Defense for the Digital Age

by Kasey Bevans

Hardly a day goes by that you don’t hear about a new cyber scandal. Whether it’s a government entity, a global corporation or even an individual computer user, the digital age has made potential targets of us all. Sony, Equifax and Target have all been victims of large-scale data theft, compromising the confidential personal and financial information of tens if not hundreds of millions of individuals.

In today’s highly connected, global society, cyber security is no longer a luxury but a business necessity. At Balfour Beatty, we approach protecting the information of our people, partners and projects the same way we view safety on our job sites. One of the core tenets of our Zero Harm program is that we must never become complacent. The same goes for cyber security and how we safeguard the valuable data we hold, using it wisely and with integrity.

Because cyber criminals labor around the clock, our Information Technology (IT) teammates embrace a mentality of continuous improvement, driven to help Balfour Beatty become safer than we were last year, last quarter, and even last month. Recently, Apple co-founder Steve Wozniak said cyber security is the greatest threat to mankind since the atomic bomb. That’s a profound but sadly accurate analogy. A major cyber attack is a weapon that can bring a business—or even an entire country—to its knees.

One of the advantages Balfour Beatty has as an international business is access to global IT innovation. In the United Kingdom, where our parent company is based, much more stringent laws like the General Data Protection Regulation (GDPR) have been enacted. Collaboration with our UK colleagues enables our US business to develop a stronger security posture. While our first stance is to Protect, we also have processes in place to Detect and then React to various types of breaches.

There are numerous ways hackers can gain access to private data, but at Balfour Beatty, we categorize them into three major areas. The first is by infiltrating employee devices via thumb drives, free Wi-Fi, or malicious websites. If the attack is successful, the employee may become “owned,” which means their device(s) and/or credentials are available to the hacker without the knowledge of the employee. Balfour Beatty mitigates this risk by regularly updating our operating system and software as new versions become available. Windows 10, for example, includes behavior-based analytics and enhanced defenses from malware and vulnerability exploits.

The second and particularly deceptive threat comes in the form of emails that masquerade as a trustworthy source like a company’s CEO. This is a particularly effective means of baiting employees to click on links or open attachments that install malware. Balfour Beatty has strong measures in place to detect and prevent these threats before they hit inboxes. But no safeguard can ever be 100% effective, because hackers discover new vulnerabilities in operating systems and web browsers nearly every day. Office 365 provides a layer of protection. Balfour Beatty has invested in Office 365 and several other protection tools as part of our information security strategy.

The third category is breaches of the company’s infrastructure. Hackers can target assets such as the network, applications, or servers. Our IT team conducts regular audits to ensure employees have not unintentionally exposed company data and that our administrators have eliminated as many security risks as possible. The protection of both company and employee data is equally important to our team.

As Balfour Beatty looks to the future of information security, we are exploring new protections such as multi-factor authentication. If you’ve never heard that term, you’ve probably already experienced it. Banks and credit cards, for example, will send a text or email confirmation code when users establish a connection to their online account. As we explore new protections, we do so to balance security risks against creating inconvenient or inefficient user experiences.

At home, we often install deadbolts, alarm systems, and even outdoor cameras to protect our families. Whether it’s businesses or individuals, information security is no different than any other risk. We must shore up our defenses and become a hard target—one that is difficult to breach and capable of deflecting attacks. On the job site and behind the screen of your computer or tablet, the best way to stay safe is to remain informed and speak up if you see something that doesn’t look or feel right. In the world of cyber security, your best offense is always a strong defense.

Want to learn more about Balfour Beatty’s approach to cyber security? Connect with our experts at info@balfourbeattyus.com.

Learn more about Kasey Bevans, senior vice president, and chief financial officer at Balfour Beatty.