Does Your Business Need a Firewall If You Have a Router?

Yes, Wi-Fi routers act as basic hardware firewalls, and Windows and iOS devices come with basic firewall software preinstalled. But a basic router and your computer’s firewall software alone may not provide enough network security to protect your company from online threats.

We know what you’re thinking: Do I really need to spend extra money on a firewall?

The good news is many firewall solutions can be cost-efficient and provide more than the bare minimum in terms of security. We’ve broken down everything you need to know about routers, firewall software, and other notable cybersecurity solutions. That way, you can figure out the most effective way to protect your company data from malicious online criminals while sticking to a small-business budget.

Yes, the rumors are true: wireless routers automatically do the job of a basic hardware firewall.

Firewalls are designed to repel any external internet traffic that tries to gain access to your internal network (a.k.a. the network of devices connected to your router). This is a common technique used by hackers; once they get access to your network, they can steal sensitive data (like employee records and customer payment info) and control devices like wireless security cameras.

Routers help prevent this kind of infiltration because they were designed to manage outgoing traffic requests. If the router receives an incoming traffic request that isn’t initiated by a device on your network, the router discards it automatically. That keeps anyone outside your network from accessing your devices, so you get built-in protection from basic-level cyberattacks.

We recommend that every business use a combination of hardware and software firewalls.

Basic routers can only protect devices that are currently connected to your network. So if an employee connects their Windows or iOS laptop to an open Wi-Fi network at the public library, your router can’t do anything to protect the data on that employee device. Routers also don’t provide individual protection for devices on your network, so if a hacker breaches one computer on your network, all the devices on your network are vulnerable to attack.

Software firewalls, on the other hand, protect individual devices rather than your entire network. That means they provide the same data protection whether your employee uses their device in the office or at home. They also provide another layer of security that makes it more difficult for malicious traffic to gain access to your sensitive data.

Combining a hardware firewall and a software firewall gives you total coverage for every device in your company. The only trick is figuring out the right type of hardware and software for your needs.

When most people think of firewalls, they think of an ironclad wall of protection that can stop viruses, malware, and hackers. But realistically, if you want all those security features, you’ll need something more than a basic router.

Hardware firewall routers offer extra protection to keep your company’s data safe. A firewall router might be a good choice for your business if you want a firewall with these features:

• Antivirus protection—Scans incoming data for malware, viruses, and ransomware
• App monitoring—Logs which apps access the internet (and when)
• Web filtering—Provides “parental” controls to block employees from accessing specific sites
• Intrusion detection—Recognizes instances when the firewall has been breached by a malicious entity
• Attack recognition—Uses AI to detect patterns and attacks, allowing you to better protect yourself from new threats
• Advanced firewall rules—Blocks even more types of incoming traffic
• Static IP masking—Camouflages the IP addresses of devices on your network

Keep in mind, though, that a firewall router protects only the devices on your Wi-Fi network, so if any employees take their Windows or iOS devices outside the office, those devices’ vulnerabilities may make them easy marks for hackers.

Virtual private networks (VPNs) are a popular security tool among businesses. A VPN creates a cloud-based network for your office, so anyone using your VPN can access internal network functions—even if they’re a remote employee or working from another office within your company. That makes running your business a lot smoother.

Virtual private networks also have their own IP addresses, which masks the individual IP addresses for any devices using the VPN. That’s an important security tool, since IP addresses reveal information about your company that malicious attackers can use to exploit your security system. Plus, if everyone in your company is connected to the internet using the same IP address, it masks the number of devices in your network—which may help make you less of a target.

If you intend to use a virtual private network, VPN routers are ideal. They can offer many of the same perks you get with a firewall router, plus they make it a lot easier to set up your VPN for all the devices on your Wi-Fi connection. Otherwise, you’d have to install and manage VPN software on each of your employees’ devices. VPN routers can even communicate directly with VPN routers at separate office locations, so you can keep all your offices interconnected with a minimal amount of work.

If you’re not using a VPN, don’t need antivirus protection, and don’t think your wireless network is likely to be attacked by hardcore hackers, you’re probably okay to use a basic router. In fact, if you’re the sole proprietor of your business, a basic router may offer plenty of protection—as long as it’s combined with the intrusion prevention features included within the software on your Windows or iOS computer.

Businesses that invest heavily in third-party software firewalls may also have enough protection with a basic router—even if you want all those fancy features included with advanced hardware firewalls (since most third-party software firewalls offer tons of security features in addition to basic network protection).

If you do invest in a robust third-party firewall, however, we still recommend getting a router. Hardware firewalls protect all the devices on your network, which makes it easier to update your security protocols company-wide. And there’s never any harm in adding another line of defense—especially when your company’s data is on the line.

Once you’ve figured out the right router for your needs, you can start narrowing down your software firewall options.

Software firewalls protect only the device running the software, so (depending on the software you use) they may be a bit more difficult to maintain and update for companies with more than a couple employees.

