By Jose Pagliery @Jose_Pagliery November

A surprising number of IT professionals say
they have to clean up corporate devices
infected by executives who went to porn
sites.
NEW YORK (CNNMoney)
Want to stop nasty worms from
spreading on corporate networks? It
would help if bosses stopped going to
porn sites.
According to a recent survey by software
firm ThreatTrack Security, 40% of tech
support employees admit they've had to
clean an executive's corporate device after
the boss visited an infected porn website.
The survey, conducted in October, shows
that while it's generally gotten easier for
companies to defend themselves from
outside attacks, bosses' bad habits make it
difficult to keep up. Here are some other
mistakes executives make:
56% got malware from clicking on a bad
link or getting duped by a fake
"phishing" email.
47% attached an infected device, like a
thumb drive or smartphone, to their PC.
45% got a virus when they let a family
member use a company computer.
33% installed a malicious app on their
company device.
Related: Google's dreaded blacklist
Part of the problem is that employees are
less cautious with their iPhones and Android
smartphones than they are with their office
computers, said Dipto Chakravarty, an
engineering and products executive at
ThreatTrack. But the risk is the same,
because the devices are connected to a
company's network.
The problem seems to be getting worse now
that many companies have adopted the
"bring your own device" approach, allowing
workers to connect to company networks
with their personal devices.
Currently, 36% of companies have a BYOD
policy, according to networking giant Cisco
( CSCO , Fortune 500 ) and the British
telecom BT ( BT ).
Companies quiet about hacks: The study
also found that 57% of IT analysts say
they've confronted a data breach that the
company decided to keep secret from
customers, partners or shareholders.
Smaller corporations are the least likely to
hide that they've been hacked. Those
spending less than $500,000 a year on IT
security kept quiet less than 30% of the
time. Mid-sized companies were most likely
to keep things under wraps. Companies with
budgets between $500,000 and $10 million
remained mute about 76% of breaches.
The scary reality of hacking infrastructure
But the largest companies -- those spending
more than $10 million annually on tech
security -- stayed silent on just 37.5% of
cases.
Chakravarty said it's understandable why
some companies try to avoid the scrutiny
that would come from admitting they've
been hacked.
"It's not in the company's interest to admit
there's a data breach," Chakravarty said,
adding that the time and money spent to
combat the problem will be "astronomically
high."
Companies are worried about losing their
customers' trust as well. If a business
admits it has been hacked, consumers
might worry about the firm's ability to keep
their credit cards or passwords protected --
and take their business elsewhere.
But it looks like many of these data
breaches could be avoided if executives just
didn't do stupid things like viewing porns.