As a consultant, I store a lot of sensitive data about my clients.

From website passwords to confidential business documents, my desktop computers and laptops contain data that could be damaging to my clients if it got in the hands of the wrong people.

Because of this, I do my best to protect my clients' data (as well as my own). Unfortunately, I know a lot of consultants who don't.

If you store any sensitive data about your clients, customers or employer, you might find a list of some of the security software and hardware products I use to be of value.

You may not see the need to be as protective as I am, but if you don't at the very least have solid anti-virus, anti-spyware/anti-malware and firewall software, you're needlessly putting your data at risk and the consequences of that can be quite serious.


  • Kaspersky Anti-Virus. After trying McAfee, Symantec and just about every other popular anti-virus software package, I finally settled on Kaspersky. It's powerful, and I've found that its resource utilization is about as reasonable as one can expect from a full-featured anti-virus solution.
  • Outpost Firewall Pro. Although ZoneAlarm is popular, I swear by Outpost Firewall Pro and it has won praise from other reviewers.
  • AdAware Free. I've been using AdAware since shortly after it was released, and if you're looking for a free anti-spyware program, this is a good choice.
  • CounterSpy. If you have an extra $20, CounterSpy is a great investment in my opinion. Numerous times it has caught malware AdAware Free missed.
  • TrueCrypt. This open-source software enables you to encrypt entire partitions and storage devices transparently. It's a powerful solution for keeping your most sensitive data secure.
  • Eraser. When I need to delete confidential documents, I rely on this free program. It provides the ability to delete files using a variety of sophisticated methods, including the method recommended by the US Department of Defense.
  • Maxtor BlackArmor. When I'm traveling, I take a laptop with me that contains limited sensitive information on the internal hard drive and take a 320GB Maxtor BlackArmor external hard drive that stores any sensitive information I might need. The Maxtor BlackArmor has hardware-based full-disk encryption and requires a password to work.
  • Netgear WGT624 wireless router. When I decided to set up a wireless network for my home office, security was a big consideration. The Netgear WGT624 wireless router offers two firewalls (NAT and SPI) and some advanced security features, and I've been satisfied with it.
  • Verifi Fingertouch Security Professional. I like the idea that if somebody wants to easily access my computers, they'll have to chop off my hand. While the Lenovo laptop I use for travel has a built in fingerprint reader, for my two Windows XP desktops, I purchased Verifi Fingertouch systems. Overkill? Maybe. But I like the peace of mind that comes with knowing that an extra layer of biometric security has been added to my "setup."

Published 25 July, 2008 by Patrick Oak

82 more posts from this author

You might be interested in

Comments (4)


Colin Watson

That's a really good list of resources that will help e-consultancy readers. Organisations (e.g. your clients) need to be aware of the risks they are taking when handling over any type of data to third parties and whether it is permissible (by referencing policies, regulations and intended use of data). Most of your examples, refer to data at rest - but data in transit also needs to be considered. For example:

- sending/receiving email securely
- transfers of electronic files and backups
- posting paper and other media
- transmission of authentication credentials

If I can suggest one item that's missing here, I'd say a good-quality paper shredder. Data security doesn't just mean protecting electronic data and a loss of printed copies can have exactly the same consequences as loss of digital data. Some people will go to great lengths to protect their laptops, but treat a file of paper with much less care. In the US, where there are security breach notification requirements, some states require notification in the event of both electronic and non-electronic breaches (e.g. personal data in rubbish bins).

