Majority of Small Businesses Don’t Necessarily Follow Mandatory Cloud Storage Security Regulations – Clutch

More than 60% of small businesses that store customer credit card and banking information in cloud storage say they do not follow industry regulations to secure their cloud storage, according to The State of Cloud Storage Providers’ Security: 2017 Survey, from Clutch, a B2B research, ratings, and reviews firm.

Among small businesses that store medical data, 54% say they don’t follow cloud storage industry regulations. The finding suggests that small businesses may be putting sensitive consumer data at risk.

Two industry regulations – the Payment Card Industry Data Security Standard (PCI DSS) and the Health Insurance Portability and Accountability Act (HIPAA) – are required for businesses that store banking information or medical data. Businesses found to be non-compliant with these two regulations can be fined millions of dollars.

Despite the risks, 90% of small businesses are either “very” or “somewhat” confident in their cloud storage’s security, a 3% increase from 2016.

Small businesses can improve their cloud storage security by adding additional security measures. Over half of small businesses surveyed use encryption (60%), employee training (58%), or two-factor authentication (53%) to protect their cloud storage.

Experts point out that nearly all small businesses should be using additional security measures though.

Ghazanfar Ghori, CTO, 10Pearls, a software and mobile app development agency, said some small businesses’ security measures aren’t used effectively. For example, a company password policy, requiring complex passwords with regular updates, can be compromised by negligent employees.

“People will write [the new password] down on a sticky note instead and stick it on their locker,” for everyone to see, said Ghori.

He recommends that companies strive for seamlessly integrated security plans to minimize employee error. Security measures such as two-factor authentication and encryption cannot be compromised easily by employee error.

Patrick R., head of strategy, Intuz, a mobile app development and cloud solutions company, discussed the strength of encryption: “Encryption provides security to data at all times. Encryption works during data transport or at rest, making it an ideal solution no matter where data is stored or how it is used.”

Despite the potential risks, cloud storage offers numerous benefits for small businesses, said experts. When used properly, cloud storage can even provide more effective security for small businesses than an on-premise solution.

Cloud storage simplifies security for small businesses with limited resources, says Istvan Lam, CEO, Tresorit AG, an end-to-end encrypted cloud storage provider for businesses.

“The integrated features and security features that come with cloud storage [are valuable], like two-factor authentication being offered out-of-the-box,” he said. “How would a small business set that up for their employees with their on-premise system?“

The survey included 300 IT decision makers at U.S. small businesses currently using cloud storage.