What controls can we implement as a company to address the risks associated with employees accessing Facebook and Twitter? Our default position is that this access is removed and will only be provided if a valid business case is presented. We have started getting some requests that do have valid business cases. Most employees only want the browsing capability, however, and don't need to post.