As I said in my last blog post — Preventing Data Leaks Before They Occur, Part II — there are several access controls to consider that protects data:
Ensure users understand the policies governing corporate issued endpoints. Users need to understand that the data on the device can be wiped at any time a security violation is suspected. Users cannot assume any personal data on the devices will be saved. (When it comes to Bring Your Own Device this is much harder. Read more about Unisys policy and how we manage this.)
Part of the user training needs to include social media policies. Users must understand what is expected when they interact with Facebook, Twitter or other sites from work or on a corporate/agency device. They should also be trained on what they can place on those sites and information they can enter. The corporate/agency specific policies should be enforced for these sites, which may include blocking them from internal locations.
The above is a good overview of what to consider for establishing an environment for data loss prevention. Not all organizations will be able to accomplish all the steps discussed but getting started and maintaining consistent policy enforcement is a key to success.