5 ways to secure your Zoho One organization
In observance of National Cyber Security Awareness Month, we'll discuss all the ways you can protect your Zoho One organization in this article.
1. Monitoring incidents
The first step in securing your organization is monitoring and identifying your weaknesses and vulnerabilities. Zoho One's new Dashboard is a handy tool that identifies threats faced by your organization. The Sign-in Details graph lets you assess the sign-in attempts of all users, the location and time of the attempt, and even the device used for signing in.
The Dashboard has already helped our users understand the threat to their organization's security and the tools they have to combat it. Here is some of their feedback:
- I really love these new reports! I have browsed the reports, and I am seeing 1,585 failed login attempts in the past 7 days, most of them from outside the country. This is bringing a lot of insight and helping to educate users about security. - Christophe Mendéz, Operations Director - MZ Consultants
- Great update! One of the most interesting things I have seen is the number of failed logins from around the world. Thankful for MFA [multi-factor authentication]. - Gordon Mankelow, Business Technology & Zoho Specialist - Relativity Limited
- SPOT ON! Many customers don't bother [turning on MFA], but I believe it is essential. That said, in my list of failed logins are numerous IMAP logins from abroad. - Matt Koopmans, Founder & Director - Aurelian Group
Once you know where your problems lie, you can start fixing them. Learn more about dashboard and reports.
2. Access management
According to the 2019 Verizon Data Breach Investigations Report (DBIR), 34% of breaches occur due to internal actors, and most of these internally-caused incidents are not intentional. They are merely user errors. This highlights a need for stricter access management—the tighter the user access control, the fewer vulnerabilities for malicious parties to exploit.
A common pitfall for most of our users is enabling all the apps in their Zoho One bundle right away and granting everyone access to them. Use the Applications tab in Zoho One to ensure that only the right people have access to the right tools. For example, your support agents wouldn't need access to Zoho Books or Zoho Campaigns. Invest some time into auditing and managing your users' access.
Continuous access management with Zoho One
Regularly auditing your users' access and making changes manually might be infeasible in the long run. This is why we suggest you use Conditional Assignments in Zoho One. Conditional Assignment can automatically assign apps to existing and future users based on rule-based conditions. You can configure a condition to assign specific application roles to specific users, further fortifying access-based security. Learn more about Conditional Assignment.
Secure, trusted access points
Speaking of access management, securing physical access is just as important as securing digital access. We strongly suggest you make use of Zoho One's Allowed IPs feature to prevent malicious parties from gaining access to your organization. This feature follows the positive security model and allows your users to access their Zoho One accounts only from secure and trusted IP addresses. Learn more about Allowed IPs.
3. Secure delegation
The Verizon DBIR goes on to explain that the leading reason for security incidents is Privilege Misuse, which includes Unauthorized Access. Although "unauthorized access" sounds like complicated technical jargon, it is a simple concept—people signing in to accounts they shouldn't be signing into, often using credentials they obtain by unofficial (although not illegal) methods. A good example is a Zoho One Organization Owner sharing their credentials with an HR Manager, enabling them to add new employees to the organization. Even if the reasons behind the action are innocent, it leads to serious long-term problems.
If you find yourself in a situation where you need additional people operating your Zoho One organization, we strongly suggest that you use Zoho One Admins and App Admins to securely delegate responsibilities. Learn more about Admins.
4. Single sign-on
When talking about single sign-on (SSO), people tend to focus on convenience and ease-of-use. However, the biggest advantage of SSO is security. Not only does it eliminate the use of multiple passwords and the horde of problems they bring, it also follows the SAML 2.0 standard, ensuring only your users can access your applications. Learn more about using Zoho One as a SAML IdP.
5. Policy-based MFA
Using multi-factor authentication (MFA) is the first piece of advice given to organizations by almost every security expert. The only downside of MFA is that the more secure your authentication factors are, the harder they are to use. For example, using a hardware authenticator like Yubikey (which Zoho One now supports) is highly secure, but hard to use as it involves maintaining an additional hardware device. On the other hand, SMS-based OTPs are easy to use as they're tied to your mobile number, but they are considered the least secure form of MFA.
