Social networking sites are not only biting into workplace productivity -- they can also pose a major security risk, new research shows.

In a national survey of more than 800 employees across a range of industries, more than half said they spent at least an hour a week accessing blogs, chat rooms, videos, and other social networking tools and services  at work, according to Clearswift, a Redwood, Calif.-based Internet security consulting firm.

Of those, 46 percent said they regularly discussed work-related issues online, the survey found.

Beyond so-called Web 2.0 sites, 71 percent also said they used Web-based e-mail  at work for personal messages, in additional to their workplace provided e-mail account, the survey found.

Clearswift COO Ian Bowles said that despite the well-known dangers of online viruses, bugs, spam, and scams, most business owners are still far too casual with the Internet.

He said the survey results should "raise a red flag" for employers about their susceptibility to data leaks over the Web.

"It's clear from the research that organizations need to take a closer look at the social media sites that their employees are using at work to make sure that sensitive business issues and information is not being discussed," Bowles said in a statement.

Still, more than half of the employees polled said they felt entitled to use the Internet for personal reasons at work, the survey found.

In recent years, many businesses have included an "acceptable use" policy for workplace Internet use  in updated employee handbooks -- only 29 percent of the business owners surveyed by Clearswift outright banned the use of social networking sites at work.

Nancy Cooper, an employment law attorney with Portland, Ore.-based Bullivant Houser Bailey PC, advices employers to have policies in place for blogs, chat rooms, and other online activity. Though employers can't necessarily prevent workers from accessing Web 2.0 sites, they can make it clear there will be consequences for sharing confidential business data, said Cooper, an Inc.com columnist.

Firing an employee for an online infraction is now common enough that legal experts refer to it simply as "dooced," a term coined from a case involving the author of a blog named dooce.com who was fired for posting angry messages about her employer and co-workers.