How should businesses balance security and transparency when engaging with the social web? A couple of days ago, SBF blogger Eileen Brown flagged a recent Robert Half survey which found that 31% of U.S. companies ban the use of social media at work. That's down from 54% in 2009. The survey also found that 51% of companies allow employees to access social networks like Facebook and Twitter for business purposes, up from just 19% in 2009.

So while the arc of history is clearly bending toward mass business adoption of social media, a substantial number of companies have yet to join the party. Why is this? Don't these Luddite laggards understand that their customers are talking about them online, whether or not they choose to join in the discussion? Surely they're aware that employees increasingly carry the social web in their pockets, whether or not they access it from their office PCs?

It's easy enough to sneer at technologically timid executives for not climbing on the social media bandwagon. And yet, it's not unreasonable for business leaders  to worry about employees wasting time on Twitter and Facebook when they ought to be working. Nor is it silly for chief marketing officers to worry about losing control of their corporate messaging when every single employee now has the power to speak for the company to a global audience, not to mention leak any confidential information that they choose.

So what does a sustainable corporate social media policy look like? We chewed over this question in a Sustainable Business Forum webinar that I moderated yesterday on the topic of Security & Transparency: How Social Media are Transforming Business. Our panelists included Regina Clark from Cyberfactors, a data analytics service that helps insurers and other businesses evaluate cyber risk, and Brian Solis, author of Engage and a noted expert on social marketing. Rounding out the panel was Gary Spangler, corporate e-marketing manager at DuPont, which sponsors this site.

"Banning social media is not the answer," Solis said early in the discussion. He added that the web is crawling with social media policies for businesses. What's lacking is common sense and leadership, not policies. Common sense would suggest, for example, that it's not a good idea to live-tweet a confidential company meeting. But we live in an age of oversharing. Said Solis: "People overshare until they learn it's not OK." And that's where leadership comes in. If banning and ignoring social media aren't viable options, then it's the responsibility of managers to teach their associates the difference between appropriate and inappropriate online behavior.

That's a big part of Spangler's job at DuPont. During our discussion, Spangler noted that DuPont doesn't attempt to regulate private social media usage by employees. But DuPont obviously has a big stake in how its employees talk about the company on the social web.  So like many businesses today, DuPont invests significant effort in teaching employees how to represent the company online.

Seems obvious, right? And yet we have numerous examples of companies doing dumb things on the social web, and paying the price.   (For an entertaining survey, see the AdAge feature “Social Media Screw-ups: A Brief History.”) During yesterday's webinar, Regina Clark from Cyberfactors told a chilling story about a nameless corporate employee who accepted a seemingly innocuous friend request on Facebook from a stranger who appeared to know some of her professional colleagues. Once friended, the stranger used information on the employee's Facebook profile to mail her a malware-infested CD that wound up corrupting her company's network.

Corporations are people too, to quote Mitt Romney's recent, ill-chosen words on the campaign trail in Iowa.  And while Romney wasn't talking about social marketing, he inadvertently touched on an important truth. Human beings will occasionally do and say dumb things, whether they are speaking as corporate employees, customers or candidates for high office. Social media can vastly amplify the impact of both stupidity and brilliance. All the more important for companies to ensure that their digital representatives understand the difference.