One way to handle this duality is through Zoho One's Security Policies. We suggest you create multiple security policies with varying degrees of security, and apply them to users based on their risk factor. Ask yourself which employees are handling your organization's most sensitive data. For example, Systems Admins or Payroll Managers may need stricter security policies than Sales Agents and Marketers. Learn more about Security Policies.
Now that you know the purpose of the different ways you can protect your Zoho One organization, we hope you'll be able to monitor and manage your security better! Happy National Cyber Security Awareness Month, and feel free to share your feedback in the comments section.
Access your files securely from anywhere
New to Zoho Recruit?
Zoho Developer Community
New to Zoho LandingPage?
Zoho LandingPage Resources
New to Zoho Survey?
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Bigin?
Topic Participants
Ahilesh K
Sticky Posts
How to Add Users to your Organization in ZohoMail?
A better clarity so you can create other users to start using Zoho Mail. You can directly Add Users from the Control Panel to your Organization. You can invite users with the existing email address. If the person (user) already uses ZohoCRM, then you can import users from Zoho CRM. You can also import them using a .csv file. (if you are planning to add them in Bulk) In this topic, We will be discussing on how to Add and Invite users only. The Import options are self explanatory. ____________________________________________________________________________________________________________
New to Zoho TeamInbox?
Zoho TeamInbox Resources
Zoho CRM Plus Resources
Zoho Books Resources
Zoho Subscriptions Resources
Zoho Projects Resources
Zoho Sprints Resources
Qntrl Resources
Zoho Creator Resources
Zoho CRM Resources
Design. Discuss. Deliver.
Zoho Show Resources
Get Started. Write Away!
Writer is a powerful online word processor, designed for collaborative work.
Zoho CRM コンテンツ
-
オンラインヘルプ
-
Webセミナー
-
機能活用動画
-
よくある質問
-
Ebook
-
-
Zoho Campaigns
- Zoho サービスのWebセミナー
その他のサービス コンテンツ
Nederlandse Hulpbronnen
ご検討中の方
Recent Topics
How to install Widget in inventory module
Hi, I am trying to install a app into Sales Order Module related list, however there is no button allow me to do that. May I ask how to install widget to inventory module related list?Paid Support Plans with Automated Billing
We (like many others, I'm sure) are designing or have paid support plans. Our design involves a given number of support hours in each plan. Here are my questions: 1) Are there any plans to add time-based plans in the Zoho Desk Support Plans feature? Theediting/applying online payments
We have customers who pay part or all of an invoice and then cancel their service and want the payment as a credit to future work. It would be ideal if we could make it an excess payment and then void the invoice. I can't make it an excess payment becauseContacts per department
Hello, Is it possible to limit Contacts to a Department? ThanksGood news! Calendar in Zoho CRM gets a face lift
Dear Customers, We are delighted to unveil the revamped calendar UI in Zoho CRM. With a complete visual overhaul aligned with CRM for Everyone, the calendar now offers a more intuitive and flexible scheduling experience. What’s new? Distinguish activitiesIs there a plan to allow for the hierarchical organization of Customers / Companies in Zoho Billing?
We have a few customers who have organizational structures that we haven't quite found a way to deal with in Zoho Billing. In CRM, these sub-companies (or subsidiaries or whatever you want to call them) all have another CRM account as the parent account.This site can’t be reached mail.zoho.com took too long to respond
In my office at any system, we couldnt able to login zoho email. it shows " This site can’t be reached mail.zoho.com took too long to respond". please fix it soon.Credit Management: #2 Configuring Right Payment Terms for Credit Control
Think about the last time you ordered something online and saw that little note at the checkout, "Pay on Delivery" or "Pay later". It's simple, but it actually sets the tone. As a business owner, you know exactly when payment is expected. Now, imagineCan send email from zoho mail, but can't receive any.
