Ever since dumb terminals sprouted tape drives and users got access to IT infrastructure through client devices, firms have worried that staff would run amok and mess up beautifully configured IT systems with games of Pong and Pacman.

When PCs became the new client device, things really got out of hand. Users now had a disk drive which could be stuffed with disks from the covers of magazines, from their mates and from under the desk. Such habits could introduce all sorts of nasty things to the corporate network.

Today we are resigned to the loss of control of the client device and work hard to try to protect infrastructure through firewall, antivirus and security measures. Meanwhile the always-connected internet has made the problem a thousand times worse. And though Windows XP gives firms more control of how users can operate PCs, there are thousands of virus writers thinking of new ways to break through network security systems by hitching a ride on tools users have at their disposal - the invisible browser helper objectors (BHOs) that hook themselves to Internet Explorer are a good example.

Today the plethora of new memory devices that can plug into client PCs has brought the prospect of "Sneakernet" virus propogation into sharper focus, with PDAs, Flash RAM, PC Card hard drives, external USB drives, MP3 players and so on.

Assuming you have your network very tightly tied down, maybe virus and malware aren't a worry - though they probably should be. But because so much of a company's intellectual value now resides on its server and client hard drives, the possibility of invisible theft is now a big threat. While a thief nipping out with a couple of large tape backup reels might have been noticed 20 years ago, today a Flash memory wristwatch with 512MB of RAM is not likely to be noticed by even the keenest of security staff.

Even harder to control are MP3 players. Most owners of MP3 players have synchronisation software on their hard disk - indeed with market-leader iTunes this is the only way you can use the system. It follows that there must be lots of unauthorised mass storage devices being connected to corporate networks. Consider the consequences of a virus that could exploit this loophole, or of someone in your firm deciding to copy a few key company documents to their iPod before handing in their notice and leaving the building...

Which brings us back to that thorny old question of whether users should be allowed to copy from external devices at work at all. I use a laptop and frankly it would be pretty useless if I could not use the USB port. Not least because I use a USB hard drive as a backup device for my portable data. Users who have got used to the flexibility of PCs are unlikely to relinquish this freedom easily.

But there is no doubt that IT departments should be concerned about how they respond to the backdoor threats to networks.