The international study, commissioned by Ponemon Institute, examined the cloud data security of businesses around the world by consulting with IT staff.
According to the report, 56 per cent admitted they don’t agree that their business “is careful about sharing sensitive information with third parties such as business partners, contractors and providers in cloud environments”.
Alarmingly, 35 per cent said that they are not even aware of the digital security measures their employer has in place.
The study suggested that a reason for this result is that some managers and executives make security decisions without consulting IT personnel.
Furthermore, 70 per cent said they use business-related software, with 54 per cent saying they make online backups. Yet only a third (34 per cent) said their business encrypts important data within that software.
The same proportion of respondents said their business encrypts or tokenises sensitive or confidential data directly within these applications.
What does this mean for SMEs?
On the back of these findings, the study provided a wealth of suggestions on how businesses can enhance their cloud security, such as reviewing whether using the cloud is the best solution.
“Confirm if the cloud provider or cloud user is most accountable and responsible for cloud security,” the report said.
“If it is the cloud provider, involve IT security in vetting and evaluating its security practices.
“If the organisation assumes responsibility, make sure there are clearly defined roles for the business functions using cloud services.
“Again, including IT security in establishing security policies and procedures is important.”
Another suggestion was to learn how to make sure the data entered into cloud-based applications is secure.
“Business cloud applications such as document sharing are growing in popularity.
“However, policies about the secure use of these applications are not being communicated.
“Organisations should make employees aware of the risks with specialised training about not circumventing security policies when using [software-as-a-service] applications.”
As previously published in My Business, it's also important for business owners to not just hand over IT issues to IT staff, but to actually take the time and understand these issues themselves.