- Through our 24/7 cyber security hotline, employees are empowered to quickly escalate concerns.
How does BBH protect the privacy, intellectual property, and data of its clients, employees, and business partners?
Financial services firms like BBH experience frequent attempted cyber-attacks, so we must work to keep information safe, stable, and out of bad actors’ hands. In response, we manage cyber risk as a business risk by implementing a common cyber security program as part of a broader asset protection strategy across all lines of business. Staying alert to – and ahead of – evolving threats requires everyone throughout our enterprise to participate in protection efforts.
BBH designed our information security program to proactively address threats and regulatory requirements while protecting firm and client data. We focus on governance, prevention, detection, response, and recovery. The program’s components include third-party risk, identity and access management, infrastructure defense, network, perimeter, and insider threat monitoring, and cyber incident management. These components – combined with a robust training and communications program – help us build a more resilient organization.
Our Goal
Continue to adapt cyber security practices in the face of an evolving threat landscape, enlisting every BBH employee in the effort.
Core Program Components
- BBH operates in compliance with evolving industry best practices and guidance – as well as applicable privacy, banking, and securities regulations in each of our operating jurisdictions.
- BBH’s systems and policies protect the firm’s information resources, including controls to address confidentially, integrity, and availability.
- The Infrastructure Security Team supports, tests, deploys, and maintains infrastructure devices required to manage the firm’s network, mitigating a significant number of cyber security threats.
- Security threats are monitored 24/7, allowing for quick escalations with appropriate transparency.
- Our incident response plan is designed to promptly respond to, and recover from, cyber security events affecting the confidentiality, integrity, or availability of information systems or the continuing functionality of any aspect of our business or operations.
- We review, escalate, and resolve reported data disclosures in accordance with a defined process based on regulatory and contractual requirements, as well as industry best practices.
- We stay abreast of threats and countermeasures through information-sharing organizations and regularly contributes to cyber security industry and vendor conferences.
Based on 2019 data