In an open letter from its Naked Security blog, the security firm has set out a three point plan that includes privacy by default, which would ensure Facebook does not share information without the user's express agreement, in the form of opt-in.
"Whenever Facebook adds a new feature to share additional information about you, Facebook should not assume that you want this feature turned on," Sophos says.
Furthermore, the plan includes the use of HTTPs for everything, rather than having the security connection turned-off by default and only available 'whenever possible', as well as only allowing vetted and approved third-party to publish apps on the Facebook platform.
Sophos said with over one million app developers already registered on the Facebook platform, it is hardly surprising that Facebook's service is riddled with rogue applications and viral scams.
"Facebook is no stranger to making headlines for all the wrong reasons when it comes to security and privacy. The Sophos three-point plan would turn Facebook into the good guys and also be a real safety step-up for its 500 million users," said Graham Cluley of Sophos Naked Security.
"Facebook is popular and successful and is not going away. So it is essential that Facebook takes proper care of its users by making their security and privacy a top priority."
Cluley added that Facebook should not wait for regulators to focre their hand when it come sto security issues and should instead "act now for the greater good of all."