Employers risk losing valuable commercial and customer data if they do not train their staff on the dangers associated with working online, the TUC has claimed.
The union body's warning followed this week's publication of the 2008 Get Safe Online Report, which revealed that an astonishing 66% of internet users keep the same password for multiple websites.
Nearly a quarter had posted confidential or personal information online, while 17% had opened e-mail attachments from an unknown source, putting themselves at risk from viruses or other malicious software.
The TUC has teamed up with data security body GetSafeOnline.org and the Department for Innovation, Universities and Skills to produce an online toolkit for staff.
Not safe for Work? provides advice on malicious software, computer rights at work, online privacy, and identity theft - where criminals can break passwords and steal valuable personal and company data.
TUC general secretary Brendan Barber said: "Employers must make sure that staff are aware of the dangers associated with working online. Without training, staff may well find themselves the weakest link in the security chain, without ever knowing what they are doing wrong."
Minister for skills Lord Young warned that while social networking, instant messaging and file sharing offered tremendous potential, they also raised challenges concerning data, identity theft and corporate reputation.
"I invite employers to encourage their staff to use this new tool from the TUC and Get Safe Online, as well as looking at their policies and training to see what more they can do," he said.