Rebecca Herold, an attorney, professor and consultant known as the "Privacy Professor," said the worst part of all this is that "Facebook changes their privacy settings and sharing algorithms so often that it is hard for even privacy pros to keep up."

"If you've allowed someone access to your data, there is nothing to stop them from copying and sharing it elsewhere -- there are ways in which their settings will override your settings," Herold said. "Every person should post only information that they would not mind the entire world seeing."

Still, the connections Facebook brings to people also bring irresistible benefits to commerce. Those benefits -- such as 18 million people "liking" a brand's page after learning their friends had done so -- make it practically mandatory for enterprises to be on Facebook if they want to compete.

And security experts say it is useless to try to prevent employees from being on Facebook anyway. Chester Wisniewski, asenior security adviser at the security vendor Sophos, said public social networks like Facebook are "not a good choice for online collaboration, as you have no guarantees of privacy or how sensitive information will be handled."

But, he says if a company tries to block Facebook, Twitter or other sites, "employees will simply grab their iPhone, Android etc. and do what they wish, where you don't have any oversight."