As there should be, there is a lot of trust we give to people in business. In the tech arena, we provide passwords to our IT admin, our staff, and other personnel. Sometimes employers can forget that a password is like handing someone the keys to your office–though they need to have keys to get in to open, but the issue comes if they go rogue. I suppose worst case scenario with keys is you change the locks, but do you have the same abilities with those internet passwords? I recall a local radio host who lost his Facebook account because someone hacked his username and password and been without his account for more than a month despite trying to contact Facebook every which way. The key is, no pun intended, to have as much control over passwords and usernames as possible that is necessary to protect valuable property and resources. Retain your company as the owner of the account including all password reset credentials should be done through the company. Do not allow lower management personnel create their own accounts. Require passwords to be disclosed at any time, etc. Though very possible to get back control, once an employee goes rogue with your Facebook account, email account, or website, it is expensive and possibly time consuming to get all of that back into line through the court system.