I'm not sure if blocking these countries is really the way to go ... for that manner why not block Iran, Turkey, Brazil, Argentine, Romania, Ukrain, etc etc
You will not stop DDoS attacks, you will not be safe of phishing and they'd still need AV/SG
Try blocking known bogon's for a start and implement good webfiltering, email-scanning and firewall rules. For SOHO's I really like Zeroshell running on a Soekris (I am not affiliated with one of these companies)
Have them setup an OpenVPN appliance on an old PC. Port forward the appropriate ports from the router to the appliance, and have a secure VPN.
http://openvpn.net/index.php/access-server/download-openvpn-as-vm.html