Majority of firms storing credit card data in the cloud ignore regulations

Register now

More than 60 percent of small businesses that store customer credit card and banking information in the cloud said they do not follow industry regulations to secure their cloud storage, according to a new report from Clutch, a B2B research, ratings, and reviews firm.

Clutch surveyed 300 IT decision makers at U.S. small businesses that currently use cloud storage, and found that among the businesses that store medical data, 54 percent do not follow cloud storage industry regulations. The finding suggests that small businesses might be putting sensitive consumer data at risk, according to the study.

Two industry regulations—the Payment Card Industry Data Security Standard (PCI DSS) and the Health Insurance Portability and Accountability Act (HIPAA)—are required for businesses that store banking information or medical data. Businesses found to be non-compliant with these two regulations can be fined millions of dollars.

Despite the risks, 90 percent of small businesses are either "very" or "somewhat" confident in their cloud storage's security.
Small businesses can improve their cloud storage security by adding additional security measures.

More than half of small businesses surveyed use encryption (60 percent), employee training (58 percent), or two-factor authentication (53 percent) to protect their cloud storage.

For reprint and licensing requests for this article, click here.