A first step in creating a social media security strategy is classification of business data so that employees understand precisely what is -- and is not -- sensitive information. This process also should specifically delineate who is authorized to access corporate content and how that information can be used.

Policies will vary by employee role and by social media site. For instance, a worker may be permitted to include employer affiliation and job title on a public profile on a business media site, but not on a personal one; HR staff may be allowed to provide more company information because doing so is essential to recruiting.

Remember that hackers now target mobile devices such as smart phones and tablet PCs. Businesses should specify whether employees are permitted to access social networking sites from these devices and which apps may be used to do so.

Once policies are established, it may be necessary to reinforce them with a carefully considered combination of network monitoring and data protection technologies. In some cases, these technologies may already be in place as part of standard IT security measures. If so, they should be configured to include social networking controls.