Picking a Firewall for a Small Business: 10 Rules To Follow

Your company can’t afford to suffer one successful attack, let alone a number of them: studies show that one data breach is enough to bankrupt a small business. Prevention is a must, and preventing attacks is what firewalls do best. How can you choose the best firewall for a small business?

Picking the best firewall for a small business requires looking at the budget, threat model, and needs of a company. Things like WFH will affect the product of choice. After installing a firewall, companies need to audit, configure, and test their new software.

Your firewall is the first line of defense between your network and threat actors. It’s the one thing that will stop unauthorized access or DDoS attacks right in their tracks. Small companies, unfortunately, have a small budget for cybersecurity – but that doesn’t mean they can afford to work without a firewall.

Does a Small Business Need a Firewall?

Every company needs to install a firewall, among other cyberattack prevention and malware detection software. Recent studies show attacks and vulnerabilities continue to rise every year, with developers scrambling to patch any issues that come up as time goes on.

Your company has to vet software, vendors, and workers alike – but that’s not enough to prevent trouble from happening. You also have to train your employees. Of course, you also have to employ defensive measures to prevent hackers from accessing your data and hard-earned money.

Choosing a firewall is one of the first few things you have to do to protect your company, no matter the size of your business. We’ll detail 10 rules to follow if you don’t know where to start.

10 Rules To Follow When Choosing a Small Business Firewall

1. Figure Out Your Threat Model

Don’t get scared by the term “threat model” – because it’s something easy to understand and figure out. You will determine your threat model by answering these questions:

  • What type of business are you running?
  • Are you handling sensitive data?
  • Who can attack you?
  • What happens if they succeed?

These questions (and a few others you can come up with or search for) will shed light on who will target your company, the things they’ll go after, and what may happen if they succeed.

For example, a financial institution stores very sensitive data (e.g., bank information), so they’ll have to spend a lot of money on cybersecurity. Your security budget depends on the kind of data you store (and compliance rules).

2. Put a Priority on Protecting From the Latest Attacks

Has your company suffered any cyberattacks lately? The most common issues small businesses deal with are phishing attacks and ransomware.

Ransomware has run rampant in the last couple of years – and we can assure you one successful ransomware attack is enough to tank your profit line, bankrupting your business in the process.

Your firewall can help you with other threats, such as DDoS attacks. One of these attacks can put your website down for a long time, making you lose a lot of money while you bring it back up.

3. Take the Time To Think About WFH

Corporate life has seen a lot of changes in the last couple of years. Working from home (WFH) is one of them – and it’s also a big concern from a cybersecurity standpoint.

Most people don’t know how to behave online, or better said, they don’t know how to use the internet securely. That may come at a great price, especially if they carelessly connect to your company’s network.

A firewall can prevent certain issues from happening, including things that may happen because of a careless worker who’s logging in from their home. If your small company is big on the WFH model, you will have to look for firewall protection for external devices as well.

4. Don’t Forget About Devices

How many devices do you have running on your network? The word for them is endpoints: computers, servers, phones, and anything else tied together under the same network need a firewall to protect them all.

Following the point above, we also have to talk about the devices that are far away from the office but still connect to your company’s network. They also have to be protected by your firewall (if possible).

Last but not least, we should talk about IoT. We know having a smart fridge seems like a cool thing to do – but it’s a great way to get a malware infection started. If having them is a must, remember to have a firewall protecting them too.

5. Don’t Negotiate Fundamentals

Your firewall must do a lot of things, including encryption, decryption, filtering, and more. You have to figure out what you consider essential and find a solution that covers every aspect you want.

Remember, you’re paying for a firewall! You don’t have to cave in and get less than what you want (as long as you’re willing to pay for it).

You may need a few more or fewer things than other companies, though that doesn’t mean you have to pay for a firewall that doesn’t offer, for example, endpoint integration (which helps with WFH and having multiple devices).

6. Choose the Number of Vendors You Can Handle

You can choose a single-vendor or multi-vendor approach when looking for a firewall provider.

There are a few differences between each approach, though the easiest way to look at it is to see the single-vendor approach as a centralized system and a multi-vendor approach as a system with a lot of moving parts.

A multi-vendor approach often leaves gaps for threat actors to exploit, so we recommend a single-vendor approach, especially for small businesses.

7. Make Up Your Mind About Management

Firewalls protect your business – as long as you take care of your firewall. In other words, you have to pay attention to what’s going on with it if you want to experience proper protection.

Most small businesses don’t have an IT department ready to take care of all their cybersecurity needs, so having around-the-clock firewall surveillance may not be within your means.

