Focus Technology
Success Stories
Contact Us
Team ViewerRemote Support

Your First Firewall: Building a Cyber-Aware Culture with your team

focus technology the digital roast podcast

Cybersecurity doesn’t have to be complicated or intimidating — this episode shows how small, consistent actions (and the right mindset) can make a big difference. Brendon and Rohan unpack what it takes to roll out your first firewall and build a cyber-aware culture that actually sticks.

Introduction

Across New Zealand, small and medium-sized businesses are becoming prime targets for cyberattacks. According to CERT NZ, over 70% of incidents reported in 2024 came from businesses with fewer than 50 staff — and most started with something as simple as a phishing email or an exposed port.

As Rohan puts it:

“A firewall is only as strong as the people behind it. Technology helps, but culture is what keeps you safe day-to-day.”

In this episode, Focus CEO Brendon McDermott sits down with Rohan Anderson, Service Delivery Manager at Focus, to talk through first-firewall fundamentals, how to make it work for your team, and the importance of embedding security into everyday habits.

What Your First “Modern” Firewall Should Do

Rohan shares what every SMB should look for when upgrading from a basic router:

  • Web filtering & safe browsing: stop malicious domains before they reach your inbox.
  • Geo-blocking & threat intelligence: block traffic from high-risk regions automatically.
  • Intrusion prevention (IPS/IDS): detect known exploits before they do harm.
  • Identity-based rules: control access by user role, not just IP.
  • Cloud-managed dashboards: give small teams enterprise-level visibility.

“Your first firewall shouldn’t just block traffic — it should teach you what’s happening in your network.” — Rohan Anderson

Why Culture Matters as Much as Configuration

Many SMBs set up their first firewall, then forget about it. That’s where risk creeps in.

Rohan explains that building a cyber-aware culture starts with involving people early and often:

  • Governance for small teams: decide who approves, who documents, and who reviews.
  • Temporary exceptions with expiry: allow short-term access, but make it time-bound.
  • Explain the “why”: customise block pages so staff understand, not resist.
  • Weekly five-minute reviews: one habit that reduces 80% of recurring issues.

“If people see security as friction, they’ll work around it. If they see it as protection, they’ll work with it.”

Simple Steps to Get It Right (Without Breaking the Bank)

Cybersecurity doesn’t have to blow the budget. Rohan highlights a few high-impact, low-cost wins:

  • Turn on the big four: IPS, web filtering, geo-blocking, and MFA for admins.
  • Define “good traffic” early: policy before product.
  • Back up configs: and test restoring them once a quarter.
  • Tune alerts: focus only on what matters — failed logins, rule changes, and new devices.

“Spend 10 minutes a week on prevention and you’ll save 10 hours recovering later.” — Rohan Anderson

AI: Double-Edged, But Manageable

AI is making cyber threats smarter and faster — but it’s also giving defenders better tools.

Recent industry reports show AI-powered phishing has increased 35% year-on-year, yet AI-assisted detection tools are catching attacks 60% faster than before.

Rohan reminds listeners:

“AI isn’t the enemy — it’s the multiplier. Use it to automate your defence, not just react to attacks.”

Why Focus Starts with a Cyber Assessment

A Cyber Assessment helps identify hidden weak points, benchmark against best practices, and prioritise your next moves.

“Think of it as an annual warrant of fitness for your digital systems.” — Rohan Anderson

Final Thoughts

  • People + policy first: technology works best when the culture backs it.
  • Enable the essentials: IPS, web filtering, geo-blocking, and admin MFA.
  • Temporary access only: document and expire exceptions.
  • Small governance beats chaos: keep a simple change log.
  • Train through friction: turn block messages into learning moments.
  • AI is here to help — if you use it right.
  • Start with assessment: awareness before investment.

own your online

You can also visit Online security assessment tool – Own Your Online and explore useful tools for businesses to identify risks, improve cyber practices, and strengthen their overall digital safety.

References:

Cyber Security – Focus Technology

Welcome to the National Cyber Security Centre

Own Your Online – Own Your Online

Needing help on your business’ cyber needs?

Get in touch with us— we provide Cyber Security training, assessment and products to help any businesses across Invercargill, Gore, Dunedin, Timaru, Christchurch, Queenstown, and Wanaka.