Apparently what the other clients of Palisade Systems are doing: accessing porn, carelessly slinging health records and Social Security information, and accessing hacking Web sites. And these are the businesses. Palisade gives the data to PCMag.com to prove it.

What are your kids looking at online at school? How secure is the personal information you provide to your doctor? Is your mortgage company going to send an IM that contains your Social Security number?

Despite countless reports of identity theft and data leaks due to careless handling of peoples' personal information, this type of behavior persists and is often more pervasive than most business owners would like to acknowledge, according to data from security firm Palisade Systems.

Small and medium-sized businesses like credit unions, schools, or hospitals will hire Palisade to run a 10-day check of their operations to make sure sensitive data is being handled properly. If problems are uncovered, they can sign up for Palisade's monitoring system  a customizable, cable-like box that can attach to any network and either scan for additional problems or block certain activity from occurring.

"We'll give clients [our reports] and they'll say, 'I don't believe you.' That's got to be a bunch of crap. You're just trying to sell me a box," said Christian Renaud, vice president of strategy for Palisade Systems. "Then we flip a couple pages and start showing them the actual violations  an example of a Social Security number in an e-mail, an attachment with credit card numbers  and then they do the 'Oh God, we actually have a problem' moment.'"

Palisade's findings provide a disturbing complement to a , which found that default passwords and other easily-bypassed security was still surprisingly common at companies that had been hit by data breaches.

Palisade provided PCMag.com with redacted copies of some their reports to illustrate exactly what type of information is being sent or accessed.

At a school, for example, Palisade found that during a two-week period in October 2008, schools officials sent 1,167 Social Security numbers, 42 credit card numbers, and the personal financial information of 4,646 people in an insecure manner. This was done in a variety of ways  from e-mails ("Hey, can you pull a record for this student. Social Security number below.") and instant messages, to attachments and P2P.

In terms of network activity from students and faculty alike, Palisade found that P2P  in particular BitTorrent  is a favorite pastime. But while that latest illegal track downloads onto school computers, what's a person to do?

Surf porn, apparently. Palisade found that there were 49,466 incidents of pornography Web site access in that two-week period, more than half a million visits to hacking Web sites, almost 50,000 to e-gambling sites, and more than 20,000 hits for what Palisade called "crime Web sites".

Crime Web sites can vary from best practices on how to pick locks, sites that detail where police are stationed to pick up speeders, or insider tips on surveillance camera locations, Renaud said.

Schools were not alone, however. With all the emphasis on securing electronic medical records these days, how are the nation's medical labs and hospitals faring?

At a medical lab that was scanned between Sept. 30 and Oct. 15, 2008, Palisade found that employees improperly sent 144,095 Social Security numbers, four credit card numbers, the personal health information of 75,595 patients, and the personal financial information of 405 people.

At a healthcare company, meanwhile, the personal health information of 24,840 people was handled incorrectly, as were 740 Social Security numbers, and 94 credit card numbers.

But how about your average mid-size manufacturing company? Employees at the company scanned by Palisade improperly handled 498 Social Security numbers and 3,430 credit card numbers  possibly because they were distracted by the all the weapons and porn and drugs they were Googling on company time.

Palisade's investigation of the manufacturing company logged 100,154 porn hits, more than 7,700 visits to crime-related sites, and more than 6,800 hits to weapons-related Web sites. More than 70,000 searches were also made to job-search Web sites.

Most of the companies that approach Palisade have done so in order to make sure they are complying with federal privacy and security regulations while "other people got a whiff of something and they want the right forensic tools to go look around," Renaud said. "It's a combination of factors."

What can be done? "More often than not, it's just bad training and bad processes, it's not necessarily a bad actor or someone who wants to send out source code to the competition or sell Social Security numbers for cash," he said.