Nine out of ten work PCs fail on basic security

Ninety percent of corporate PCs are a security risk because they are not fully patched, or do not have basic security such as anti-virus software and firewalls properly installed.

That’s the rather staggering revelation made by the results from Sophos’s free Endpoint Assessment Test*, which has scanned Windows computers on thousands of different business networks over the last year.

There are lots of interesting stats that have come from companies running the test, but here are just a couple I think are worthy of mention.

Here are the statistics which reveal that the most common missing patch on Windows computers is an operating system vulnerability fix, followed by patches for Microsoft Office:

Note that end users can be missing patches from one of more categories, and that the test was only run on Windows computers.

Companies scanning their computers with our free utility have also found that although anti-virus software and firewalls are being used, an alarming percentage are either not enabled or not updating properly:

Results like this are pretty chilling, and underline the importance of proper patch management and ensuring that all of your computers are compliant with your security policy.

by Graham Cluley, Sophos