Sophos urges Facebook to improve security, proposes plan

by CXOtoday Staff    Apr 19, 2011

securityIT security and data protection firm, Sophos, Naked Security Site has announced that it has written an open letter to Facebook, calling upon the social networking giant to address three security issues. In the letter, the security firm proposes the three-point security plan and asks the social media site to commit publically to a timetable for its implementation.

“The Sophos three-point plan would turn Facebook into the good guys and also be a real safety step-up for its 500 million users,” claimed Graham Cluley, Sophos Naked Security.
He further added that the social networking site is popular and is not going away, so it is essential, that it takes proper care of its users by making their security and privacy a top priority.

The three-point plan includes:
1. Privacy by Default: it implies to no more sharing of information without users’ express agreement (OPT-IN).
2. Vetted App Developers: only vetted and approved third-party developers should be allowed to publish applications on the Facebook platform.
3. Https For Everything: Facebook recently introduced an Https option, but left it turned off by default; and it only commits to provide a secure connection “whenever possible”. Facebook should enforce a secure connection all the time, by default. Without this protection, users are at risk of losing personal information to hackers.

“Our question to Facebook is this - why wait until regulators force your hand on privacy? Act now for the greater good of all,” urged Cluley.