(Video) The role of the firewall in holistic cybersecurity

We have two types of firewall. This inexpensive one that comes from retail stores. It connects to the internet, whether through a modem or through itself as an ADSL connection. It does the things you want it to do. So it’s got wireless on it. It’s got things going into it. So it protects the network.

But this component is not that strong. You can restrict people’s access to the internet. So coming out of it what people are going to do and how they’re going to do it within your business.

Whereas if you take this one, which is not something you buy from a retail store, this one is somewhere between $100-300; this is somewhere between $600-1200.

Now apart from the cost, let’s look at what it can do. Yes, it’s got wireless. But this one’s wireless is different. When you’re plugged into this wireless, you’re not on the network. Yes, you can get to the internet. But the wireless component is not a part of how the internet wants to work and how your business people want to work.

So you can have this as a secure environment for people to bring in their laptops and iPhones and iPads and everything else. But they’re not going to see the rest of your network. That’s one.

This thing has a thing called Unified Threat management (UTM). A cybersecurity term that makes for a more secure business environment.   Now UTM has spam, antivirus, it has intrusion detection, management of incoming and outgoing ports. So this does 10x more than what this does, for probably twice the price.

But again, we have another difference here. If you’ve got management policies that say 5 of your people can go to the internet and 25 of them can’t, or 5 of them can go to Facebook and 2 can’t, that type of thing, then this is not going to help you.

This, on the other hand, will take it to that level. It will make it so that if you want to manage and control your people, then you have the capability of managing and controlling your people.

But as I said, cybersecurity is holistic. If you’ve got one of these, you can still put your management components here, your policies, your procedures, changing default passwords, setting up the systems correctly so it does all the right thing. But because we’re talking holistic, we’re not talking you have to have this because you’ll be safe.

We’re saying, if you’ve got that, what other components are going to make it even more secure? We replace this with this and you’ve got all of this extra components that you can now manage your network with.

Now that security component, the management, this is literally a dumb system. This one’s got a bit of brains. Knows what it’s doing, knows how to do it. In some cases, we have a thing called a sand pit, which can say, I’m not sure if that’s a spam component, or a spam email. I will spend it to Fortigate and say, is this a spam component? And Fortigate will come back and go, yeah, we sent that around. Yes it is.

But because it’s also doing other things, it’s doing the antivirus, it’s also doing VPN, so that you can actually secure the people who are using your system. If you really want to make your network so secure, you can have wireless coming in, so this goes out on the internet, from there it comes back in on a VPN.

No chance that anything on the tablet, phone, or laptop is going to be able to compromise your internal cybersecurity. Again, this is what we’re talking about of whatever people have been telling you. Just buying this is not going to do the job.

Putting this in place with all the other components that go with it, backups, disaster recovery, business continuity, compliance, your management components, other components of your technology, you start to build a secure environment for not only your people, but also your client data, your intellectual property, and other things that you need to do.

So by being holistic, you are making a more secure environment. You might have exactly the same thing as someone else down the road. But if you’ve got other components in place, you are starting to build an cybersecurity envelope.

After all of this, if you download the checklist that is on this page, it will give you an insight into where you are and what you need to do to get to a more secure environment for your business. Thank you.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.