By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
The survey of more than 1,200 small businesses found that 57% had suffered damage from virus attacks, and 50% of those attributed their problems to misuse of IT equipment by staff.
Businesses said staff downloading non-work-related applications, opening infected e-mails and deactivating security software posed the main risks to security.
Although 75% of companies had polices against downloading non-work-related material, 66% believed that staff had done so in breach of policy.
The most popular downloads were audio and video files, cited by 66% of firms, software (56%), instant messaging applications (52%) and peer-to-peer software (31%).
The practice places companies at risk from viruses which exploit peer-to-peer software and instant messaging to spread.
"Downloading software from the internet is a cardinal security sin for any user," said Sal Viveros, small business director at anti-virus supplier McAfee.
"The rules are simple and should be strongly enforced by the IT department - if it is not work-related, it shouldn't be on your PC."
The survey found that 75% of firms regarded viruses as the biggest threat to their business, although 8% identified data theft and 7% cited hacking as risks.
The majority of respondents had anti-virus and firewall systems in place on servers, desktops and gateways. Less than 25% had systems to stop hackers, and less than 50% used anti-spam filters.