Leave aside for a moment -- and for another blog -- the sheer security risk that thumb drives present because of their very portability and, for want of a better word, purloinability. Think instead about what it means when an employee brings a personal thumb drive into your workplace.
This is particularly true if your business prohibits storage of personal data on company equipment. Easy enough for employees to get around that one by keeping all of their personal data on their personal thumb drive, using your computers, network and USB ports as gateways, never technically violating the no-store rule even as they expose your business and your business info to any number of threats.
No personal storage, of course, isn't enough of a rule -- a sound security policy prohibits employees from connecting any personal device or media to company equipment.
The solution? First, put some teeth in your employee access/device/media rules and make sure the employees are aware of them.