Do small businesses really need antivirus and a firewall? Source: Shutterstock

Do small businesses really need antivirus and a firewall? Source: Shutterstock

First steps: Why small businesses need to get an antivirus and a firewall

SMALL BUSINESSES often avoid cybersecurity altogether. That’s obviously not a good idea in this day and age.

However, unless the entity is a technology-heavy business, it seems as though a good antivirus solution and an effective firewall are great first steps.

An antivirus is just a software that is used to protect users from being infected by a virus. How do most users get a virus? Well, usually from files downloaded from the internet, and via email.

While antivirus software is fairly straightforward to understand, and it’s easy to envision how such a solution can protect businesses, let’s explore firewalls now — in a little more detail.

A firewall, in their simplest form, is a solution that helps companies monitor incoming and outgoing traffic to its network and determines (based on a set of rules) whether to allow or block that traffic.

How does this help? Say you’re a business that only does business here in the United States and doesn’t serve or supply to customers in Russia and Vietnam, maybe it’s a good idea to use a firewall and block all traffic to your website and network that originates from anywhere outside the US.

If you’re a small business, it’s quite likely that you’ll be operating in one geography, serving a small market — which makes the simplest firewall solution your best friend.

Alright, we’ve established that antivirus and a good firewall solution are important for your business.

But the question is: Are the two enough?

Well, most experts will say that a good antivirus software whose virus definition files you keep up to date, on a machine whose patches you install immediately, is already half the battle won.

Further, if you look at the threat reports issued by some of the most popular antivirus vendors, you’ll realize that the biggest problem areas are malware and ransomware — both of which can be prevented with a good antivirus.

Next, targeted cyber attacks on small businesses such as local manufacturers supplying to the US (and maybe Canada) and regional service providers are quite unlikely as the business doesn’t tend to collect and store too much data about its customers.

Accounting probably happens on a SaaS platform and the company probably also runs SaaS-based project management software — both of which are protected by their respective providers — and they are cloud-based vendors who are probably spending a lot on their cybersecurity.

If the company has a server for some custom-built applications or to support internal functions, a firewall should suffice, provided rules are carefully set up to pick up and block all malicious and harmful traffic.

Although many experts speaking on the subject agree with the conclusion we’ve drawn — for the kinds of small businesses we defined at the start, they also emphasize that education and awareness about safe online practices is the first line of defense for every business.

Employees, after all, can make or break an organization’s cybersecurity measures, no matter how sophisticated they are.