Risks to business from staff accessing PornHub on work devices

Millions of visitors to PornHub risk exposure to malware and Kiwi bosses will be hoping none of their staff inadvertently infected their company network by visiting the adult website on their work phone or laptop.

As digital devices blur the lines between workers' office and home lives, businesses increasingly run the risk of company devices being used for activities which they don't condone or want to be associated with.

The Daily Mail is reporting that those who visit PornHub may be exposed to the Kotver malware, which generates revenue by clicking on ads in the background, with users left oblivious.

New Zealand's computer emergency response team - known as CERT - has received no reports of New Zealanders being affected and says anyone worried about it should run an antivirus scan.

Microsoft New Zealand's national technology officer Russell Craig says the PornHub malware brings public attention to the risks associated with visiting any website on either a work or personal device.

If companies allow staff to use work devices for personal matters, Craig said they're potentially exposed to embarrassment through source of an attack.

"So your reputation may suffer," he said.

"But this type of risk could come from any website your staff may access or any online application or service," he said.

"My advice to an organisation is: first and foremost you need a policy telling your staff what is okay and what is not because ultimately you need some sanctions for behaviour which you're not comfortable with. That's not going to extinguish your risk so you really need to be thinking about what technical measures you need to be implementing to reduce or eliminate the risk of your organisation being attacked through the devices your staff are using and the way they're using them," he said.

Craig said companies could also blacklist certain websites they think might pose a high risk or, at the more sophisticated end of the spectrum, set up technology that separates personal use on devices from those associated with the business.