staying safe online


With online security measures becoming front-of-mind more than ever before, we sit down with HESTA’s General Manager – Information Security, Doris Tidd to share what HESTA is doing to safeguard members’ online information, and what members and employers can do to help protect themselves.


1. Tell us about your role at HESTA.

My role oversees HESTA’s information, cyber, and data security. My team manages security policies to protect critical data and manage information security risks, ensuring they are aligned with our business objectives and maintain the trust of our people, partners, and members.


2. Globally, the world has seen heightened online security risks. How has the Australian superannuation industry been impacted and what is HESTA doing to protect members’ money?

The super ecosystem is complex, relying on a range of stakeholders including members, employers, advisers, payroll providers, gateway providers, administrators, custodians, investment managers, regulators and super funds to all work together to deliver the member experience.

Because of the interconnected nature of our super ecosystem, we depend on each other to protect the super savings of all Australians. Given the rapidly evolving cyber landscape, we must all work together now to ensure that our services continue to safeguard the super savings entrusted to us by retired and working Australians.

At HESTA, we take the protection of our members’ personal and financial information very seriously. We have rigorous security measures in place to protect our members, their details and accounts. Their data, along with their super, is one of the most precious assets they own. Member and employer security is our priority, and we work hard to protect your information. Access to personal information at HESTA is limited to the account holder and the people who manage the account and provide the information, products and services attached to it, as well as government or legal bodies. We collect only the personal information we need to manage members’ super. We also apply extra checks on key transactions to verify identity.



3. What are your top tips for members to protect their accounts?

Members play a key role in keeping their online account information safe and secure. It’s easy to activate and help protect their online account by setting up two layers of security for extra peace of mind – known as two-factor authentication. Two-factor authentication is an effective way to protect their valuable information and accounts against unauthorised access. Members can set up two-factor authentication via their online account.

It’s important to always remain vigilant to protect your employees’ information. Here are some things you can do:


  • Create an incident response plan — having a plan in place can help your organisation respond to any form of cyber security incident – while continuing to conduct your business.
  • Limit access to sensitive information to only those who need to see it to do their job.
  • Educate everyone — regular cyber security awareness training can ensure your employees know what to do if they make a mistake or if they detect something that isn’t right. You can find out more at Protecting your staff.
  • Update and backup your devices, turn on multi-factor authentication, and set secure passphrases.
  • Report cybercrime to ReportCyber and scams to Scamwatch and contact IDCARE if you’ve experienced identity theft.
  • Remain alert for phishing scammers on email or SMS — verify the sender’s details. Learn more about keeping your super safe.
  • To learn more about the basics of how to keep yourself secure, go to



HESTA not your default fund?

Find out how we can make your life easier. And your employees' future brighter.