Firstly we have disabled the autorun feature in windows using group policy as we were finding this was where the majority of infections were coming in from when user plugged in USB sticks etc.
We also set AV access scanner to scan of both read and write to disks. We then created an exclusion for C:\ when reading.
This gives the effect of scanning when writing to c:\ and scanning when writing and reading to all other drives. This has proved effective against USB hosted nastys.
Finally, we have enabled artemis scanning which seems to be detecting quite a number of files from peoples USB sticks.
Going forward, we are currently dipping our toes in the DLP pool and playing with policies to prevent access of executables from USB sticks and drives.