The trades union congress has asked employers to "face up to Facebook" and allow staff regulated access to social networking sites at work, but evidence suggests companies are increasingly wary. They are right to be.

As social networking sites become more sophisticated, the risks to employers become ever greater. But not only must companies deal with the demands on IT infrastructure, the potential for "cyber-slacking" and possible reputational damage if they allow employees access at work, they must also tackle the thorny issue of how - and when - to police it.

More than two-thirds of London businesses have simply banned it outright, according to a recent survey. Legally speaking, they are well within their rights to do so.

Staff would find it very difficult to overturn a ban, says Alex Lock, a partner at Beachcroft and a member of the Employment Lawyers Association. He says: "Unless an employee can demonstrate that they genuinely need Facebook access to carry out their job, which would only apply in very limited circumstances, they wouldn’t have much of a case against an employer that bans it."

But employers are in a difficult position. One one hand, staff consider Facebook a legitimate and harmless means of keeping in touch with friends and organising their free time, and any attempt to clamp down risks eroding goodwill and provoking accusations of "Big Brother" tactics.

Richard Isham, a partner at Wedlake Bell, says: "An outright ban is a very defensive move and not necessarily the best course of action for employers battling to attract the best talent in highly competitive markets. With working hours in the City getting longer and longer, employers should think twice before cutting off what is becoming an increasingly important social tool and link to the outside world."

On the other hand, that has to be balanced against the risks arising from allowing free or even limited use.

Many people join work-based networks or clearly identify their place of employment. This could be a problem if disgruntled employees speak their minds freely. Every single one of your employees becomes a potential blogger, which could be a recipe for disaster.

Employers are entitled to take action against rogue employees who, for example, post negative comments about their boss or divulge company secrets, provided they have put in place clear guidelines on what is acceptable.

But employment lawyers warn that there is little point in implementing guidelines with no follow-on action. Employers must ensure the rules are being followed - and that will be costly.

Lock says: "Whether they do it themselves, outsource or buy some sophisticated monitoring software, companies will need to pay someone to monitor their internet use."

There is another danger in allowing limited use: taking action against one employee and not another could lead to a law suit. "You can't pull one person up and let another off or you’ll be in line for all sorts of discrimination claims," Lock says.