Many times when working with new SMB's and reviewing their network infrastructure, we will ask "Do you have a firewall" and sometimes the answer is "I don’t think so” “Do I need one”. After investigating, we see the router, and then the discussion begins, ISP Router firewall, software firewall and hardware firewall capabilities..
It's important to use at least one type of a firewall , whether hardware, software or a combination of both. Firewalls are important components that help protect the organization from unauthorized access to its systems. There are other security measures, like anti-virus software, encryption and intrusion detection/prevention systems, that help combat a variety of threats.
However, a firewall is the “first line of defense” because it can be used to secure access to the network and to stop malicious attacks. A firewall that is designed and operated with security in mind will help prevent attacks from occurring by restricting certain types of traffic that could result in unauthorized access.
Simply, a firewall (selective) allows traffic based on selected criteria such as source or destination IP addresses, for instance. A firewall (non-selective) denies all traffic not in the log of approved applications.
So to answer the question: Yes, as a best practice for network security and data protection a firewall is recommend for all SMBs.
With cyberattacks and data breaches increasing at an alarming rate, without firewall security, it will leave your business vulnerable to a cyberattack.