Hacked email marketing vendor Epsilon has implemented a “white list” of IP addresses that will be allowed to access its email platform to prevent a repeat of its recent mega breach.
“All access to the email platform, both inbound and outbound, will be restricted to white-listed IP addresses,” the company said in a statement Wednesday.
The highly restrictive white-list system, which would only permit requests from a set of pre-approved IP addresses, has been coupled with a new two-factor authentication system to control access to its
systems.
Both systems were provided by Verizon and replaced its previous password-based access system.
Two-factor authentication had been implemented for staff access, while the feature would be extended to clients by the third quarter of this year.
The increased measures were part of a raft of security improvements the company has worked on since discovering it had been hacked in March this year, leading to dozens of major companies issuing data
breach alerts to their customers.
This impacted potentially millions of its clients’ customers,including Dell Australia, which issued an alert in April.
Epsilon has adopted security service from Verizon’s recent cloud acquisition, Terremark, which will allow it to “identify and mitigate ‘electronic crimes in motion’ in a way that has not been possible until now”.
The company also plans to tackle phishing by opening communication channels with ISPs in an effort to identify phishing emails and “monitor brand abuse across email domains”.
“We recognise that established industry standards are simply not enough in this day and age,” said Bryan Kennedy, president and CEO of Epsilon, insisting that the company has “always taken security
seriously”.
“This commitment continues at Epsilon where we have already made significant progress to bolster security measures and remains focused on creating a more secure environment using the most sophisticated resources available in order to protect our clients and their customers from cyber attacks.”