Poor online behavior by users of social networking sites could open the door for malware and identity theft, both at home and on the job, a new study reveals.

The joint study, published Wednesday by CA and the National Cyber Security Alliance (NCSA), showed that although 57 percent of people who use these sites - the most popular are MySpace, Facebook and Friendster - many worry about becoming cybercrime victims, and 74 percent admitted to revealing personal information, such as their name, date of birth or email address.

And of the 2,163 adults who responded to the study, meant to coincide with National Cyber Security Awareness Month, 83 percent downloaded untrusted or unknown files from other people's profile pages, thereby making their PCs susceptible to attacks, such as spyware and viruses.

Another 57 percent who have social networking accounts said they have received phishing emails, asking users to download a file or confirm personal details, such as account numbers. Of those recipients, almost one-third responded to the unsolicited emails.

Even though a small number - 2 percent - are willing to reveal their Social Security numbers, doing so could be a cyberthief's ticket to identity theft, especially if they are combined with birthdays or names, said Ron Teixeira, NCSA's executive director.

Enterprises should be cautious, the study found, as 46 percent of social networking users surf the sites while at work, potentially opening businesses up to attacks.

Sam Curry, vice president of eTrust Security Management at CA, said many organizations restrict access to gambling and pornographic websites but fail to recognize the dangers of social networking sites.

"This report shows a correlation between behaviors that are innocent and potentially becoming a victim of crime," he told SCMagazine.com today. "People need to understand that, when you're in a corporate environment, it's a privilege to have access to the internet or a network."

He said organizations need to enact policies that go beyond the defenses provided by updated anti-virus, firewall and anti-spyware technologies.

"Define what is not OK to do," Curry said, "and they (administrators) should revisit that (policy) regularly because the internet evolves so quickly."

Click here to email reporter Dan Kaplan.