Wendy Ellis, vice president of marketing for McWhinney, says USB flash drives make great marketing devices because they're easy to carry and more efficient to look through than stacks of paper.

The firm is not alone. USB flash drives or thumb drives are the of-the-moment way to disseminate marketing materials, highlight work and promote ideas. Fortune 500 companies, educational institutions and even creative artists are handing out customized USB freebies to clients and employees.

The USB or Universal Serial Bus standard was developed about 13 years ago. But thanks to improved technology, it's taken off dramatically in the past few years. Industry experts report explosive growth in the use of USB flash drives and other USB-enabled devices like GPS devices, mobile phones, video players, digital photo frames and memory card readers.

However, as the use of USB enabled devices grows, so do the potential risks. The problem: Users can unintentionally pass viruses to their computers when they connect the devices to their computers.

In the past few months, an increasing number of digital devices have been reaching the market with viruses or malware already installed. Users infect their computers when they connect the tainted devices with USB cables. The still unanswered question is how companies, including commercial real estate firms, plan to deal with the issue--or whether they are underestimating the risks of USB devices.

Don Goldstein, the Dallas-based chief information officer of CB Richard Ellis, is responsible for the company's technology strategy, information services delivery and customer technology solutions. "There is a general policy that any software or equipment that connects to company provided computers must be approved by IT," he explains.

But he says there is not a specific company policy about personal devices. "Things like flash drives aren't a big deal, because they don't require special software on the PC that IT needs to load," he continues. "However, devices like iPods are a different story because they require special software that contributes to non-business network traffic. It really boils down to a case by case basis."

David A. Johnson, chief information officer at Jones Lang LaSalle, says the company allows employees in most locations worldwide to use USB devices. "Our philosophy is that we want to make the technology friendly. If it's friendly, they will use it. If they use it, we will get the value from it," he explains. "We trust our employees and treat them accordingly."

However, firms have to consider more than their employees actions. The potential problems from USB devices extend to manufacturers, retailers and distributors. Last month, for instance, Best Buy recalled several thousand digital photo frames--small flat-panel displays for displaying digital images--because they contained malicious code. The frames were sold at both Best Buy and BestBuy.com under the Insignia name, one of Best Buy's in-house brands.

SANS Institute, a Bethesda, MD-based research and education organization, reports more retailers are becoming unwitting distributors of malware. According to the Internet Storm Center, a network-threat monitoring group affiliated with SANS, computer users have reported multiple incidents in the past few months. They include:

• five digital photo frames from Advanced Design Systems that were sold at Sam's Club
• 
  
• two 250GB Maxtor External One Touch Backup, one purchased from Radio Shack and the other from Fry's Electronics
• 
  
• a Flip Video Camera from Costco
• 
  
• a MemoryVue 1040 Plus digital photo frame from Digital Spectrum Inc. purchased at Costco
• 
  
• an 8-inch Castleton digital photo frame from Uniek purchased at Target
• 
  
• A set of MP3 playing sunglasses purchased at an unknown store.

Last October, hard-disk drive maker Seagate reported a password-stealing Trojan horse program had infected some disk drives shipped from a factory in China. And in 2006, a virus snuck onto the hard drives of a limited number of Apple iPods.

Jason Roberts, marketing and public relations manager at PC Guardian, a designer and manufacturer of computer and data security, says employees can compromise the security of a corporation's data and information systems, knowingly or in error. "The 'innocent' breaches include employees downloading confidential data and subsequently losing or misplacing the USB drive itself, leaving the corporation vulnerable," he continues.

As a response to those potential risks, computer security experts are creating new options. PC Guardian, for instance, reports that it developed its USB Port Security System in response to unauthorized data transfer through USB ports to flash drives, memory sticks, MP3 players, and other mobile storage devices. The product disables USB port access.