Also problematic, per TrustWave: 71 percent of users surveyed said they have managed to sneak a peek at a coworker's or stranger's machine while he or she is away from it. One in three employees said they stay logged on to the network when they step away from their PCs. Again, that poses a clear security risk, especially at organizations in which IT fails to limit users' access rights.
Users are also suckers when it comes to plugging wayward USB sticks into their machines. TrustWave found that 60 percent of users who find one in a parking lot will plug it into their machines. The number increases to 90 percent when the stick has the company logo on it. The danger here: USB sticks can come loaded with malware. (Per the study, 35 percent of users have experienced a virus infection via a USB stick.) Employees need to learn that connecting any device -- even a mouse -- to a machine is a potential threat - particularly if IT neglects to set user machines not to auto-run contents of peripherals.
Users are also prone to falling for increasingly sophisticated phishing attacks, according to TrustWave. The company found that 27 percent of organizations have top executive and privileged users who have fallen for such scams. Education goes a long way here; users trained in avoiding phishing and scam emails fell for them 42 percent less often than those without training, according to the study.
Fifth on TrustWave's list: 70 percent of users said that they do not password-protect their mobile devices. Further, 89 percent of people who find a lost mobile device rummage through its contents. Those findings are particularly striking in this BYOD era, where employees use their smartphones for both work and personal purposes -- not always with IT's blessing.
At number six, only 18 percent of users use a VPN tool when connecting to a public Wi-Fi hotspot. Not using a VPN is a fine way to expose one's machine to any number of attacks, such as fake software updates.
Finally, TrustWave found that users tend to ignore company policies about using social networks: 67 percent of young workers said they think corporate social-media policies are outdated, and 70 percent of users said they regularly ignore IT policies. The impact: Just over half of enterprises said they have seen an increase in malware infections due to employees' use of social media.
This story, "Leaked Apple IDs expose holes in corporate information security," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.