Research by the security firm also revealed that one in five business are now more concerned about the security risks created by social networking, rather than staff productivity. A quarter of companies have also been a victim of spam, phishing or malware attacks that originated on social networking sites.
"The initial productivity concerns that many organisations harboured when Facebook first shot to popularity are giving way to the realisation that there are more deliberate and malicious risks associated with social networking," said Graham Cluley, senior technology consultant at Sophos.
"As cybercriminals choose to exploit these [social networking] sites for nefarious purposes, both innocent users and companies are finding themselves in the firing line. But until users wise up to the dangers, and firms begin to take precautionary measures to combat these threats, then the situation will intensify," added Cluley.
However, Cluley urged businesses not to van access to social networking sites all together.
"The danger is that by completely denying staff access to their favourite social networking site, organisations will drive their employees to find a way round the ban - and this could potentially open up even greater holes in corporate defences. Let's not also forget that social networking sites can have beneficial business purposes for some firms too, giving them the chance to network with existing customers and potential prospects."
See also: Celebrities targeted by new Twitter worm
This story, "How Does Sensitive Company Info End Up on Facebook?" was originally published by PC Advisor (UK).