5 ways to secure your Zoho One organization
In observance of National Cyber Security Awareness Month, we'll discuss all the ways you can protect your Zoho One organization in this article.
1. Monitoring incidents
The first step in securing your organization is monitoring and identifying your weaknesses and vulnerabilities. Zoho One's new Dashboard is a handy tool that identifies threats faced by your organization. The Sign-in Details graph lets you assess the sign-in attempts of all users, the location and time of the attempt, and even the device used for signing in.
The Dashboard has already helped our users understand the threat to their organization's security and the tools they have to combat it. Here is some of their feedback:
- I really love these new reports! I have browsed the reports, and I am seeing 1,585 failed login attempts in the past 7 days, most of them from outside the country. This is bringing a lot of insight and helping to educate users about security. - Christophe Mendéz, Operations Director - MZ Consultants
- Great update! One of the most interesting things I have seen is the number of failed logins from around the world. Thankful for MFA [multi-factor authentication]. - Gordon Mankelow, Business Technology & Zoho Specialist - Relativity Limited
- SPOT ON! Many customers don't bother [turning on MFA], but I believe it is essential. That said, in my list of failed logins are numerous IMAP logins from abroad. - Matt Koopmans, Founder & Director - Aurelian Group
Once you know where your problems lie, you can start fixing them. Learn more about dashboard and reports.
2. Access management
According to the 2019 Verizon Data Breach Investigations Report (DBIR), 34% of breaches occur due to internal actors, and most of these internally-caused incidents are not intentional. They are merely user errors. This highlights a need for stricter access management—the tighter the user access control, the fewer vulnerabilities for malicious parties to exploit.
A common pitfall for most of our users is enabling all the apps in their Zoho One bundle right away and granting everyone access to them. Use the Applications tab in Zoho One to ensure that only the right people have access to the right tools. For example, your support agents wouldn't need access to Zoho Books or Zoho Campaigns. Invest some time into auditing and managing your users' access.
Continuous access management with Zoho One
Regularly auditing your users' access and making changes manually might be infeasible in the long run. This is why we suggest you use Conditional Assignments in Zoho One. Conditional Assignment can automatically assign apps to existing and future users based on rule-based conditions. You can configure a condition to assign specific application roles to specific users, further fortifying access-based security. Learn more about Conditional Assignment.
Secure, trusted access points
Speaking of access management, securing physical access is just as important as securing digital access. We strongly suggest you make use of Zoho One's Allowed IPs feature to prevent malicious parties from gaining access to your organization. This feature follows the positive security model and allows your users to access their Zoho One accounts only from secure and trusted IP addresses. Learn more about Allowed IPs.
3. Secure delegation
The Verizon DBIR goes on to explain that the leading reason for security incidents is Privilege Misuse, which includes Unauthorized Access. Although "unauthorized access" sounds like complicated technical jargon, it is a simple concept—people signing in to accounts they shouldn't be signing into, often using credentials they obtain by unofficial (although not illegal) methods. A good example is a Zoho One Organization Owner sharing their credentials with an HR Manager, enabling them to add new employees to the organization. Even if the reasons behind the action are innocent, it leads to serious long-term problems.
If you find yourself in a situation where you need additional people operating your Zoho One organization, we strongly suggest that you use Zoho One Admins and App Admins to securely delegate responsibilities. Learn more about Admins.
4. Single sign-on
When talking about single sign-on (SSO), people tend to focus on convenience and ease-of-use. However, the biggest advantage of SSO is security. Not only does it eliminate the use of multiple passwords and the horde of problems they bring, it also follows the SAML 2.0 standard, ensuring only your users can access your applications. Learn more about using Zoho One as a SAML IdP.
5. Policy-based MFA
Using multi-factor authentication (MFA) is the first piece of advice given to organizations by almost every security expert. The only downside of MFA is that the more secure your authentication factors are, the harder they are to use. For example, using a hardware authenticator like Yubikey (which Zoho One now supports) is highly secure, but hard to use as it involves maintaining an additional hardware device. On the other hand, SMS-based OTPs are easy to use as they're tied to your mobile number, but they are considered the least secure form of MFA.