Hi, My domain is sattvameditationresort.com. I've updated MX records with those of Zoho. But i can't send any mails to this email id from gmail. I have checked the MX status with MXTOOLS, its showing the correct entry either. The error is as shown below:My domain did not activate
Hi, my domain (apsaindustrial.com.ar) did not activate, and the phone verification message never arrived. Please would you solve this problem? Thanks.Host not found?
Howdy! So i'm trying to add my custom domain for with the mail server. I have 100% control of my DNS and have tried every single option (TXT, CNAME, and even HTML) multiple times, ensuring i did it properly, to no luck. I get the same error message everyEmails are going to notification folder and not in inbox
emails are going to notification folder and not into inboxError AS101 when adding new email alias
Hi, I am trying to add apple@(mydomain).com The error AS101 is shown while I try to add the alias.Related list Mobile Device
Hello, We use an the Zoho creator application to make reports linked to Accounts. On the computer: it's easy to go the Account and see all the created reports in the related list below On iPad/Phone ZOHO CRM APP: we cannot see the reports on those accountsReport on opportunities showing only the last note added.
Hi I need to create a report that shows the most recent note added to each opportunity. This is so management can see what the latest update is according to the assigned salesperson. One workaround is to use the status field but this implies added manual work and mistakes as the salesperson would have to copy the existing status to a note before adding the latest status... otherwise the activity history would be lost. My current workaround is a report on Notes with Opportunities as the related module.Please add Zelle as an online payment option
Hello, I would like to request Zelle be added to the online payment service providers for Zoho Invoice. Considering how ubiquitous Zelle has become as a way to pay people via the major banking institutions, I feel like many freelancers would benefit fromZoho Sheet for Desktop
Does Zoho plans to develop a Desktop version of Sheet that installs on the computer like was done with Writer?This user is not allowed to add in Zoho. Please contact support-as@zohocorp.com for further details
Hello, Just signed up to ZOHO on a friend's recommendation. Got the TXT part (verified my domain), but whenever I try to add ANY user, I get the error: This user is not allowed to add in Zoho. Please contact support-as@zohocorp.com for further details I have emailed as well and writing here as well because when I searched, I saw many people faced the same issue and instead of email, they got a faster response here. My domain is: raisingreaderspk . com Hope this can be resolved. Thank youHow to display the CONTACT ID in the Contact page
Hi, I've seen this conversation below and it is exactly the same question I'm raising now, but unfortunately the last message is not solved https://help.zoho.com/portal/community/topic/show-contact-id-while-editing-contact-form I need to show the ContactId and I don't know how to do this. The last message included in the conversaton shows the way but not it is not completed. "I am sorry by default we do not have the option to show the record ID for the contacts in the field in a record. When youCRM x WorkDrive: We're rolling out the WorkDrive-powered file storage experience for existing users
Release plan: Gradual rollout to customers without file storage add-ons, in this order: 1. Standalone CRM 2. CRM Plus and Zoho One DCs: All | Editions: All Available now for: - Standalone CRM accounts in Free and Standard editions without file storageCreate Canvas list view templates from images powered by Zia
Currently available for all paid editions of Zoho CRM in the US, EU, IN, JP & CN DCs. Designing a personalized CRM interface just got even easier. In today’s fast-evolving digital landscape, AI is transforming the way we work by automating complex tasksPainfully Slow Zoho mail
Since yesterday Zoho Mail seems to have starting functioning very slowly and having a few bugs. It's slow to open mails, slow to send, slow to change between email accounts. Sometimes clicking on a particular folder (eg Sent folder) stops working and"Wrong password or login" Problem to configure Zoho on MAIL App on my Macbook
Hi, I'm having problems to configure my e-mail on my MAIL App(Macbook pro). My e-mail is hari@trespontoum.net Actually was working perfectly, and still working on my Iphone. My MAIL App prompt me that my login or password is wrong. I tried to change 3"User already exist in your org"
