"This refers to the risk of employees who are not bound to appropriate internal policies sharing confidential information or trade secrets (formulas, know how) to their contacts through social media," Chetty said .

But disclosing private information isn't always intentional, and is instead often leaked just by way of a good-intentioned employee who wants to share with social networking friends.

As Sophos' Wisniewski points out, even posting information on LinkedIn, generally seen as the lowest-risk social network, still poses a reasonable amount of risk.

"For someone looking for information about your organization or looking for targeted bits about your company it's fantastic," he said. "I can go and search for your company name and three-quarters of your employees probably have profiles that tell me exactly what they do, what their position is. I can learn a lot about the company and, if I wanted to, I can then take on a social engineering attack and use that LinkedIn information for my attack through Facebook or email."