According to a recent survey conducted by UK-based security consultancy PanSec, more than 90% of all company PCs are infected with so-called "spyware". This is the term given to software that gets installed without the user's permission and which covertly gathers and transmits data about the usage of the machine.
A report by IT market analysts The Aberdeen Group claims that there are more than 7,000 spyware programs in existence right now, running on millions of corporate and personal computers.
No computer that's linked to the Internet is immune. A spyware program isn't technically a virus so most antivirus scanners don't attempt to stop it. And spyware doesn't exploit bugs in Windows, so installing all the latest Microsoft security patches can't prevent it either.
Spyware gets into a PC by being bundled with legitimate products. If you download and install any of the best-known file sharing applications, for example, you have no choice but to accept the spyware that it also installs and through which the free services are often funded.
Once installed, spyware starts monitoring the way that the computer is used and feeding back the information to the Website operators who sponsored the program's distribution. The site operators want to understand precisely how a visitor travels through their site, and which menu options he or she clicks on. They want to know which other sites are visited, for how long, at what time of day, and which types of adverts get clicked. They want to know which applications are installed on the victim's computer, and where he or she is based (which can be gathered from the user's email address or the phone number programmed into the modem).
The spyware distributors then use all this information to present your staff with adverts for products that they hope you're most likely to buy. And the database of usage statistics also gets sold to other marketing companies and spammers.
But does spyware really matter? What does it matter if everyone knows the intimate details of your staff's surfing or shopping habits? Not only is it an invasion of privacy, it can also be a security risk. Do you really want a collection of large marketing organisations to know everything your employees use the Internet for? For example, if staff are researching new products or sending emails to potential clients, is it really acceptable for details of such activity to be disclosed to all and sundry?
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.