One way to handle this duality is through Zoho One's Security Policies. We suggest you create multiple security policies with varying degrees of security, and apply them to users based on their risk factor. Ask yourself which employees are handling your organization's most sensitive data. For example, Systems Admins or Payroll Managers may need stricter security policies than Sales Agents and Marketers. Learn more about Security Policies.
Now that you know the purpose of the different ways you can protect your Zoho One organization, we hope you'll be able to monitor and manage your security better! Happy National Cyber Security Awareness Month, and feel free to share your feedback in the comments section.
Access your files securely from anywhere
Centralize Knowledge. Transform Learning.
All-in-one knowledge management and training platform for your employees and customers.
New to Zoho Recruit?
Zoho Developer Community
New to Zoho LandingPage?
Zoho LandingPage Resources
New to Zoho Survey?
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Bigin?
Topic Participants
Ahilesh K
Sticky Posts
How to Add Users to your Organization in ZohoMail?
A better clarity so you can create other users to start using Zoho Mail. You can directly Add Users from the Control Panel to your Organization. You can invite users with the existing email address. If the person (user) already uses ZohoCRM, then you can import users from Zoho CRM. You can also import them using a .csv file. (if you are planning to add them in Bulk) In this topic, We will be discussing on how to Add and Invite users only. The Import options are self explanatory. ____________________________________________________________________________________________________________
New to Zoho TeamInbox?
Zoho TeamInbox Resources
Zoho CRM Plus Resources
Zoho Books Resources
Zoho Subscriptions Resources
Zoho Projects Resources
Zoho Sprints Resources
Qntrl Resources
Zoho Creator Resources
Zoho CRM Resources
Design. Discuss. Deliver.
Zoho Show Resources
Get Started. Write Away!
Writer is a powerful online word processor, designed for collaborative work.
Zoho CRM コンテンツ
-
オンラインヘルプ
-
Webセミナー
-
機能活用動画
-
よくある質問
-
Ebook
-
-
Zoho Campaigns
- Zoho サービスのWebセミナー
その他のサービス コンテンツ
Nederlandse Hulpbronnen
ご検討中の方
Recent Topics
Add multiple users to a task
When I´m assigning a task it is almost always related to more than one person. Practical situation: When a client request some improvement the related department opens the task with the situation and people related to it as the client itself, the salesmanHas anyone successfully gotten conditional rendering to work in Zoho Books Sales Order HTML PDF templates?
I’m trying to hide a custom field box when the custom field is blank. The value placeholder itself works perfectly: ${salesorder.cf_distribution_reference_numb} If the Sales Order has a value, it renders correctly. Example: 45488045. But when I wrap thatWhat's New in Zoho Inventory | April & May 2026
Hello users, We're excited to roll out the latest Zoho Inventory updates for April and May 2026. These enhancements are designed to make your daily operations smoother and more efficient, from advanced inventory management and flexible pricing to automatedLatest updates to Zia in Office Integrator
Hello Zoho Office Integrator users! We’re pleased to share exciting updates to the proofing capabilities of Zia, our AI-driven writing assistant, in Office Integrator. With these updates, you can now get spell and grammar check in Brazilian Portuguese,How To Invoice Immediately for Future Subscription
Hi, When a new subscription is created that has a future start date, Zoho Subscriptions does not invoice the customer until the start date of the subscription. Is there a way to immediately invoice the customer as soon as the subscription is created,Implementing Back Button Navigation in Zoho Creator
