There's nothing wrong with using Facebook, other than the potential impact on working time, but that's not a security matter! The issue is in how your staff configures Facebook, and what information they place on it.
A few tips to pass on to your staff on the dangers of using Facebook:
One word of advice for the employer -- if you do allow Facebook access at work, block Facebook email using mail filters. At least then you don't have the problem of staff using work email addresses for Facebook. This simple step will then prevent the hacker from making the link between the user and the company they work for.
Related Q&A from Ken Munro
Ken Munro reviews how to secure USB flash drives in the enterprise.continue reading
Even though employees are told over and over again to not give out their user names and passwords, it doesn't always work. Expert Ken Munro explains...continue reading
Expert Ken Munro explains why the iPhone's lack of encryption features has kept it from being a reliable enterprise device -- for now.continue reading