"In many cases, it's an unrecognized security problem," says Jack Gold, founder of J. Gold Associates, an IT consulting firm in Northboro, Mass. "And it's not just flash drives. A lot of users have discovered that iPods make convenient backup devices."

But there can be huge consequences for IT departments that neglect the problem, Gold says. "Think about compliance issues if an insurance company employee downloads a couple of thousand customer records onto a flash drive and then loses the device," he says. "And often, the company won't even know the employee has done it." The result can be lawsuits and, if federal medical or financial privacy rules have been violated, multimillion-dollar fines, according to Gold.

"The payback for doing a good job with security for these personal devices is preventing a US$10 million to $30 million company liability," Gold says.

Data Guardians

While relatively few companies are addressing the issue, some have tried solutions ranging from total network lockdowns to requiring the use of encrypted flash drives to ensure that data will at least be safeguarded if it is lost.