Zoho Creator does not currently support a native Back button within forms, so implementing backward navigation requires a workaround. We recently implemented this in an application that was split into 9 modular forms. Since users needed to move betweenDeleted User Emails
I need to delete a user as I need to re-use their license, but I'd like to keep all their emails that are attached to various contacts in the CRM. Their emails are hosted externally on an M365 license. Anyone any idea how best to engineer this? TIAIn wiki editor, dragging an image fails
Expected behavior: Within the WYSIWYG editor, we have been able to select and drag an image (that is already inserted in the page) to move it to a different position on the page. Current behavior: For a few days recently (possibly longer and I didn'tNot able to see appointements when the territory permission is activated
Hello, I created different territories to separate the various departments within the company that will be working on different projects. The issue I am currently experiencing is that when I enable territory-based permissions, I can see the work orderPrint multiple uploaded images in an HTML snippet in a Page
I have a Form: Job_Preparation It stores details of each new item that must be built by the fabricators in our workshop. The form has a field: Documents I upload 4 image files to the Documents field. I want to print a sheet for our workshop staff withQuotes Module - import data
Hello Zoho, is it possible to import Quotes records? I was trying and i have no results. Raport shows no data imported. Could you help me please how to do it?Introducing the new Zoho Announcements Hub
Hello, Enterprise Support Community! We are excited to announce a new way to keep up to date with recent product releases and announcements for the Zoho apps you use on a regular basis. Introducing our new centralized location to bring together all ZohoIntroducing Custom Columns in Forecasts in Zoho CRM
Hello all, Forecasts in Zoho CRM help sales representatives, managers, and business stakeholders evaluate performance and plan future sales activities. While standard metrics such as Target, Achieved Amount, and Pipeline Amount provide a baseline view,Can Zoho CRM Emails be used in Zoho Analytics in any capacity?
We're wanting to display details about Lead Activity in regular reports through Zoho Analytics but we're having difficulty integrating Emails at all. We'd like to be able to note when an email is received and when it is sent somewhere other than justRelated list view for Assets
We first set up all our parent assets in FSM and now we are adding child assets which are the parts for the parent assets. When under the customer related list, since it only displays 5 rows of data, I have to click through many assets to locate the parentZoho Books - France
L’équipe de Zoho France reçoit régulièrement des questions sur la conformité de ses applications de finances (Zoho Books/ Zoho Invoice) pour le marché français. Voici quelques points pour clarifier la question : Zoho Books est un logiciel de comptabilitéSmart URL Determination
I would like to see Vault implement some sort of "smart" URL determination. When one starts to add a new username-password combination from a new site, Vault brings in the exact URL of the page from which this is happening. All too often, it looks somethingProject Statuses
Hi All, We have projects that sometimes may not make it through to completion. As such, they were being marked as "Cancelled". I noticed that these projects still show as "Active" though which seems counter intuitive. In fact, the only way I can get themComposite Services and Account Tracking
I am looking to garner support/request the ability to make composite services. A quick search in the forums brings up multiple requests for this feature. I fail to see why an item is mandatory while services are optional. I also would like to see theMarketer's Space: Lists vs. segments—what's the difference?
