The security research company, which is best known for uncovering bugs in operating systems and network software, said that despite the risk of computer fraud, many corporate computer users leave passwords on paper notes, fail to change passwords from the default, and incorrectly configure hardware.
Other security no-brainers include encrypting data but leaving it on a machine in an unencrypted format or locking it with a blank password and failing to change system passwords during updates. The survey also discovered that some companies connect servers directly to the Internet, bypassing router firewalls.
The research shows that springing for the most costly security products can be a waste of money, according to Royal Hansen, practice director for @stake Europe.
"Expensive and elaborate security measures are often completely undone by a company's failure to enforce even the most simple precautions, opening up the entire corporate infrastructure to malicious attack," Hansen said.
Another survey, conducted recently by KPMG, adds weight to the suggestion that the greatest threat to company data comes from within. KPMG found that the majority of computer fraud is committed by employees trying to get inside information.
Staff writer Will Knight reported from London.