The survey of more than 1,200 small businesses found that 57% had suffered damage from virus attacks, and 50% of those attributed their problems to misuse of IT equipment by staff.
Businesses said staff downloading non-work-related applications, opening infected e-mails and deactivating security software posed the main risks to security.
Although 75% of companies had polices against downloading non-work-related material, 66% believed that staff had done so in breach of policy.
The most popular downloads were audio and video files, cited by 66% of firms, software (56%), instant messaging applications (52%) and peer-to-peer software (31%).
The practice places companies at risk from viruses which exploit peer-to-peer software and instant messaging to spread.
"Downloading software from the internet is a cardinal security sin for any user," said Sal Viveros, small business director at anti-virus supplier McAfee.
"The rules are simple and should be strongly enforced by the IT department - if it is not work-related, it shouldn't be on your PC."
The survey found that 75% of firms regarded viruses as the biggest threat to their business, although 8% identified data theft and 7% cited hacking as risks.
The majority of respondents had anti-virus and firewall systems in place on servers, desktops and gateways. Less than 25% had systems to stop hackers, and less than 50% used anti-spam filters.
Email Alerts
Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
