At Athena we take security seriously. Our cyber security program and dedicated security team are focused on keeping our systems and your data safe. We’re happy to answer any questions about your security at firstname.lastname@example.org or privacy at email@example.com.
But read on, we may have an A to your Q below.
Protecting your data
Access to data is limited only to our staff and systems that need it and only for when and what they need it for.
When requesting documents to support your loan application, we’ll always ask you to provide these via our secure portal, rather than email.
We only retain data for as long as required to support our operational, regulatory and legal obligations. We securely destroy data once it’s no longer required.
Protecting your account
What we do
We ask for Multi factor authentication on all Home Hub logins with settled loans, via an SMS code sent to your phone. For added security, you’ll need to do this again if you request a redraw.
After a period of inactivity, your Home Hub session expires, so you’ll need to login again.
Minimum requirements for passwords are enforced; simple (and easily hacked) passwords are not permitted.
What you can do
Create a fierce password - that you don't use anywhere else, hard for others to guess.
So you don’t forget it, consider using a password manager software to safely store your password(s). There’s more on being a password guru here: Creating Strong Passphrases | Cyber.gov.au
Change your password every season. Call us on 13 35 35 to request a reset, or use https://id.athena.com.au/forgotpassword. Have a read of the strong password tips above before selecting your new one.
When your phone or computer have updates, install them, it’s safer!
Stay vigilant. Keep an eye out for dodgy emails that say they are from Athena but don’t “feel right”. We’ll never ask for your password or personal information over email or SMS. Better safe than sorry; if in doubt, call us on 13 35 35 to check.
Our Security Program
Our security program is continuously aligned, tested and iterated upon based on industry best practice.
The security frameworks we use as a benchmark: NIST Cybersecurity Framework, ISO/IEC 27001, SOC 2, and the Australia Cyber Security Centre Essential 8.
The security of our suppliers and partners can directly affect our own. We choose whom we work with carefully, and ensure that they also implement good security.
The fundamentals have to be watertight:
- Strong controls on access to Athena systems and customer data (with extensive use of multi-factor authentication);
- Encryption of all sensitive data (including customer information) both in transit and at rest;
- CI/CD pipeline to enforce code security at every stage of the Software Development Lifecycle;
- Continuous logging and monitoring to detect controls failure and abnormal activities and to ensure timely response;
- Dedicated security team and partnerships in place with specialized incident response firms in the event of a major security incident.