Securing today and protecting tomorrow

We understand that hackers find new ways to compromise security every day, which is why it’s so important to keep financial accounts and personal information safe from the risk of fraud, cyber threats and unauthorized activity. We work behind the scenes to prevent threats and protect your client and their employee data from known and emerging cyber risks.

Our approach to cybersecurity

With cybersecurity as a top priority, we take preventative measures to safeguard the confidentiality, integrity and availability of customer information — leveraging a 360° dynamic three-pronged approach. This high level of cybersecurity maturity is but one facet and an important component of an enterprise information security environment. By integrating several “best of breed” recommendations into a comprehensive policy, you can feel secure knowing your clients are well protected.

People
Orange icon of business professional

People: It starts with our highly skilled, tenured staff

  • We employ a talented team of dedicated security professionals that take advantage of the latest security awareness programs for Voya’s workforce
  • Conduct continual phishing tests annually to train employees on how to avoid phishing attacks
  • Participate in global hacking competitions
Process
Orange icon of two arrows intersecting

Process: Applying applicable regulatory requirements

  • Monitoring of daily activities, flagging potential fraudulent behaviors
  • Ongoing updates to our governance documents and processes to align to the changing compliance landscape
  • Participate in Industry Consortiums and government-sponsored organizations that helps us stay informed of security risks and trends
Technology
orange icon of gears

Technology: Protecting your data from within using advanced layers of defense

  • Utilizing a layer-of-defense approach to protect against external and internal threats
  • Deploying active threat detection and prevention protocols
  • Collaborating across the industry with proactive, real-time threat intelligence 
decorative image

Securely handling and storing your client’s data 

Voya’s robust cybersecurity and fraud prevention practices consist of multi-factor authentication (MFA), voice and fingerprint biometrics, secure emails, time logoffs and more. Our applicable regulatory requirements also align with many audits and certifications. Voya achieved compliance with ISO 27001 internationally recognized security standards, and we continue to maintain ISO compliance and annual revalidation from third-party assessors. 1

  • SOC 1 & SOC 2
  • ISO27001
  • PCI DSS
  • HITRUST

Advanced fraud prevention and detection

A successful fraud prevention and detection program requires commitment of resources, which is why we use a variety of tools to prevent, detect and investigate potential fraud. Our Compliance, Corporate Special Investigations (CSI), Technology Risk and Security Management (TRSM), and Operations teams have partnered to prevent, detect and investigate suspected fraud.

Voya’s S.A.F.E.® Guarantee

As part of our secure efforts, we have established the Voya S.A.F.E.® (Secure Accounts for Everyone) Guarantee. If any assets are taken from an employee’s retirement plan account or Voya-administered Individual Retirement Account due to unauthorized activity, and through no fault of your own, we will restore the value of their account.

Read More About Voya’s S.A.F.E. Guarantee

Security threat FAQs

How can my client protect their employees’ accounts against scams?

Your client can have their employees participate in yearly security education training and provide additional resources on tips for preventing identity theft. Visit our security page about protecting accounts and share these best practices with your clients to help keep accounts and personal information safe. 

What should my client do if fraud is suspected?

Along with your client’s organizational privacy and security process, these tips about what to do following a data breach may be helpful to share to ensure your client’s employees know what to do once an event has occurred. 

How can my client follow the proper precautions for email safety?

Business Email Compromise is a scam when a cyber-criminal compromises email accounts of victims to send fraudulent payment instructions and/or uses email to impersonate a business executive to access W2 information, and/or steal data. Learn how your client can prevent an email scam by following a few steps.

1 The audits and certifications noted apply to specific Voya scopes respective to contract obligations and industry requirements based on the type of data processed. 

CN3363947_0226