However, software firewalls use the same security protocols whether your device is connected to the office router or to public Wi-Fi, so you don’t have to worry about malicious traffic targeting an employee’s computer anytime they connect to public Wi-Fi at their local Starbucks.

In general, business owners can opt between two types of software firewalls: third-party software and the firewall software that comes pre-installed on Windows and iOS devices.

Like a security firewall router, third-party software firewalls come fully loaded with extra security features. You should consider third-party software firewalls if you want any of the following features (in addition to blocking malicious traffic):

• Antivirus software
• Anti-malware software
• Protection from ransomware attacks
• App monitoring
• Web filtering
• Intrusion detection
• Attack recognition

In addition, you should definitely consider third-party software firewalls if you use (or plan to use) a VPN service and have employees who work outside the office. Many third-party software firewalls include VPN service, so you can save a few bucks by getting a firewall + VPN combo.

Finally, third-party software firewalls often throw in bonus security features, like digital document shredding, storage for file backups, and more. So if you’re interested in fully protecting your business, a third-party software firewall may be a good choice for you.

Keep in mind that most software firewalls must be updated and maintained on each individual computer in your network. If that sounds like too much work and you want more centralized control over your company’s firewall security, you may want to look for a cloud-based software firewall.

Most people aren’t aware that Windows and iOS devices come preloaded with a basic software firewall. On Windows devices, the software is automatically enabled, so you don’t have to do anything to enjoy base-level firewall security on your device. On iOS devices, you have to enable your software firewall before it can start protecting your computer.

However, the software firewalls included with Windows and iOS systems are pretty basic, so you’ll miss out on a lot of the high-end security features included with a third-party software firewall.

You’ll also be completely dependent on Apple or Windows to update your software firewall anytime a new threat is discovered. By extension, that means you’ll also be dependent on your employees to actually download the latest updates as soon as they become available. Otherwise, you’ll have to spend extra time updating each employee's computer yourself.

That being said, the software firewalls included in most modern operating systems are usually adequate for sole proprietors or businesses with just a few employees. And if all your devices are for office use only, you can splurge on a firewall router that provides antivirus protection and other features, then use the included software firewall on your devices as an extra layer of protection for your company data.

In some cases, your business might need a security solution that goes beyond hardware firewalls and software firewalls. Here are a couple of other network security solutions that can be combined with your router and software to deliver the best possible protection for your data.

If you have more than 12 employees in your office, a single router may not be able to handle all your internet needs. In that case, you may want to use a unified threat management (UTM) solution—a cybersecurity option that combines multiple types of firewall protection and can be controlled in one central place.

There are a lot of UTMs on the market, and each UTM is a little different. But if you’re using multiple routers, you can get a hardware UTM, which acts as a portal for all your office routers. By consolidating your firewall protection in the UTM device, you can get in-depth protection from cybersecurity threats across your entire local network—without having to change the settings on each router.

While UTMs can be hardware firewalls, some UTMs are actually software firewalls. These types of UTMs are cloud-based, so you get consolidated control over your network’s security—even when employees take their devices home or use them on public Wi-Fi.

Finally, UTMs can deliver a combination of hardware and software firewalls. In this case, you’d get a physical device (like a router for your routers) that acts as a hardware firewall, plus centralized software for all your devices.

In any case, a UTM offers comprehensive security for your network, complete with antivirus software, VPN capabilities, advanced intrusion detection, and more. But UTMs can be expensive, so we recommend steering clear unless you’re coordinating security settings across hundreds of employee devices.

Does your business host websites on your own set of servers? If so, you may also need a load balancer.

Load balancers distribute incoming traffic across your servers, ensuring that no single server gets overwhelmed by traffic requests. Like a router, it’s designed to automatically discard malicious traffic that doesn’t clear its security protocols, so load balancers can actually act as a basic firewall for your external-facing servers (servers that store data you actually want people to access outside your network).

In some cases, load balancers are hardware firewalls—physical devices that protect the data on your servers from malicious incoming traffic. However, some UTMs include load balancing, so you could use a virtual load balancer to protect your network instead.

While routers do act as basic firewalls, they offer pretty limited protection. We recommend pairing your router with some form of software firewall (like those included on your Windows or iOS device).

That being said, you may want to upgrade your hardware, software, or both to include more security features (like antivirus protection, VPN capabilities, and advanced monitoring and threat assessment). In some instances, you may need to add extra security layers to your network—like a unified threat management (UTM) solution or a load balancer.

The right security solution for your business depends a lot on your company and how you intend to use your devices. But in most cases, we think your data is important enough that it merits more protection than a wireless router can provide on its own.

We've just barely skimmed the cybersecurity options available to businesses. Get the full picture with our guide to choosing the right firewall type for your company.

Disclaimer

At Business.org, our research is meant to offer general product and service recommendations. We don't guarantee that our suggestions will work best for each individual or business, so consider your unique needs when choosing products and services.