With social media, even a carefully planned mix of policies and technology may not be wholly effective. That's because you cannot stop employees from posting data on social media when they go home at night; people will do what they want, regardless of corporate policy. What can you do? Implement a rigorous and continuous employee education program on acceptable use of social media.

A business should proactively train employees and be very clear about what it considers proper use of company information. Be specific: Tell them what they can and cannot say on social networking sites about the company. Employees should understand that posting corporate data is absolutely forbidden -- unless it is expressly encouraged.

Tailor the education program to meet the security knowledge level of your employees. The risks of malware, data loss and other threats should be described in very real scenarios that explain impacts to the individual and the business. Show employees how to recognize current scams used in social media attacks and how to identify a phishing Website. Training should demonstrate how these threats propagate on social media and how they can be downloaded to a user's computer or mobile device and then infiltrate the enterprise network. Emphasize that this knowledge will be as useful at home as it is in the workplace.

Education should not be exclusively technical, however. For many employees, sharing via social media has become so reflexive that they may not realize how information innocently posted on a social network can harm a business. Workers also should understand that when they identify themselves as an employee they are representing the company to the digital world.

Finally, fully explain the consequences of failure to follow company policies on use of social media. Be very clear: Jobs are at risk for those who violate the corporate code of conduct for privacy, client confidentiality and intellectual property.