- Through our 24/7 cyber security hotline, employees are empowered to quickly escalate concerns.
Our Goal
Continue to adapt cybersecurity practices in the face of an evolving threat landscape, enlisting every BBH employee in the effort to protect the privacy, intellectual property, and data of our clients, employees, and business partners.
Technology has made it possible to communicate, collaborate, and share data seamlessly and from any location. But the same technology on which we increasingly rely, especially during a period of mass migration to remote work, is being exploited by cybercriminals. That is why BBH is committed to protecting the privacy, data, and intellectual property of our stakeholders. We maintain a multi-layered protective environment to safeguard stakeholder assets from external and internal threats, and continually work to strengthen our controls as attack strategies evolve. We recognize that information security has a social impact that extends beyond our direct business relationships and activities.
BBH designed our information security program to proactively address threats and regulatory requirements while protecting firm and client data. We focus on governance, prevention, detection, response, and recovery. The program’s components include third-party risk, identity and access management, infrastructure defense, network, perimeter, and insider threat monitoring, and cyber incident management. These components – combined with a robust training and communications program – help us build a more resilient organization.
Core Program Components
- BBH operates in compliance with evolving industry best practices and guidance – as well as applicable privacy, banking, and securities regulations in each of our operating jurisdictions.
- BBH’s systems and policies protect the firm’s information resources, including controls to address confidentially, integrity, and availability.
- The Infrastructure Security Team supports, tests, deploys, and maintains infrastructure devices required to manage the firm’s network, mitigating a significant number of cyber security threats.
- Security threats are monitored 24/7, allowing for quick escalations with appropriate transparency.
- Our incident response plan is designed to promptly respond to, and recover from, cyber security events affecting the confidentiality, integrity, or availability of information systems or the continuing functionality of any aspect of our business or operations.
- We review, escalate, and resolve reported data disclosures in accordance with a defined process based on regulatory and contractual requirements, as well as industry best practices.
- We stay abreast of threats and countermeasures through information-sharing organizations and regularly contributes to cyber security industry and vendor conferences.
Based on 2020 data