The chances are more and more likely that your small business uses cloud storage. The technology makes data storage cheaper, more efficient, and easily accessible.
But does your business store sensitive data in the cloud? If so, you should be fully knowledgeable of any mandatory industry regulations that apply to your data storage.
A recent Clutch survey on cloud storage providers found that over half of small businesses storing customer credit card and banking information or medical data say they do not follow industry regulations.
Two industry regulations are almost always mandatory for small businesses storing this type of data:
- The Payment Card Industry Data Security Standard (PCI DSS)
- The Health Insurance Portability and Accountability Act (HIPAA)
The fact that small businesses may be ignoring important industry regulations is alarming. Read more to learn about these two important regulations, and how your small business can protect its data.
PCI DSS Protects Customer Credit Card & Banking Information
Several of the world’s major credit card brands – American Express, Discover, JCB International, MasterCard and Visa – created the Payment Card Industry Security Standards Council in 2006 to begin managing the security of electronic payment processing.
They then created PCI DSS, which offers twelve main requirements for compliance. Certain credit card brands will penalize businesses with fines if they store their information and are found not complying with the regulation.
Yet, 62% of small businesses that store customer credit card and banking information say they do not follow industry regulations, according to Clutch’s survey. This doesn’t necessarily mean that the information isn’t secured by other means, but any business storing banking information from major credit card brands should be aware of whether or not they comply with PCI DSS.
Some of PCI DSS’s requirements include:
- Installing and maintaining a firewall configuration
- Using and regularly updating anti-virus software or programs
- Assigning a unique ID to each person with computer access
A business will need to be evaluated by a Qualified Security Assessor to determine compliance. These are independent data security standards approved by PCI Security Standards Council.
Learn more about PCI DSS compliance.
HIPAA Federally Regulates the Security of Medical Data
If you are entrusting a small business with your private medical data, then you likely want assurance that the data will be kept secure.
President Bill Clinton signed HIPAA into law in 1996, and one section of the bill specifically protects electronic transactions of medical information.
Istvan Lam, CEO of end-to-end encrypted cloud storage provider Tresorit, describes the serious consequences of violating HIPAA:
“Recently, a hospital worker lost a laptop with 700 potential medical records,” said Lam. “If you think about it, 700 medical records is not much if you work on a daily basis with patients… but that laptop was lost and the hospital couldn’t prove if the laptop was encrypted or not. They got fined $3.5 million. A small breach like that can cost a fortune.”
Despite this, 54% of small businesses that store medical data say they do not follow industry regulations, according to Clutch’s survey.
Patrick R., Head of Strategy at Intuz, says that HIPAA protects data by requiring businesses to implement the following, among other measures:
- Role-based security – Users should have different levels of security based on their job function.
- Data backup plan
- “Strong” usernames and passwords
- Protection against malicious software
- Facility access controls/physical security
Don’t Neglect Industry Regulations
Now that so much information is stored in the cloud, it may feel burdensome to think about securing sensitive data. Regulations are complicated and after all, the volume of data stored in the cloud means that the likelihood of a security breach targeting your small business specifically is small.
Yet, the consequences of not complying with these regulations can be huge. Any smart small business will happily take on the work of complying with industry regulations to ensure their cloud storage is secure.