STOCKHOLM—Cyber security exposures don't begin and end with hacking; organizations' own employees often give away sensitive information of their own accord through social networking sites, a panel of experts said.

The explosion in the use of sites such as Facebook and Twitter over the past few years has widened the scope of cyber risks that organizations face as employees regularly mix their professional and private lives, they said.

To guard against the risk, organizations must rethink their security training procedures.

“Today, with the new ways that there are to communicate and exchange information, we have to think that there are no more boundaries. Everything from private life and professional life is completely mixed,” said Laurent Dellhalle, general secretary of Bureau Europeen d'Information Commercial, a credit and information security organization in Décines, France.

He was speaking during a session of the Federation of European Risk Management Assns.' biennial forum held in Stockholm this week.

Information moves in seconds

The speed at which the messages are transmitted adds another dimension to the risk, Mr. Dellhalle said. Companies have little control over information because employees use social networks to distribute the information globally in seconds, he said.

And employees often distribute sensitive information unwittingly, said Christian Aghroum, Prilly, Switzerland-based chief security officer at SICPA Management S.A., a security ink provider.

For example, by updating resume information on LinkedIn, employees may inform competitors about sensitive aspects of their work. In addition, employees who use Twitter to send messages about their whereabouts while traveling for work and their schedule may being giving competitors clues about sensitive company operations, he said.

Previously, employees may have disclosed this information in personal meetings and they may feel that it is still appropriate to disclose this information to friends or colleagues. “But now you are not speaking in a restaurant, you are speaking to the whole world,” Mr. Aghroum said.

Private vs. professional life

Companies should ensure that they inform employees that there must be a clear line between private and professional use of social networks and they should have training on these issues, he said.

But the training needs to take into account the preferences of different groups of employees, Mr. Aghroum said. Older employees generally are quick to understand the difference between private and public use of social networks, but younger employees frequently require more training.

And younger employees are more engaged by e-learning techniques than traditional meeting-based training or printed guidebooks, he said.