Businesses need to establish clear guidelines and boundaries around the use of work devices and networks, Moore said.
"As an employee, if your employer has provided a device for business use, it should be treated strictly as a business device. You should read, understand and follow your organisation's acceptable use policy."
Last week it was reported that those who visit PornHub may be exposed to the Kotver malware, which generates revenue by clicking on ads in the background, with users left oblivious.
New Zealand's computer emergency response team - known as CERT - has received no reports of New Zealanders being affected and says anyone worried about it should run an antivirus scan.
Microsoft New Zealand's national technology officer Russell Craig said the PornHub malware brings public attention to the risks associated with visiting any website on either a work or personal device.
If companies allow staff to use work devices for personal matters, Craig said they're potentially exposed to embarrassment through an attack.
"So your reputation may suffer," he said.
"But this type of risk could come from any website your staff may access or any online application or service," he said.
"My advice to an organisation is: first and foremost you need a policy telling your staff what is okay and what is not because ultimately you need some sanctions for behaviour which you're not comfortable with. That's not going to extinguish your risk so you really need to be thinking about what technical measures you need to be implementing to reduce or eliminate the risk of your organisation being attacked through the devices your staff are using and the way they're using them," he said.
Craig said companies could also blacklist certain websites they think might pose a high risk or, at the more sophisticated end of the spectrum, set up technology that separates personal use on devices from those associated with the business.