Hello Marketers, Welcome back to another post in Marketer's Space! In email marketing, reaching the right audience is just as important as crafting the right message. Yet many marketers often confuse lists and segments, using them interchangeably withoutBuilding a Multi-Step Form Experience in Zoho Creator Using Standard Forms
Zoho Creator does not currently provide native multi-step form functionality. For applications with a large number of fields, a common requirement is to split data collection into manageable sections while maintaining a single application record. In thisAdd Video link to interview record
Hi Team, we are having team members consistently go to the interview record to find the link for their upcoming meeting and have been confused that they have not been able to find them. When the interview is created can you please upload the link to theZoho projects dependancies is a joke
About to cancel our Zoho One subscription because Zoho Projects is a mess. Can't build a proper progream in it because the dependancies doesn't work properly. Can't believe this software is promoter as a project program when one can't even build a properVorrei disdire l'abbonamento
Vorrei disdire l'abbonamento, ma non trovo il modo. Mi assistete?Wiki Add Attachment upload fails at about 15.3 MB
I am seeing consistent "Error in uploading file" for files larger than about 15,430 kB. For 15,300 kB or smaller, no problem, but 15,430 kB or larger always fail. This is over numerous trials. My test files, to examine this problem, were generated byStop Wasting Clicks: Let Us See All Notes in Quick View
Hi Zoho Recruit team, I would like to suggest an improvement to the candidate/application experience in Zoho Recruit. Today, it is difficult to get a full picture of a candidate when working from the Quick View, since notes are split between: Notes relatedZoho Books | Product updates | June 2026
Hello users, Welcome to this month's roundup of what's new in Zoho Books! We have an exciting line-up this time. The highlight is the launch of the all-new France Edition with full ISCA compliance. We're also introducing features such as Layout Rulesissue invoice for future subscription
Hi, I selected the invoice at the date of subscription from the setting (since the alternative is to pre-set a date of a month) which is not my case. So, my question : Some times I need to create a subscription that will start at a future date but I needAssociate emails from both primary and secondary contacts to deal
We need to associate emails from multiple contacts to a deal. Please advise how this can be achieved. At present, only emails from primary contacts can be associated. ThanksHow to set default reply email address depending on receipt email address
Hi, I have a number of different customer support email addresses (info@XYZ.com, retuns@XYZ.com etc.) and want to set Zoho Desk so that the email address from which an agent replies is automatically defaulted to a predetermined address depending to whichWriter is horrible
Form filling is about unusable for complex forms! I am so tired of it.How to Migrate from MDaemon to Zoho Mail Account?
Hi there, Zoho Mail is one of the most popular as well as leading competitor for several cloud email service providers. It is It provide cloud email service as well as desktop based email client. In recent years people are migrating from third party cloud servers to Zoho Mail. The reasons are plenty, i.e. the user interface, security, high performance and many countless amazing features. On the other hand MDaemon Mail (aka WorldClient) is also popular among cloud email servers. But there are someTrigger workflows from SLA escalations in Zoho Desk?
Hey everyone, I’m currently working with SLA escalation rules in Zoho Desk and ran into a limitation that I’m hoping someone here has solved more elegantly. As far as I can tell, SLA escalations only support fairly limited actions (like changing the ticketCRM Portal Lookup Linkage and Related Fields
hi, if someone can give me the right path, would be greatly appreciated. we want to do a customer portal for our partners who we issue work orders for our customers, the linkage via lookup fields Partner -> Work Order -> Customer in our portal, the primaryHOW TO: Searching a thread (email body/text) with a custom function, allowing filtering and specific actions
We are still trialing out Zoho at this time, but have found a major expected feature to be missing - the ability to search within the text of an email for automation/workflows. NOTE: You need to create a connection for zohodesk under settings -> DeveloperCold emails not allowed?
I planned to use Zoho Mail to send businesses some cold emails to offer my freelance writing services, but I noticed that the anti-spam policy is very strict -- no commercial emails whatsoever without prior permission from the recipient? I would be veryZoho Team Inbox - roadmap
Hi, would be good to understand the Teaminbox roadmap, in particular: 1. API / Zoho Deluge connections. We have a process where the each email needs to be either tagged or assigned daily. It would be great if we could automate a 5pm alert for any exemptionsLeave Time - Past Dates by Pay Period
Under Settings | Leave Policy | [policy name] | Restrictions, one can set a number of days that an employee can go back to apply leave. This is very good and very needed. However, in most organizations, the real deadline isn't X number of days from theLink webform to a job opening
I have a webfrm embeded on my website and everytime a candidates fill the form, their candidate status is to new. Is it possible that it links to a specific job opening instead of me having to assing it manually ? ThanksNew in WorkDrive: Organize your storage using Data Templates
Organizations generate huge volumes of data day in and out. From financial reports, client details, and resumes to promotional images, product videos, and more. The list is endless. When you have so much data to manage, you need to classify your documents and structure them in a way that makes them more accessible. This is exactly what WorkDrive's Data Templates lets you do! You can create Data Templates, add meta data as custom fields, and associate those fields with files and folders based onNext Page