USB device protection under Windows is pretty limited. Basically, you can only enable or disable USB on a system. Since USB is the default peripheral connection for Windows, this is extremely limiting. However, third-party software such as Sophos, Devicelock or Promisec removes this restriction by offering policy-based management for USB devices.

2. Peer-to-Peer File Sharing
Although unauthorized peer-to-peer (P2P) file-sharing programs are often forbidden by company policy, 4 percent of the surveyed computers had such applications installed. This problem is getting worse. Not only are more peer-to-peer networks making their way onto corporate networks, but computer criminals have started using them to compromise and take over computers wholesale.

According to security software company Prolexic, P2P networks are now being used to launch distributed denial-of-service attacks against corporate websites. The company says it has seen a kind of P2P-based DDoS attack called dc++ involving as many as 300,000 compromised computers.

Unauthorized P2P software can be a major path for information leaks. So much so that a website called See What You Share has been set up just to show off the kind of information leaking out of the government by file sharing—included classified documents.

Of course, P2P file sharing is also one of the primary methods of illegally distributing copyrighted material—which can be both expensive and embarrassing if the lawyers from the RIAA come calling.

3. Antivirus Problems
About 1.2 percent of the computers in the Promisec survey had problems with their antivirus software, usually in the form of out-of-date signature files.

With the major antivirus vendors releasing between 1,200 and 2,400 updates per week (a more accurate figure than the number of new viruses, even though the numbers of viruses and updates don’t match), it’s important to keep protection current. This is particularly true because one infection strategy used by malware authors is to infect as many computers as possible in the shortest possible time before the protectors can respond. For example, on July 19, 2001, the Code Red worm infected 359,000 computers in 14 hours.

Ironically, Code Red attacked a vulnerability in Windows that had been patched more than two years earlier.

4. Outdated Microsoft Service Packs
Running Windows without the latest updates is another major problem. About 1.5 percent of the surveyed computers had failed to update the operating system to the most current service pack.

Keeping your software current is Basic Security 101 and every company tries to do it, most commonly by doing automatic updates.

However, it’s a big job to cover every desktop in the company, not to mention the laptops, PDAs and cell phones that connect to the network. Stuff slips through the cracks, and again, it takes only one endpoint with a known security flaw to compromise the entire network.