Nearly 40% of UK small and medium enterprizes (SMEs) have been hit by malware attack, yet many are still making basic mistakes that put them at risk, a study has revealed.
Some 71% of users at over 1,000 SMEs surveyed admit that they do not have IT security software on their PC at work.
Good IT security practices are also not well entrenched, the study by internet services company Eclipse found.
Three-quarters of respondents said they would be unable to spot a rogue link, 58% use the same password for every online service they use, and 46% share online passwords with family and friends.
There can be huge financial implications to SMEs that fail to get serious about IT security, says Clodagh Murphy, director of Eclipse.
"In today's uncertain economic world, it is understandable why SMEs may think twice before investing more in IT security. However, no investment at all could prove to be catastrophic to their bottom line," she says.
SMEs should work closely with their internet service providers and security providers to develop robust guidelines to ensure that employees are fully up to speed with the dangers, Murphy said.
More than half those surveyed believed that the worm Koobface is a social networking site.
Another 13% said that Koobface, an anagram of the popular social networking site it attacks, is a cartoon character from a children's TV show.
Only 30% of respondents recognised that Koobface could actually infect their computer. The worm spreads by delivering messages to people who are 'friends' of a Facebook user whose computer has already been infected.
"With more and more users logging onto Facebook at work, it is imperative that all businesses are mindful about the impact threats such as the Koobface worm could have on their day-to-day business operations," said Murphy.