"Organizations need to be asking those questions," he said.
Jody Brazil, chief technology officer of FireMon, believes the vast majority of the sites found by Errata was likely small and not used by too many enterprises.
However, companies should educate users about the dangers of unpatched sites and remind them not to use the username and password for accessing the corporate network on other sites.
"You can't enforce what they do outside the company, but you can at least educate them on what the impact is," Brazil said. "End user education is always a good recommendation."
Sign up for Computerworld eNewsletters.