CIOs push data into the cloud. Employees post ever more personal and professional information on social-networking sites. And as the WikiLeaks organization talks about releasing secret information about Swiss bank accounts\u2014on top of rumors that it may disclose documents from a large bank in the United States\u2014CIOs find themselves reviewing internal policies and answering questions about security from their CEOs.\n \n \u201cOh yeah, we\u2019ve had a lot of questions,\u201d says Srini Cherukuri, senior director of IT operations at Matson Navigation, a $1.2 billion ocean shipping company. And, he admits, he doesn\u2019t yet have all the answers. The same CEOs who fret about WikiLeaks also expect to do company business on their shiny new personal smartphones and tablets. That\u2019s a bigger threat, Cherukuri says.\n \n Frank Modruson, CIO at Accenture, agrees. No technology or policy can reliably prevent a leaker from leaking, he says. \u201cWikiLeaks is more of an HR and legal issue than a technology one. Somebody who was trusted shared information he wasn\u2019t supposed to.\u201d\n \n Banning consumer devices at work won\u2019t stop people from using them, Modruson says, which creates a bigger risk. \u201cThe most difficult things to secure are the things you don\u2019t know you have.\u201d\n \n Insider threats always exist, but consumer technology and cloud computing present a more urgent risk that CIOs must mitigate. Here are four tips: \n \n Have a smartphone policy. Employees lose smartphones and CIOs have to worry about the corporate data stored on those lost devices. In the absence of tools that can remotely erase just the business information from missing smartphones while leaving personal data untouched, Matson Navigation has had to enact a harsh policy. That is, if you lose your phone, Matson erases all the data on it. At the same time, Cherukuri encourages employees not to download company data onto their personal devices. He predicts it\u2019ll be another year before vendors come up with reliable \u201cscalpel\u201d software that lets IT departments erase individual pieces of information from a phone.\n \n Enforce password use. Most smartphone users don\u2019t bother setting up a password to lock the device, but CIOs should mandate that they do it, says Henning Hagen, a principal at Booz and Co. In fact, he advises varying levels of authentication to provide tight security when a phone goes missing. Experiment with adding secret questions, tokens that generate one-time passwords and biometrics that match fingerprints.\n \n Take the reigns of the iPad. Some of the executives at Focus Brands, a franchisor of the Carvel, Cinnabon, Moe\u2019s Southwest Grill, Schlotzsky\u2019s, Auntie Anne\u2019s and Seattle\u2019s Best Coffee food franchises, use iPads to access e-mail, calendars and the Internet. Focus Brands\u2019 CEO also uses his iPad for e-mail, among other things, says Todd Michaud, the company\u2019s vice president of IT. But because he hasn\u2019t fully figured out how to secure iPads, Michaud has so far limited their rollout, he says.\n \n Control the cloud. Not only should CIOs make a map of which cloud providers have what portions of their corporate data at any given time, they should also become experts in all the security standards that apply to their company, advises Cherukuri. Before signing a deal with a cloud vendor, run through the list of security measures in detail to be sure it complies. Regularly verify that security agreements are upheld, perhaps by assigning a staff member to monitor outside providers regularly. Look at audit logs, have conference calls and visit the locations where they keep your data, he advises. \u201cYou want to examine their processes on the ground.\u201d\n Follow Senior Editor Kim S. Nash on Twitter: @knash99.