Some data you mention would be particularly embarrassing if they were lost and used by others. Website passwords is an interesting one. If these are for administrative (e.g. content management) areas, these could allow defacement, alteration or loss of data. Access details may be given to staff, contractors, consultants, agencies, temporary staff and parties which any of these deal with. Therefore, it is important to track who has access, monitor this, enforce password expiry and ensure that accounts are closed when they are no longer needed for business use. For example, does the designer still need access to the server after the website has been configured, tested and launched? With all access controls, ensure that every user has a unique ID (i.e. user name) so that in the event of a problem, the account can be identified and the suspended. If the password relates to wider access to the server (e.g. desktop or file system access), the use of user names/passwords alone is really not sufficient, and if they involve FTP alone, where the credentials are sent in clear text, it is really only a matter of time before these become compromised.

about 10 years ago


Google Adwords Basics

I get the point of your post and while I understand that there are some problems with MAcafee, I am a true fan of Norton. I just wondered what your thoughts on Norton are


about 10 years ago


Patrick Oak, Blogger at Econsultancy


Thanks for your comment. I will dedicate some future posts to these topics (i.e. SFTP vs. FTP).


I've used Norton, McAfee, etc. They're satisfactory products in my opinion but the reason I chose Kaspersky is that I noticed lower resource usage with it that with Norton and McAfee, which I personally believe have become "bloated" over the years.

My advice is to test out a few different software packages when your Norton subscription expires and see which program you like best.

about 10 years ago


Werner Blessing

I agree to the other comments: NICE SELECTION

Just, the fingerprint biometrics is the easiest to be faked. Berlin "Chaos Computer Club" have shown on television which methods work and have put the fingerprint of the German Minister of Interior on the Internet. Also the finger is not safe of replay attack on internet use.

I would not speak so, if there were no better solutions and if I may, I quote our principle of taking four biometrics simultaneously (face, voice, lip movement and word recognition) by asking four randomized figures (otp - one time password).

So, by asking i.e. four figures, 16 authentication procedures are running, video and audio is captured by every simple webcam (low cost) and it is very easy to use. Get the figures displayed on the screen and speak them :-).

For further details: or or just read the following below:

Best wishes


Communication Biometrics or ComBiom is a revolutionary multimodal and simultaneous biometric Authentication device with Random Challenge Response, otp – one time password. A very strong Verification method secures logical access (IT Access, direct, on VPN or Internet). “Combiom” combines the biometric facial recognition with the voice recognition, the lips motion plus the
word recognition With an IT - login to the PC, server or an Internet platform, all 4 authentications simultaneously. The user gets 4 random digits on the screen and speaks them. Camera and microphone (Webcam) to register video and audio, software creates small files for each digit, which contains the 4 Authentication processes. These small files will be compared with the reference files for all digits from 1, 2, 3, to 0. The comparing process will be verified to a
trust level. If the new files match the reference files, the user will receive the access permission and if not, then NO access. The process is very safe (4 digits and 4 verification processes simultaneously makes 16 authentication process); very user-friendly = FreeHaM (free hands and memory), and with cheaper hardware (just camera and microphone) which are in handheld and laptop alreadyintegrated.

Another product which is a development of ComBiom is BiTCo or Biometric
Transaction Confirmation. BiTCo is software secures logical access (IT Access)
and very useful for e-banking. it cuts out cyber crime, including modification Trojans, by fixing the transaction data with this four factor biometric verification of ComBiom. The main features are very high security, very simple application and yet a low cost hardware.

Last not least this process can be used on mobile phones; MobiComBiom (Mobile Communication Biometrics) On achieved authentication, a 2D barcode is send to the mobile phone which can be used at the POS (point of sales) for payment. In addition the principle of "trust level" gives maximum payment shortly after successful MobiComBiom Authentication. Some time later the trust level and sum of money available decreases to cut out the risk of theft and loss of the mobile phone. With each phone call the voice is again analized and when correct would increase the trust level again.

The products PermaFace and PermaVoice allow individual use of those biometrics, so in total we dispose of an approach of: "ALL IN ONE". One software, one set of templates per user and many different applications.

almost 10 years ago

Save or Cancel

Enjoying this article?

Get more just like this, delivered to your inbox.

Keep up to date with the latest analysis, inspiration and learning from the Econsultancy blog with our free Digital Pulse newsletter. You will receive a hand-picked digest of the latest and greatest articles, as well as snippets of new market data, best practice guides and trends research.