A Ponemon Institute survey has blasted corporate USB stick users' "negligence" for not seeking permission before plugging the portable storage media into work computers.
The survey (pdf) of 743 IT and security personnel listed other "negligent" behaviours as using generic USB drives that they received free at conferences and not informing "appropriate authorities" in the event of a lost drive.
Last May, IBM apologised for distributing malware-infected USB keyAustralian security conference AusCERT.
Ponemon suggested such negligence by employees put corporate information at risk.
But it saved some criticism for employers, whom it said were mostly "not willing to pay a premium to ensure USB drives used by employees [were] safe and secure".
The survey, sponsored by memory vendor Kingston, found only 38 percent of organisations supplied employees with an approved USB drive for use in the workplace.
Half of respondents said their firm didn't supply approved sticks; 12 percent said they were "unsure".
Of those respondents who did get a corporate-sanctioned drive, an "extrapolated average" 58 percent still used unauthorised drives as well.