A majority of small U.S. businesses that store customer credit card data and banking information in the cloud do not follow data storage industry regulations.
More than 60% of 300 companies surveyed by business-to-business research firm Clutch fail to do so, according to a report in Information Management. In addition, 54% of surveyed companies don’t follow industry regulations regarding medical information storage in the cloud.
Businesses that store bank or health data information are required to follow the Payment Card Industry Data Security Standard (PCI DSS) and the Health Insurance Portability and Accountability Act (HIPAA), the article stated. Failing to adhere to these standards can result in millions of dollars in fines.
Still, these businesses were confident that the security steps they were taking were sufficient—60% use encryption, 58% train their employees on data security issues and 53% require two-factor authentication to protect their cloud storage, Information Management said.
– Nicholas Stern, managing editor