(FORTUNE Small Business) – It's an all-too-typical morning in some small business. The company's accounting files are gone from the computer network, having been replaced by pornographic images. How can that happen? There are adolescent boys around the world with enough tech savvy and time on their hands to wreak this kind of havoc and worse.

Taking the necessary steps to safeguard your computers starts with installing a firewall. Its job is to sit between your company's computers and the Internet, watching everything that goes out and comes in, looking for evidence of untoward behavior, and if necessary locking down access to protect the network.

It sounds easy, but picking the right firewall involves sorting among competing hardware, software, and services; firewalls that are bundled with additional security features such as antivirus protection; prices that vary from nothing to several thousand dollars; and people who will tell you that, as with insurance, you can never have too much coverage. You'll need to sit down with a security expert to assess your particular needs, but I looked at the options for one- to 100-employee businesses to give you a head start.

Personal firewalls are a good solution for the smallest businesses, but not for anyone else. Software like ZoneLabs' ZoneAlarm Pro ($39.95; www.zonealarm.com) protects only the PC that it's on. To blanket a network, you would need to run the program on every PC that's on it. Factor in the hassle of updates and the performance hit, and a personal firewall isn't very practical.

The hardware firewalls for businesses with fewer than, say, 16 employees, such as the Linksys BEFSR41 Router (street price $90; www.linksys.com), provide network-level protection, but they are designed primarily to let PCs share a Net connection. They protect by trying to hide PCs from the outside world rather than by actively examining network traffic; sadly, hackers often win that game of hide-and-seek.

The sweet spot for most businesses will be in the next level of products. They represent a significant move up in complexity and price, but the payoff is greater effectiveness. They perform what's known as stateful packet inspection, intercepting data and analyzing them in context to determine that they're safe, which is more rigorous than the methods I've covered thus far.

These products are more complex than their predecessors because they often include extras such as network antivirus protection. Hardware "appliances" such as Symantec's Model 200R ($1,199; www.symantec.com) are less daunting but also less capable than their comparable software firewalls, such as WinProxy by Ositis Software ($199.95 for ten users; www.ositis.com). These products are best for companies of up to 40 people, but they can serve larger ones with additional boxes or licenses.

Higher-end choices from vendors like CheckPoint and Cisco abound--but only if security is drop-dead fundamental to your business, you have full-time IT help, and you're ready to spend thousands of dollars.

If you feel like lying down for a bit right about now, see if a local Internet service provider (ISP) offers firewall protection, which is emerging as an optional service. For a monthly fee, the ISP will either screen all communications before they get to your PCs or install a firewall locally and manage it remotely. One example is BTINet (accessible to any Qwest customer), which offers firewall services starting at $24.95 a month. You lose some hands-on control this way, but the provider manages the firewall for you.

Whatever your company's size or solution, be sure to get automatic updating. A firewall isn't a drop-it-in-and-forget-it product: Today's latest security measure will have a hack for it not long from now, and then a patch for that hack soon after that. Factor in continuing subscription costs when figuring the total cost of the product you choose.

Face it: You have to pick a firewall. You wouldn't tell yourself that you don't need fire extinguishers just because your walls aren't aflame right now. Computer security is even more important because there are so many firebugs looking to get their jollies at your expense. A good firewall tells those jerks to go bother someone else.