"This stuff used to be under lock and key in a private diary," Gudaitis agrees. "The amount of disclosure on every level -- business dealings, trade secrets, classified information and personal information -- is enormously high." Also alarming, she says, are employees who tweet during meetings about what's happening and even who's in attendance.
Of course, policies banning the mention of employers would take companies out of the marketing-on-social-media game. But Desautels cautions against that type of marketing anyway. "You'd be opening your customers to an entire world of potential hurt via phishing and other types of attacks," he says in his blog.
Weider, on the other hand, says not using social media for marketing is unthinkable. "Why don't we just stop publishing our phone numbers so people can't get into our voice-mail system, or lock our doors so the patients can't get in?" he says.
The way to avoid possible exposure, says Weider, is to establish clear data-security policies and offer employees ongoing training. That training could touch on ways to tighten the security settings on sites like Facebook. According to the Web site NextAdvisor.com, which compares online services, Facebook users should fine-tune who will have access to specific aspects of their profiles and posts using the "My Privacy" section of the site.
Not Too 'Friend'-ly
Companies may also want to advise employees to not accept every friend offer that comes along. "In a lot of cases, people say yes to anyone who pops up," says Gudaitis. "But then they're vulnerable to whoever those people may be." Better to be conservative, she says, and approve only business acquaintances or old college buddies or family members.
To be even more cautious, NextAdvisor says, you should even verify whether a friend request is from the person it appears to be from, by sending him an e-mail or calling him. "It is easy for someone to set up a phony profile under the name of someone you know and trust in order to extract additional information from you," the site says.
Employees should also be aware that just because social networking sites ask them for personal information such as their birth date and phone numbers, it doesn't mean they need to provide it. In a poll of Facebook users that NextAdvisor conducted recently, 27% of respondents said that they listed their full name, date of birth, phone number and e-mail address in their profiles, and another 8% said that they included their street address as well.
"Your real friends and associates will likely already know this information, so including it on your profile will only increase your risk of being victimized by identity thieves," the site says.