Securing your today and protecting your tomorrow
While the world is becoming more advanced with the creation and use of digital tools for financial management, privacy and data breaches are at risk now more than ever. Hackers continue finding new ways to compromise security every day, and your organization or your employees may be the target of a threat. In fact, 82% of security breaches involve human interaction, highlighting the need for organizations to educate employees and encourage vigilance all year long.1 Because of that, we’ve incorporated several “best of breed” recommendations and practices into a comprehensive policy, so you can feel secure knowing your employees are well protected.
Our approach to cybersecurity
At Voya, we’ve committed to a 360° dynamic, preventative approach to protect client data and the personal information of employees. We actively work behind the scenes to proactively protect your plan data from known and emerging threats. With cybersecurity as a top priority, we’ve implemented extensive measures to safeguard the confidentiality, integrity and availability of customer information by leveraging a three-pronged approach.
People: It starts with our highly skilled, tenured staff
- We employ a talented team of dedicated security professionals that take advantage of the latest security awareness programs for Voya’s workforce
- Conduct continual phishing tests annually to train employees on how to avoid phishing attacks
- Participate in global hacking competitions
Process: Applying applicable regulatory requirements
- Monitoring of daily activities, flagging potential fraudulent behaviors
- Ongoing updates to our governance documents and processes to align to the changing compliance landscape
- Participate in Industry Consortiums and government-sponsored organizations that helps us stay informed of security risks and trends
Technology: Protecting your data from within using advanced layers of defense
- Utilizing a layer-of-defense approach to protect against external and internal threats
- Deploying active threat detection and prevention protocols
- Collaborating across the industry with proactive, real-time threat intelligence
Securely managing and storing your data
Voya’s robust cybersecurity and fraud prevention practices consist of multi-factor authentication (MFA), voice and fingerprint biometrics, secure emails, time logoffs, and more. Our appropriate regulatory requirements also align with many audits and certifications. During Q1 2022, Voya achieved compliance with ISO 27001 internationally recognized security standards, and we continue to maintain ISO compliance and annual revalidation from third-party assessors.2
- SOC 1, SOC 2 & SOC 3
- ISO 27001
- PCI DSS
- HITRUST
Advanced fraud prevention and detection
A successful fraud prevention and detection program requires commitment of resources, which is why we use a variety of tools to prevent, detect and investigate potential fraud. Our Compliance, Corporate Special Investigations (CSI), Technology Risk and Security Management (TRSM), and Operations teams have partnered to prevent, detect and investigate suspected fraud.
Voya’s S.A.F.E. Guarantee®
As part of our secure efforts, we have established the Voya S.A.F.E.® (Secure Accounts for Everyone) Guarantee. This guarantee asserts that if any assets are taken from an employee’s retirement plan account or Voya-administered Individual Retirement Account due to unauthorized activity, we will restore the value of their account.3
Protection with the highest integrity
For the 11th consecutive year, Voya has been recognized by Ethisphere®, a global leader in defining and advancing the standards of ethical business practices, as one of the 2024 World’s Most Ethical Companies®.4 This honor represents our commitment to our customers.
FAQs about handling security threats
How can my employees protect their accounts against scams?
What should my employees do if fraud is suspected?
How can my employees take the proper precautions for email safety?
Cybersecurity education resource center
1 2022 Verizon Data Breach Investigations Report (DBIR)
2 The audits and certifications noted apply to specific Voya scopes respective to contract obligations and industry requirements based on the type of data processed.
3 As long as certain criteria are met
4 In March 2024, Voya Financial was one of 136 companies recognized by Ethisphere® as one of the 2024 World’s Most Ethical Companies® based on performance in 2023. The World’s Most Ethical Companies assessment is based upon Ethisphere’s Ethics Quotient® framework, which offers a quantitative way to assess a company’s performance in an objective, consistent and standardized way. The information collected provides a comprehensive sampling of definitive criteria of core competencies, rather than all aspects of corporate governance, risk, sustainability, compliance and ethics. Scores are generated in five key categories and provided to all companies that participate in the process: ethics and compliance program (35%), culture of ethics (20%), environmental and societal impact (20%), governance (20%), and third-party management (5%). While Voya’s Senior Vice President of Corporate and Organizational Development sits on Ethisphere’s Equity and Social Justice Initiative Advisory Council, he plays no role in the selection process for the World’s Most Ethical Companies award, but this fact has been disclosed to the extent it may be perceived as a possible conflict of interest. There is a processing fee of $3,500 USD to participate. Voya also pays $19,500 USD a year to participate in Ethisphere’s Business Ethics Leadership Alliance (“BELA”), which provides additional resources and services to members, including benchmarking data and related Ethisphere insights and guidance. There is also a $35,000 USD licensing fee for use of the logo. “World’s Most Ethical Companies” and “Ethisphere” names and marks are registered trademarks of Ethisphere LLC.