That’s not a problem! Certain firewall vendors offer to manage their products for you, so you don’t have to worry about anything other than running your business.

You can also take care of that yourself (and get help whenever needed) if you prefer a more hands-on approach.

8. Keep an Eye Out for Customer Support

Customer support is one of the most important (and often overlooked) aspects of choosing software. You’re bound to find trouble using a product sooner rather than later, and firewalls are no exception.

You can wait around until you come up with the solution when it comes to certain things – but that’s not the case for malware detection, attack prevention, and similar scenarios. You don’t have enough time to google an answer while you’re under a cyberattack.

Paying for a firewall also means having a direct line with customer support: a team of professionals who’ll help you troubleshoot any issues and keep you protected.

9. Pick a Product According to Your Budget

You can have an affordable firewall for less than a one-time payment of $100 or hire a provider for more than $2000 per month. There’s a world of possibilities out there, especially when it comes to picking and choosing software.

We’re not joking: a small business router with a firewall costs $50 or $60. A CISCO firewall for small businesses can cost thousands of dollars.

You’ll find plenty of great options in that price range, so there’s no need to choose a cheap and ineffective option or bankrupt your business when trying to protect it.

10. Find Out Which Firewalls Will Hurt Your Business

Last but not least, choose a firewall that won’t make more trouble than it’s worth. These products can cause connectivity issues, cost more than you can afford, and conflict with other software you have running.

Sometimes, it’s better to hire a third-party audit to see what kind of system you have – and what firewall would be best to protect it. It costs more than the average choice, but you’ll have a guaranteed solution you can use.

Once you settle on a firewall choice, there’s still work to do, as you’ll see below.

5 Things To Do After Installing a Firewall

1. Troubleshoot Any Issues

Installing a firewall can seem more trouble than it’s worth early on. You have to make sure it doesn’t mess with the flow of your business and won’t get in the way of anything else going on in your network.

Getting ahead of trouble is always a good idea. We recommend troubleshooting your firewall after installing it (and before moving on to other tasks).

For example, the first time you install a firewall may trigger a connectivity issue. That’ll be a quick and easy fix before you move on and do the rest of the things on this list.

2. Set Automatic Updates On

Your firewall is there to prevent trouble from happening. It’s a big wall between your network and threat actors. It’s not perfect – especially if you never install any patches as time goes on.

Not installing firewall patches is the same as leaving holes in a wall: the bad guys are bound to slip through the cracks if you allow that to happen. Studies show more than 60% of data breaches happen because of users having unpatched software running.

The best thing about firewalls, malware detection, and similar software is that they all come with the option to automatically download and install patches. You don’t have to do anything but enable that and forget about it.

3. Audit Your Firewall (From Time to Time)

Auditing your firewall will allow you to check if there are any misconfiguration issues going on. Sometimes, audits will shed light on negligence, though they can also be a great tool to spot insider threats or hackers doing harm.

One quick audit can help you from preventing noncompliance or another issue that’ll put your company in harm’s way.

Of course, audits are far from the only thing you have to do after installing your firewall. Tests are a must too. The main difference between an audit and a test comes from directions: audits are internal, while tests are external – and both are equally important.

4. Test Your Firewall

How can you know if your firewall is working as intended? You can’t wait until a threat actor stumbles upon your small business and decides to take a shot at your defenses. You have to get ahead and test your firewall yourself.

That way, you will have peace of mind knowing your firewall will stop any attacks that cybercriminals throw at it.

So, how can you test your firewall? You can hire third-party auditors to perform vulnerability scans and penetration testers to try to pick it apart from the outside. We suggest backing up your firewall configuration before going down this route.

5. Whitelist Instead of Blacklist

One of the things your firewall does best is deny unsolicited traffic. That can only happen in one or two ways: whitelisting or blacklisting traffic.

Whitelisting something means allowing something to happen, while blacklisting means not allowing it to happen. The best approach to deny unsolicited traffic is not to blacklist the bad guys – but to whitelist the good guys.

What do we mean? You have to reject all traffic by default – and only whitelist the devices you want to allow to join your network. That way, people will have to request access instead of you allowing everyone to join your network and manually denying access to threat actors.

It’s a more efficient and safe way to handle incoming traffic.


The best small business firewall is the one that fits your budget and defends your company the way you need to. It’ll take a while before you find the perfect pick for you – and the job won’t stop there: you still have to test and audit your firewall before trusting it.

Herman McCargo

Herman is a Microsoft Certified Security Engineer and Cybersecurity Specialist. He’s been in the technology field for over 20 years and has expertise working with the most critical technology infrastructures. He has a deep understanding of cyber risks, threat mitigation and prevention, and overseeing infrastructure.