IT departments are failing to properly appreciate the security risk posed by USB flash drives, according to a new study.

The study, run by the Ponemon Institute and sponsored by Kingston Technology, surveyed 743 IT professionals and security practitioners, and found that 71% did not consider the protection of confidential and sensitive information on USB flash drives to be a high priority.

Investigations of the companies represented found that 12,000 customer, consumer and employee records were lost on average per organisation due to missing USB drives.

"Organisations watch very carefully, and put a plethora of controls around, what enters their business from cyberspace,” says Larry Ponemon, chairman and founder of the Ponemon Institute.

"This study drives home the point that they must also take a more aggressive stance on addressing the risks that exist in virtually every employee’s pocket.”

40% of organisations surveyed reported having more than 50,000 USB drives in use among their staff. Nearly 20% reported over 100,000.

As well as preventing data loss, a USB security policy is also important for security from malware. A study performed by the US Department of Homeland Security in June dropped unidentified USB sticks in government parking lots and found that 60% of the people who picked them up plugged them into office devices to try and track down their owners. When USB drives with official logos on the side were dropped, 90% were plugged in.

The study lists 10 security recommendations covering the management of USB drives. Go here to read more.