Small business owners fingered social networks as biggest threat to information technology security in 2010, according to a new report.

Based on security firm Webroot's survey of 803 IT professionals at small and medium-sized companies, a whopping 80 percent of them think Facebook, RSS feeds, and related Web 2.0-based malware will cause a problem for their companies in 2010. (Worse, 73 percent of respondants think these web-based threats are going to be more difficult to manage than e-mail based threats.)

Perhaps the fear of Web 2.0 isn't that surprising when you consider that a similar survey from IT security company Sophos earlier this year found that the number of firms suffering attacks through social media jumped 70 percent between 2008 and 2009. Plus, for the week ending March 13 Facebook bested Google to become the most visited site in the U.S.  And in March, Twitter reported a 1,500 percent growth in the number of new registered users in the course of a year.

Nearly a quarter (24 percent) of the businesses surveyed already have been compromised thanks to social networking sites. Social media actually hasn't been firms' biggest trouble source to date—that particular raspberry goes to downloading media from the Internet, which has caused security issues for 32 percent of companies. Twenty-five percent reported security breaches from file-sharing, and just three percent had fallout from employees accessing personal web-based email accounts.

Nearly 90 percent of small businesses have an Internet use policy, and 95 percent say they try to enforce it. How? Seven in 10 explain the policy at employee orientations, and 44 percent send reminders to employees at least once a year. More than half of companies (56 percent) have Internet use policies that prohibit visiting social networking sites.

If you don't have a social media policy, it may be time to think about one – or possibly leave your company vulnerable to security breaches. (For more about social media policies, click here.)

A separate Webroot survey released Tuesday showed that although some users have gotten slightly more privacy savvy (37 percent are blocking their profiles from public searches), 28 percent have never changed their default settings and an eye-opening 81 percent don't restrict who can see their recent activity online. What's more, many users are still including the sort of personal information that's a hackers' dream: birthday (61 percent); hometown (52 percent) and cell phone number (17 percent).

Webroot's second annual study surveyed more than 1,100 members of Facebook, LinkedIn, MySpace, Twitter and other social media.

Said Jeff Horne, director of threat research at Webroot: "A perfect storm is developing between the number of people flocking to social networks and the new, increasingly sophisticated malware attacks cybercriminals are launching to prey on the personal data they're sharing."

Your youngest employees may be the ones who make the company most vulnerable. Among 18 to 29-year-olds, 43 percent use the same password across multiple sites and 40 percent accept friend requests from complete strangers. But users of all ages can cause trouble: Though nearly 75 percent of those surveyed said they knew about Facebook's privacy changes that automatically exposed their full profiles by default, 42 percent failed to make any changes to their settings.