The majority of UK firms are leaving their networks open to malware and data theft by turning a blind eye to widespread employee use of removable media devices such as iPods, MP3 players and USB flash drives.

Research published today claims that a staggering two-thirds of IT professionals who use USB flash drives at work admitted that they did not protect them with encryption even though they are aware of the associated dangers.

According to the survey of 300 UK IT professionals, most UK organisations have yet to address the problem of removable media.

The poll found that such devices are being used in 84 per cent of companies and, on average, a third of employees are using them in the office.

Some 90 per cent of those surveyed said they were aware of the potential danger that removable media presents, and a third of organisations admitted that removable media is being used without authorisation.

"With removable media plummeting in price, soaring memory capacity and more people using them at work, companies need to be aware of how easy it is for staff to use them, lose them or take competitive information away on them, all in the palm of their hands," the study, commissioned by mobile security firm Pointsec, warned.

"If lost or stolen, vast amounts of valuable information could seriously expose a company to extortion, digital identity fraud, or damage to their reputation, integrity and brand."

Martin Allen, managing director at Pointsec UK, added "There seems little point in companies spending vast sums of money on information security if they're letting staff use these devices at work which allow unhindered access to vast quantities of sensitive company information."