To be sure, the reach of social networks and the speed at which information travels over them can magnify the risk of sensitive or protected data ending up on Facebook or other social sites, Gillin says. And there is always the risk that someone in an organization could post something damaging or libelous about a company, its customers or its rivals.
"There's kind of a party atmosphere with these tools. People are having a blast. They are using them like crazy and don't always understand the implications of what they are doing," Gillin says.
But these are issues that need to be handled through policies, procedures and education, Gillin says, and they shouldn't spur companies to abandon social media efforts.
Legal, audit and compliance teams, which can sometimes stymie social media initiatives, need to be made aware that the same risks exist in traditional channels such as e-mail, says Gillin. And those responsible for maintaining a corporate presence on social media -- typically employees in marketing and customer support -- need to be sensitized to the risks as well, he says.
And while much of the early adoption of social media in enterprises has been driven by marketing, communications, human resources and customer support groups, it would be wise for companies diving into social media to bring IT, information security, legal and compliance teams into the picture as well, says Mike Gotta, an analyst at Burton Group.
He says companies in regulated industries using Twitter could be required to archive their Tweets for discovery purposes. The relative lack of identity-vetting on LinkedIn could pose risks for companies that allow LinkedIn information to sit alongside their corporate directories.
"You can't get too far ahead of the security and identity teams because they can at least tell you where the cautionary areas are," Gotta says.
"Education is critical," says Kirstin Simonson, underwriting director at New York-based insurer Travelers Global Technology, a division of The Travelers Cos. In a recent Travelers Global Technology survey of 2,000 adults, about one in eight of the respondents admitted to posting work-related information on social media sites, and two-thirds said their companies have no policies for addressing such issues.
Companies need to consider the potential impact of their presence on a social media network, and who that network might reach, says Simonson. They must make sure they have extended whatever corporate privacy and data-protection policies they have to address disclosure and reputational risks on social media, she adds.
Zappos' Magness says that in the end, it's all about the corporate culture and how much you trust your employees to do the right thing. "If you focus on maintaining the right people with the right attitude, then there shouldn't be much to fear" with social media, he says.
"The customer has access to all of the issues and the information," says Magness. "They are not listening to you telling them what you think your brand is. They are telling you what your brand is."
Next: Baited and duped on Facebook