In most organizations, use of USB memory sticks, media players and other portable storage devices is out of control. A recent study showed that even two thirds of IT professionals who use removable media at work admit they do not protect them with encryption. If they don't – what hope is there for non-IT staff? The fact that so many employees own portable storage devices for their personal use seriously weakens management control over the flow of business and non-business information into and out of the enterprise. Users may also connect their devices to workplace computers without permission, bypassing security gateways and controls. As a medium for exchanging data, personal storage devices are also susceptible to malware from unsecured networks and in turn can be responsible for spreading that malware onto the corporate network. What's more, the corporate network can be misused for downloading copyrighted material for use with portable media players. What can be done? Recent research * * Pointsec survey Removable Media in the Workplace, carried out amongst 248 IT professionals at InfoSecurity, April 2006 in London. shows that two thirds of IT professionals who use removable media at work admit they do not protect them with encryption. As the use of portable storage devices continues to infiltrate the boundaries of the organization, this article considers the threats that organizations may face as a result of their proliferation.