Securing your today and protecting your tomorrow
While the world is becoming more advanced with the creation and use of digital tools for financial management, privacy and data breaches are at risk now more than ever. Hackers continue finding new ways to compromise security every day, and your organization or your employees may be the target of a threat. In fact, 82% of security breaches involve human interaction, highlighting the need for organizations to educate employees and encourage vigilance all year long.1 Because of that, we’ve incorporated several “best of breed” recommendations and practices into a comprehensive policy, so you can feel secure knowing your employees are well protected.
Our approach to cybersecurity
At Voya, we’ve committed to a 360° dynamic, preventative approach to protect client data and the personal information of employees. We actively work behind the scenes to proactively protect your plan data from known and emerging threats. With cybersecurity as a top priority, we’ve implemented extensive measures to safeguard the confidentiality, integrity and availability of customer information by leveraging a three-pronged approach: People, Process and Technology.
People: It starts with our highly skilled, tenured staff
- We employ a talented team of dedicated security professionals that take advantage of the latest security awareness programs for Voya’s workforce
- Conduct continual phishing tests annually to train employees on how to avoid phishing attacks
- Participate in global hacking competitions
Process: Applying applicable regulatory requirements
- Monitoring of daily activities, flagging potential fraudulent behaviors
- Ongoing updates to our governance documents and processes to align to the changing compliance landscape
- Participate in Industry Consortiums and government-sponsored organizations that helps us stay informed of security risks and trends
Technology: Protecting your data from within using advanced layers of defense
- Utilizing a layer-of-defense approach to protect against external and internal threats
- Deploying active threat detection and prevention protocols
- Collaborating across the industry with proactive, real-time threat intelligence
Securely managing and storing your data
Voya’s robust cybersecurity and fraud prevention practices consist of multi-factor authentication (MFA), voice and fingerprint biometrics, secure emails, time logoffs, and more. Our appropriate regulatory requirements also align with many audits and certifications. Voya achieved compliance with ISO 27001 internationally recognized security standards, and we continue to maintain ISO compliance and annual revalidation from third-party assessors.2
- SOC 1 & SOC 2
- ISO 27001
- PCI DSS
- HITRUST
Advanced fraud prevention and detection
A successful fraud prevention and detection program requires commitment of resources, which is why we use a variety of tools to prevent, detect and investigate potential fraud. Our Compliance, Corporate Special Investigations (CSI), Technology Risk and Security Management (TRSM), and Operations teams have partnered to prevent, detect and investigate suspected fraud.
Cybersecurity education resource center
Voya’s S.A.F.E.® Guarantee
As part of our secure efforts, we have established the Voya S.A.F.E.® (Secure Accounts for Everyone) Guarantee. If any assets are taken from an employee’s retirement plan account or Voya-administered Individual Retirement Account due to unauthorized activity, and through no fault of your own, we will restore the value of their account.
FAQs about handling security threats
How can my employees protect their accounts against scams?
How can my employees take the proper precautions for email safety?
What should my employees do if fraud is suspected?
1 2022 Verizon Data Breach Investigations Report (DBIR)
2 The audits and certifications noted apply to specific Voya scopes respective to contract obligations and industry requirements based on the type of data processed.