Yes, it has been rather lax I'm afraid. I've only just joined, so it's a bit unknown at the moment. I'm just tasked with investigating it. Personally I'd ban all internet access anyway except when it's for specific company use and we'd open it for that only; lock the desktop (make it Citrix even?); and take away the wireless access points in the building. Network access can hopefully be allocated on a per-MAC basis as I go all draconian, but after all, we are here to work. I'm sure you wouldn't be happy to put your car in the garage for a service then end up getting billed for 3 hours on social media too.
One major problem has been letting people be local admin on their desktops, so this is already a bit 'out there' but I've got to think of the corporate cost in lost effort and lost data if we keep things open like this.
Sorry to be such a bah-humbug in the party,