Facebook outlined some of the security risks and compliance issues the company faces on the social networking platform and related services that could impact its operations in documents filed with the Securities and Exchange Commission.
After months of intense speculation, Facebook filed S-1 documents with the SEC on Feb. 1 to raise a maximum of $5 billion for its initial public offering (IPO). The company plans to trade under the ticker symbol “FB,” according to the documents.
Facebook identified malicious cyber-activity, which includes malware, viruses, spam, phishing and hacking, as being harmful to the business in the section “Risks Related to our Business and Industry” in the S-1 filing. These types of attacks have become “more prevalent” and have already occurred on company systems in the past and may occur again in the future, Facebook wrote.
“Because of our prominence, we believe that we are a particularly attractive target for such attacks,” Facebook wrote.
While it is difficult to quantify what harm would directly result from these malicious activities, “any failure to maintain performance, reliability, security and availability of our products and technical infrastructure” may harm the company’s reputation and its ability to retain users and attract new ones, according to the S-1 filing.
Spam also poses problems for Facebook. Spammers using Facebook to send unwanted messages can “annoy” users and make Facebook seem “less user-friendly.” While the company has put tools and technologies in place to control spam, “we cannot be certain that the technologies and employees that we have to attempt to defeat spamming attacks will be able to eliminate all spam messages from being sent on our platform,” according to the document.
In addition, payment transactions on the Facebook Platform could result in some compliance challenges for the company, according to the filing. Since users purchase virtual and digital goods from game developers using the Payments infrastructure, Facebook will need to examine laws and regulations in the United States, Europe “and elsewhere” governing how funds are transferred and data stored. Facebook expects its Payments platform to evolve over time.
“Our efforts to comply with these laws and regulations could be costly and result in diversion of management time and effort and may still not guarantee compliance,” according to the document.
The SEC issued guidelines back in October that companies should report cyber-incidents and other issues that could have an adverse effect on their finances or operations as part of the documents filed with the regulatory body. While it was just a guidance and not a requirement, it appears that Facebook is taking that step to disclose the risks.
While Facebook worries over the potential threats to its platform, security experts warned about scammers taking advantage of the IPO frenzy to swindle users out of real money.
“With an IPO as hyped and widely anticipated as Facebook’s there are bound to be some bad eggs trying to take advantage of the situation,” Graham Cluley, senior technology consultant at Sophos, wrote on the Naked Security blog.
Facebook IPO-related scams won’t be new, as the Financial Industry Regulatory Authority issued an alert back in March 2011 after seeing some scams. “While most pre-IPO offerings are legitimate, some are frauds in which con artists sell shares they do not actually have,” according to the FINRA statement.
Scammers may take advantage of Facebook users interested in the IPO by tricking them into clicking on links or joining pages claiming to offer free Facebook stock, Cluley said.
On the other hand, Facebook finally going public means the company will have to become more transparent about what it is doing with user data. The “smart money” says privacy, security and data ownership are the big winners of the Facebook IPO, predicted Jay Garmon, marketing director at Backupify, on the company blog. Facebook will also have to be careful about not running afoul of the Federal Trade Commission’s consumer protection rules, Garmon said.