Half of the companies who use web filtering equipment from Barracuda Networks block access to MySpace and/or Facebook, the two most popular online social networks. Barracuda based the findings on a sample of 2,400 customers.
A separate survey by the security vendor found that 70 percent of respondents cited the prevention of virus and malware infections as the primary reason for restricting employee surfing.
Another 51 percent of companies mentioned productivity drains, while other reasons included bandwidth concerns and regulatory requirements to control employee communications such as privacy legislation or insider trading rules.
The risks can be as much perceived as real, according to the survey. Rather than an all-out ban on MySpace or Facebook, companies can prevent malware infection much more effectively by scanning web traffic.
However, Gartner found that only 20 percent of enterprises use such a malware defence.
Companies blocking social websites tend to do so only when they notice a spike in traffic to such services, according to independent security analyst Fred Cohen who suggested that the blocks come from a perceived need to control employees.
"Often there is no specific risk [from social websites]," Cohen said. "But companies have the flawed believe that they are in charge."
Filtering web traffic is not without its pitfalls. Many employees perceive the practice as demonstrating a lack of trust, warned Peter Firstbrook, a research director covering security at Gartner.
"Considering that most organisations expect employees to work extra during off-hours, they must accommodate workers' needs to conduct home life activities while at work," he said.
Instead of instating a blanket ban, Firstbrook urged companies to monitor traffic and reprimand individuals who exceed fair use.
"Since monitoring web activity is easy, catching the people who are wasting time on social sites is also easy," he said. "It is counterproductive to punish all workers for the potential transgressions of a few."
Gartner has predicted an increased level of granularity in the control of web traffic in the future. Employees might be allowed to view Facebook profiles and messages, for example, but would be blocked from editing the profiles.