Hello, I've just read a discussion about this issue, which didn't solve my problem. I'm trying to add the following emails: sales@kiss-my-boutique.co.uk returns@kiss-my-boutique.co.uk orders@kiss-my-boutique.co.uk I'm getting an error message each time I try and add them. None of them are primary or secondary emails and none of them have been created as users before. I know this as when I try and login and do 'forgot my password' all I get is an error message saying 'user invalid'. Please advise.Operation Not Permitted
Hi, I have problem in adding user after verifying the domain but it seems like error appeared which is "operation not permitted". For your information, I had delete other domain before did it.Email forwarding setup fails
I'm trying to set up email forwarding from my Zoho email to my gmail address. I followed the directions to set up email forwarding here: https://www.zoho.com/mail/help/email-forwarding.html. I did only steps 1-6. After doing this, rather than settingPassing the CRM
Hi, I am hoping someone can help. I have a zoho form that has a CRM lookup field. I was hoping to send this to my publicly to clients via a text message and the form then attaches the signed form back to the custom module. This work absolutely fine whenShopify store email issues- Not getting emails
Hi We have migrated from Microsoft outlook to Zoho back in March, we have a shopify store, the domain is hosted on namesilo, not shopify, I have seen some people here complaining about not getting emails from customers who fill out the contact form onHow do I fix this? Unable to send message; Reason:554 5.1.8 Email Outgoing Blocked.
How do I fix this? Unable to send message; Reason:554 5.1.8 Email Outgoing Blocked.Invoice Discount Account
Is there a way to change the account used for Discounts applied to an invoice? The current Discount account (ZB native account) type is an "Income" type. I would like to change it to "Other Income", but that is not possible, I am assuming because it containsNeed Inactive accounts to be visible in Reports in Zoho Books
I N=need Inactive accounts to be visible in Reports in Zoho Books to do recons of the accounts but when i see the same they are not visible in the Accountant - Account Transactions reportAPI Support for Creating Invoices with Batch-Tracked Items
Hi Zoho Community, I am working on an integration where we create invoices in ERPNext and push them to Zoho Books. I need to send batch-tracked items (batch numbers) when creating invoices. I could not find any reference in the Zoho Books API documentation.javax.mail.authenticationfailedexception 535 authentication failed
Hi, I am facing 535 authentication failed error when trying to send email from zoho desktop as well as in webmail. Can you suggest to fix this issue,. Regards, RekhaPhantom Opening Balance
While experimenting w/ creating a composite item, Zoho added funds to Petty Cash and added Bank Account equal to previous day's balance. I'm unable to undo the adding of funds. Attaching screenshots of both bank account and petty cash transactions.Importing customer comments and multiple shipto addresses
I am evaluating Zoho Books and have most of my data imported with two exceptions: (1) Import customer comments - in my current system I have several comments of different types, and I need to bring these into Zoho. Preferably Books customer records, butDetailed Account Reports - Add Running Balance
When one clicks into an account from a report (say P/L or Balance Sheet), the default reports have the Debit, Credit, and then the Amount. The Amount column (last one) is duplicate information. It would be far better and fit more peoples' use cases ifHow to Billed from two different GST Numbers
How to Billed from two different GST Numbers. Suppose ABC & Co had GST registration in Delhi and Haryana and Zoho account is created with Delhi GST Registration number. Now i also want to issue invoice from Haryana GST Registration number. How can i proceed ?Payment system for donations management
I manage an organization where we receive donations from payers. Hence, there is no need to first create invoices and then create payments received against the invoices. What are the recommended best practices to do this in ZohoBooks?How do I associate pricebooks to a customer?
I setup a few pricebooks, that worked fine. But now the only thing I can do with it, when I enter a quote or sales order, I can select which pricebook to use, but I have to do this product by product every time I add one. Is there a way to connect a pricebookZoho IP blocked by SpamHaus
ERROR CODE :550 - 5.7.0 Your server IP address is in the SpamHaus SBL-XBL database, byeNext Page