Wall Street Journal's Geoffrey Fowler recently wrote an article, "What's the Company's Biggest Security Risk? You." He raises the 
very relevant topic of how employees are significant insider threats to the business.
As he accurately points out the more skilled employees become in using personal technology the more companies are at risk of exposing sensitive corporate information. The usage of personal webmail, the proliferation of social media and the adoption of mobility are examples of what has increasingly contributed to the external exposure of sensitive corporate assets.
But while there is little question that these technologies increase the potential exposure of sensitive information it's important to illustrate that once sensitive information reaches the eyes of unintended recipients the horse has essentially left the barn. The ability to completely control information once it reaches unwarranted recipients is limited. That's why controlling information at the "source" is extremely important to reducing the risk of accidental, negligent or malicious exposure through electronic or non-electronic means.
In order to effectively control information at its source businesses should take 3 things into account:
1) What content is considered sensitive to the business?
Organizations must define data classification types that are critical to the business, are covered by external regulatory requirements and included within corporate policies. Preferably this should be accomplished through automated technology or as a last resort manually on a recurring basis. But the ability to identify IP, PII, PHI or NPI is critical to the business controlling the usage of information by employees at its source.
2) How is sensitive content distributed or communicated through the business?
Although social media and mobile devices are prominent threat vectors for sensitive corporate data the business must control information closer to when it's created and shared. By not controlling data at the source of creation or when it is initially shared it has a high probability of unknowingly being replicated throughout the organization to unwarranted recipients. Collaboration software such as SharePoint has quickly become the software of choice to store, share and revise content while email remains the most common mode of communication to distribute content within the workplace. If organizations truly wish to control information at its source (before it reaches a critical mass of distribution) they must maintain visibility into these common modes of collaboration and communication.
3) Who is involved in the communication?
Organizations need to understand the individuals, roles or groups involved in communicating content. By understanding the identity of who's communicating, organizations are able to take a precise approach to controlling information handling as opposed to broad brush strokes that typically results in critical business flow being interrupted.
By taking the proper steps to protect information at its source businesses are able to reduce the risk of sensitive information getting into the wrong hands and eventually leaking outside the organization - whether it's through social media, mobile devices or even word of mouth.
Lock image used under Creative Commons License from the Open Clip Art Library http://www.openclipart.org/detail/17931