Small businesses ‘confident’ about cloud storage security – but is that confidence misplaced?

The verdict has come in for small businesses securing their clouds: good in parts, but could be better.

That’s according to the latest security survey from B2B research firm Clutch. In its latest report, which polled 300 US small business with a maximum of 500 employees, 90% of respondents overall said their cloud was secure, representing a small increase from the previous year.

More than half of organisations polled said they use encryption – cited by 60% of respondents – employee training (58%) or two factor authentication (53%) to secure their cloud storage, with only 6% saying they use no measures. Yet Clutch argues these numbers could be better; ‘almost all small businesses should be using these measures to protect their cloud storage’, the company said.

More concerning, however, is the revelation that 62% of small businesses who say they do not follow industry regulations when storing banking information on cloud storage. What’s more, 54% of small businesses admit the same for storing medical data on cloud storage. This, in other words, is the PCI DSS for payments and the HIPAA accreditation for healthcare.

Only 35% and 36% of respondents respectively said they followed the PCI DSS and HIPAA regulations. Almost three quarters (74%), however, said they followed the ISO accreditation. Istvan Lam, CEO of Tresorit, said it was “a good way to protect information inside the organisation… even if someone is not necessarily going to be audited for the standard, it’s a good practice to follow.”

The overall verdict from the report is that while small businesses are ‘confident’ in their cloud storage security, following industry regulations and implementing additional security measures should be seen as a must-have rather than a value-add.

“While cloud storage offers enormous benefits in cost savings, data portability and security, small businesses should ensure they implement proper security measures and follow necessary regulations to protect their data in the cloud,” the report wrote.

You can read the full report here.