Interesting blog about unknowingly leaking important company information through public networking.

While organizations scramble to protect themselves against the next big
TJX-style data breach, they're overlooking another risk: social networking.
Nearly every organization has an in-house blogger - officially or not.
It doesn't have to be a Mini-Microsoft - an insider blog often critical of
the Microsoft - to pose problems. An enthusiastic employee who's not
well-versed on corporate policy, a developer on public message boards, or
even a personal blog where the employee occasionally discusses work all pose
risks.
A recent survey by Forrester Consulting looked at this and other
content-security problems. The survey was commissioned by Proofpoint, a
provider of email security and data-leak-prevention solutions.
The July 2007 survey gathered 308 responses from U.S. companies with 1,000
or more employees. Forrester found that more twenty percent of those
surveyed had investigated "the exposure of confidential, sensitive or
private information via a blog or message board posting in the past 12
months."
"Security and IT professionals are just starting to wake up to blogs and
message boards," said Keith Crosley, Proofpoint's director of market
development. "The main concern is still outbound email, but these other
forms of messaging and networking can't be overlooked."
Careless Employees Can Be as Dangerous as Malicious Ones
Usually, the intentions of employees aren't malicious, just careless. AOL's
data leak of last summer provides a case in point. AOL posted information
relating to search queries on its now defunct research site, violating the
privacy of 658,000 subscribers. While AOL tried to protect users'
identities, replacing user names with numbers, it was relatively easy to
figure out who a large number of these people were because they often
searched for themselves, their family and friends, and things in their
neighborhoods.
AOL certainly wasn't malicious, just incredibly careless. AOL figured that
this information would be useful to researchers, and they certainly didn't
intend to violate customers' privacy. They just didn't think things through,
leading to a huge scandal, plenty of public humiliation, the loss of a
number of customers, lawsuits, and the firing of three employees, including
its CTO.
According to G. Oliver Young, an analyst with Forrester Research, the time
to start worrying about content control is even before an employee enters
the company. "If job candidates have questionable content on their MySpace
or Facebook pages, it should raise flags," he said. It's common now for
employers to check those sites before a person is even offered an interview.

According to Proofpoint's Crosley, the scope of the problem is much larger
than most people realize. "For every high-profile data-leak event, there are
probably hundreds of smaller ones," he said. These aren't publicized.
They're handled internally, and the result is often a termination.
"When H.R. starts looking at an employee's online behavior, it's serious,"
Crosley said. In the past, employees worried about organizations nitpicking
about their browsing habits. After all, as work bleeds into the personal
lives of knowledge workers, many argue that it's perfectly reasonable to do
some personal business during work hours. Similarly, the stress of knowledge
jobs makes it equally acceptable to take a ten minute break where you check,
say, sports scores.