Many companies have stopped fighting the culture and stopped trying to block social networking sites on their networks. If yours is one of them, the least you can do is educate your users about the risks and how to ameliorate some of them. I am amazed at some of the information that people put on Facebook. I enjoy social networking, but I don't believe in filling in a field just because it's there. First I was surprised at the number of people - including some who are security pros - who made their birthdates, complete with year, public information. That's a key piece of data that identity thieves love to have.
If you limit your Friends circle to just people you really actually know and trust, that might be okay, but many folks I know accept just about any friends request they get (after all, you can never have too many friends, right?). I have dozens of friend requests sitting ignored on my site because I have no clue who the people are. I know that there are lots of people who feel as if they know me, through my writing, but whom I don't know. So I created a second, "professional" FB persona that those people can friend, leaving my personal page for those I know better. But even on the personal page, you won't find my correct DoB.
My phone has a Facebook mobile app and that application has an icon you can touch to display a list of all your FB friends' phone numbers! Well, at least those who put their phone numbers in their profiles. Once again, I was surprised to see so many security-conscious people sharing their phone numbers, especially their mobile numbers. Maybe they have unlimited text messaging plans. I hope so. If not, anyone who gets your mobile number can "text bomb" you and end up costing you hundreds of dollars. Maybe it's just those long years of always having an unlisted number when I was a cop, but that's a field that I always leave blank.
Sophos has created a rather extensive guide about best practices for your Facebook settings. You can find it here: