The security firm found that a quarter of companies have fallen victim to spam, phishing or malware attacks via these sites.
Graham Cluley, senior technology consultant at Sophos, pointed out that using the corporate contact details available on LinkedIn, for example, a phishing attack could easily be set up to mine intranet log-in or user account details from new employees.
"If your users are sharing too much online, it can give away clues regarding corporate security, not just personal identity information," he said. " Companies need to educate their staff."
Businesses should also install web security which can scan content in real time to prevent users straying to malicious sites, he added.
Social networking sites like Facebook have generally been proactive in raising awareness about security risks, but they "could do better" to protect their users from malware, spam or phishing attacks, argued Cluley.
"I'd like to see social networking sites understand that they've got a huge amount of traffic travelling through their users, so they should be more proactive in scanning it," he said.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.