- A year-round program, consisting of computer-based training, in-person training, a formal phishing awareness program, and regular firmwide communications about new threats, strives to make our employees more aware and educated on cyber risks.
- Through our 24/7 cyber security hotline, employees are empowered to quickly escalate concerns.
Continue to adapt cybersecurity practices in the face of an evolving threat landscape, enlisting every BBH employee in the effort to protect the privacy, intellectual property, and data of our clients, employees, and business partners.
Technology has made it possible to communicate, collaborate, and share data seamlessly and from any location. But the same technology on which we increasingly rely, especially during a period of mass migration to remote work, is being exploited by cybercriminals. That is why BBH is committed to protecting the privacy, data, and intellectual property of our stakeholders. We maintain a multi-layered protective environment to safeguard stakeholder assets from external and internal threats, and continually work to strengthen our controls as attack strategies evolve. We recognize that information security has a social impact that extends beyond our direct business relationships and activities.
Against a changing industry and risk landscape, BBH has had to be vigilant to maintain a resilient business in the face of cyber threats. The shift to remote work brought additional considerations and analysis about how we conduct our business and protect our stakeholders’ data. We responded by focusing on governance, education, third-party risk management, and external validation of the strength of our cybersecurity program.
BBH designed our information security program to proactively address threats and regulatory requirements while protecting firm and client data. We focus on governance, prevention, detection, response, and recovery. The program’s components include third-party risk, identity and access management, infrastructure defense, network, perimeter, and insider threat monitoring, and cyber incident management. These components – combined with a robust training and communications program – help us build a more resilient organization.
Core Program Components
- BBH operates in compliance with evolving industry best practices and guidance – as well as applicable privacy, banking, and securities regulations in each of our operating jurisdictions.
- BBH’s Compliance and Enterprise Risk Management teams monitor and track evolving regulations and laws to identify additional requirements and provide input to the cybersecurity program to provide for timely compliance.
- BBH’s systems and policies protect the firm’s information resources, including controls to address confidentially, integrity, and availability.
- The Infrastructure Security Team supports, tests, deploys, and maintains infrastructure devices required to manage the firm’s network, mitigating a significant number of cyber security threats.
- Security threats are monitored 24/7, allowing for quick escalations with appropriate transparency.
- Our incident response plan is designed to promptly respond to, and recover from, cyber security events affecting the confidentiality, integrity, or availability of information systems or the continuing functionality of any aspect of our business or operations.
- We review, escalate, and resolve reported data disclosures in accordance with a defined process based on regulatory and contractual requirements, as well as industry best practices.
- We stay abreast of threats and countermeasures through information-sharing organizations and regularly contributes to cyber security industry and vendor conferences.
Based on 2021 data
Brown Brothers Harriman & Co. (“BBH”) may be used as a generic term to reference the company as a whole and/or its various subsidiaries generally. This material and anyproducts or services may be issued or provided in multiple jurisdictions by duly authorized and regulated subsidiaries. This material is for general information and referencepurposes only and does not constitute legal, tax or investment advice and is not intended as an offer to sell, or a solicitation to buy securities, services or investment products.Any reference to tax matters is not intended to be used, and may not be used, for purposes of avoiding penalties under the U.S. Internal Revenue Code, or other applicable taxregimes, or for promotion, marketing or recommendation to third parties. All information has been obtained from sources believed to be reliable, but accuracy is not guaranteed,and reliance should not be placed on the information presented. This material may not be reproduced, copied or transmitted, or any of the content disclosed to third parties,without the permission of BBH. Pursuant to information regarding the provision of applicable services or products by BBH, please note the following: Brown Brothers HarrimanFund Administration Services (Ireland) Limited and Brown Brothers Harriman Trustee Services (Ireland) Limited are regulated by the Central Bank of Ireland, Brown BrothersHarriman Investor Services Limited is authorised and regulated by the Financial Conduct Authority, Brown Brothers Harriman (Luxembourg) S.C.A is regulated by the Commissionde Surveillance du Secteur Financier. All trademarks and service marks included are the property of BBH or their respective owners. © Brown Brothers Harriman & Co. 2021.All rights reserved. FIRM-00412-2022-09-14