Irrespective of the type of business your organisation conducts, the protection of its assets is vitally important.

That’s why traditional brick and mortar stores employ physical controls such as alarms, restricted access and guards, and why companies looking to protect information employ technical measures and security professionals.

But all of the above may be for nought if someone within the organisation decides to say more than they should.

Take, for instance, Dominic Marshall, a 20-year-old man from Manchester.

Marshall’s business was a little out of the ordinary, operating in a market most of us are not familiar with – the sale of cannabis.

Given the sensitive nature of such work, and the attention it rightfully attracts from the constabulary, it should go without saying that discretion is a valuable characteristic for any self-respecting drug dealer.

Alas, for Marshall at least, discretion was not one of his strong points.

In a bid to increase sales he took to Facebook to boast of how he had Ganja for sale, informing his 2.737 friends and, due to a lack of privacy awareness and correct settings on the social network, anyone else who happened upon his page too.

Even when his clued up friends warned him that he was a ‘walking charge sheet’ he continued to use the site to boast of how he had ‘bud’ for sale.

Police – and it’s not known whether they were trawling Facebook or had been tipped off – soon paid him a visit, arriving on 3 October at which point they discovered his father Phillip in possession of 33 bags of the drug.

Marshall subsequently received a 12-month community order as well as a period of supervision and drug rehabilitation after admitting offering to supply class B drugs while his father picked up a fine for possession.

In passing sentence, Judge Hilary Manley stated the obvious as she said:

You’re hardly a sophisticated drug dealer given the nature of the Facebook messages you publicised.

John Kennerley, in attempting to defend Marshall, said “It must be an immature person who acted in the way he did by putting on Facebook the fact he had cannabis which he was offering for sale – not the actions of a sophisticated, hardened criminal.”

Even so, it takes neither a fool nor a criminal to put your information-based assets at risk through poor decision making.

While technical controls and security expertise certainly have their place, and will go a long way in mitigating risk, there is always that other ever-present danger: the human element.

While we hope your employees are not dopes, the truth is they are fallible.

Have you planned for that with your security procedures? Are your staff aware of your social media policy? Do they know that loose talk anywhere on the web can put your business at risk and their jobs in jeopardy?

If not, you have some work to do and may wish to consider training your employees and sprinkling in some security awareness so they are aware of what they should and, more importantly, should not say on Facebook and other social networking sites.