"While many believe that simply installing a firewall provides adequate protection to the organisation's information, this is by far not the be-all and end-all of a security solution," she warns.

Certainly, a firewall provides some protection from unauthorised intruders like hackers and is thus always recommended from the start. But simply deploying a firewall does not protect the network. The device or software must be implemented and maintained according to the SME's security policies, which are developed specifically by each company to meet its unique requirements.

"The policies established on the firewall software or device determine the level of protection afforded to the network, and indeed, whether or not the firewall will serve its purpose at all. Correct configuration of the required policies and metrics is essential," she states.

A traditional firewall protects a private network from intrusion by unauthorised users. More modern firewalls incorporate an operating system that contains additional security software. This protects a network from a variety of potential security threats, and includes anti-virus software, to detect suspicious, unauthorised traffic.

The firewall, in particular, should be configured to be as secure as possible, but it must still be functional. Its settings cannot be so stringent that it prevents anything, such as business e-mails, getting through. Relying on standard factory settings to protect valuable data is also unwise. A balance must be struck.

Silva explains that the successful deployment of a firewall begins with a security audit and vulnerability assessment to determine the risks faced by the company requiring protection. This is an exercise that must be specific to each business, taking into account the nature of the business, the nature of its data and the nature of access by its employees, partners and customers. Based on the results of such an audit, appropriate policies can be determined and embedded into the policies of the firewall.

"But that's not where security ends. Ensuring the security of any network is a dynamic process. It demands constant updating of security patches and fixes - in addition to implementing a reliable and secure firewall and anti-virus solution," she stresses.

Silva notes that despite the utilisation of anti-virus software, organisations continue to be hit by viruses like Nimda and Code Red, as well as the more recent Slammer virus.

"Users must be more vigilant when opening documents, especially attachments in e-mail. They must also ensure that their anti-virus software definitions and operating system security patches are updated. Most software offerings will either automatically update the necessary fixes or will alert the user that updates are available for download," she says.

"In addition, content and Web filtering systems are important as they can prevent company employees from deliberately or inadvertently sending business-critical information out into the world. They also monitor traffic coming into the organisation. Only information required for business operations should be allowed to traverse the network. This also reduces the risk of a hacker attack. A firewall may not be enough.

"Companies should also ensure that individual employees change their passwords on a regular basis and use least eight or more characters for these passwords," she adds.