Nine out of ten work PCs fail on basic security

Filed Under: Malware, Vulnerability

Ninety percent of corporate PCs are a security risk because they are not fully patched, or do not have basic security such as anti-virus software and firewalls properly installed.

That's the rather staggering revelation made by the results from Sophos's free Endpoint Assessment Test*, which has scanned Windows computers on thousands of different business networks over the last year.

There are lots of interesting stats that have come from companies running the test, but here are just a couple I think are worthy of mention.

Here are the statistics which reveal that the most common missing patch on Windows computers is an operating system vulnerability fix, followed by patches for Microsoft Office:

Percentages of Windows computers missing different types of patches

Note that end users can be missing patches from one of more categories, and that the test was only run on Windows computers.

Companies scanning their computers with our free utility have also found that although anti-virus software and firewalls are being used, an alarming percentage are either not enabled or not updating properly:

Do you have an anti-virus and firewall - and are they enabled and up-to-date?

Results like this are pretty chilling, and underline the importance of proper patch management and ensuring that all of your computers are compliant with your security policy.

I managed to get my paws on this data today, because Sophos is officially launching Sophos Security and Data Protection. Check out the corporate propaganda and try a free evaluation if you like..

* Endpoint is a rather poncy word that marketroids use for "computer" by the way. I don't know why they think it's cooler to use a word that most people would never use in regular conversation ("Hang on, I'm just booting up my endpoint"), but for some reason they do. Bless them.

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.