A new report from Duo Labs found a significant gap in basic security hygiene on laptops, desktops, tablets and phones, according to a CSO report.
The report examined two million devices, all of them running Duo's two-factor authentication application.
In particular, Flash, Java and Internet Explorer were common areas of weakness.
Companies that deploy mobile devices to their employees, or that have a BYOD policy in place, should ensure that those devices are running the latest versions of software available. Organizations should also ensure that employees follow basic security protection policies to help protect both the devices and the organization overall.
Duo found that a majority of the devices that had Flash or Java installed were running out of date versions, and therefore missing critical security patches. Unpatched vulnerabilities are often a target for cybercriminals, and a key way they can spread ransomware to organizations.
"Our data indicates a high rate of out-of-date and vulnerable endpoints that can expose your company’s apps and data to malware, credential theft, and a potential data breach," the report states.
Internet Explorer also proved to be a common area of weakness. Duo Labs found that 25% of the devices they tested were running outdated versions of IE.