malware that encrypts files on a targeted computer and demands payment in exchange for unlocking them. Here are the top three steps SMBs can take to protect themselves from Ransomware:

- Backup your data regularly and test restores to ensure the backups are working properly,

- Avoid using administrative privileges on their company computers to avoid becoming a ransomware victim, and

- Implement an antivirus program with an automatic update.

1. There is no such thing as 100% cybersecurity protection. It is important to have up-to-date antivirus protection and not allow admin access to the company computer.

2. It is important to ensure that all employees are educated on the dangers of Ransomware and have a plan in place for how they will respond if a computer is infected with ransomware as employees can cause more damage than any malicious software.

3. It is important to have an audit process in place for all employees to ensure they are not downloading malware or ransomware onto their computers.

4. It is important to stay vigilant on the threat of Ransomware and keep working with your IT provider prior to any attacks happening. Ransomware is still a very real threat that could affect your company and compromise data.

• Establish security practices and policies to protect sensitive information

• Educate employees about cyberthreats and hold them accountable

• Require employees to use strong passwords and to change them often

• Employ best practices on payment cards

• Make backup copies of important business data and information

• Create a mobile device action plan

• Protect all pages on your public-facing websites, not just the checkout and sign-up pages

  The survey also found:

  • 65 percent of business owners admit they have been victim of a cyberattack; computer virus attacks are the top type of attack reported at 33 percent, phishing is number two at 29 percent.

  • 86 percent of business owners believe that digital risk will continue to grow.

  • 30 percent of companies with 11-50 employees do not provide any type of formal training on cybersecurity.

  • Despite the simplicity of regularly updating software, seven percent of companies still fail to take that step.

  • Reputational risk is among the top reasons (45 percent) why business owners would consider investing in or purchasing a cybersecurity policy.

  • 35 percent of business owners who have never experienced a cyberattack are unaware of the financial cost to recover, highlighting a dangerous gap in knowledge from the implications.

As for Web-based exploits, Internet websites are now the most commonly-used angles of attack, most often targeting software vulnerabilities or using exploits on the receiving client. This makes keeping up-to-date browsers paramount for all employees.

 Website Browsing Best Practices for Employees

•    Be conservative with online downloads.

•    Beware antivirus scams.

•    Interact only with well-known, reputable websites.

•    Confirm each site is the genuine site and not a fraudulent site.

•    Determine if the site utilizes SSL (Secure Sockets Layer}

• SSL is a security technology for establishing encrypted links between Web servers and browsers.

•    Don’t click links in emails—go to sites directly.

•    Use social media best practices.

Email Threats

Social engineering is non-technical, malicious activity that exploits human interactions to obtain information about internal processes, configuration and technical security policies in order to gain access to secure devices and networks. Such attacks are typically carried out when cybercriminals pose as credible, trusted authorities to convince their targets to grant access to sensitive data and high-security locations or networks.

An example of social engineering is a phone call or email where an employee receives a message that their computer is sending bad traffic to the Internet. To fix this issue, end users are asked to call or email a tech support hotline and prompted to give information that could very likely give the cybercriminal access to the company’s network.

 Phishing Email Compromises

One of the most common forms of social engineering is email phishing—an attempt to acquire sensitive information such as usernames, passwords and credit card data by masquerading as a trustworthy entity. Phishing is likely the #1 primary email threat employees need to focus on.

 Such emails often spoof the company CEO, a customer or a business partner and do so in a sophisticated, subtle way so that the victim thinks they are responding to a legitimate request. The FBI says CEO (or C-level) fraud has increased 270 percent in the past two years with over 12,000 reported incidents totalling over $2 billion dollars in corporate losses.

 Among the reasons these scams succeed are the appearance of authority—staffers are used to carrying out CEO instructions quickly. That’s why phishing can be so easy to fall victim to.

RSA Conference, “How a Security CEO Fell Prey to Scammers (Almost),” 3/3/2016: http://www.rsaconference.com/blogs/security-ceo-scammers#sthash.egMiB2xW.dpuf