5 ways to secure your Zoho One organization
In observance of National Cyber Security Awareness Month, we'll discuss all the ways you can protect your Zoho One organization in this article.
1. Monitoring incidents
The first step in securing your organization is monitoring and identifying your weaknesses and vulnerabilities. Zoho One's new Dashboard is a handy tool that identifies threats faced by your organization. The Sign-in Details graph lets you assess the sign-in attempts of all users, the location and time of the attempt, and even the device used for signing in.
The Dashboard has already helped our users understand the threat to their organization's security and the tools they have to combat it. Here is some of their feedback:
- I really love these new reports! I have browsed the reports, and I am seeing 1,585 failed login attempts in the past 7 days, most of them from outside the country. This is bringing a lot of insight and helping to educate users about security. - Christophe Mendéz, Operations Director - MZ Consultants
- Great update! One of the most interesting things I have seen is the number of failed logins from around the world. Thankful for MFA [multi-factor authentication]. - Gordon Mankelow, Business Technology & Zoho Specialist - Relativity Limited
- SPOT ON! Many customers don't bother [turning on MFA], but I believe it is essential. That said, in my list of failed logins are numerous IMAP logins from abroad. - Matt Koopmans, Founder & Director - Aurelian Group
Once you know where your problems lie, you can start fixing them. Learn more about dashboard and reports.
2. Access management
According to the 2019 Verizon Data Breach Investigations Report (DBIR), 34% of breaches occur due to internal actors, and most of these internally-caused incidents are not intentional. They are merely user errors. This highlights a need for stricter access management—the tighter the user access control, the fewer vulnerabilities for malicious parties to exploit.
A common pitfall for most of our users is enabling all the apps in their Zoho One bundle right away and granting everyone access to them. Use the Applications tab in Zoho One to ensure that only the right people have access to the right tools. For example, your support agents wouldn't need access to Zoho Books or Zoho Campaigns. Invest some time into auditing and managing your users' access.
Continuous access management with Zoho One
Regularly auditing your users' access and making changes manually might be infeasible in the long run. This is why we suggest you use Conditional Assignments in Zoho One. Conditional Assignment can automatically assign apps to existing and future users based on rule-based conditions. You can configure a condition to assign specific application roles to specific users, further fortifying access-based security. Learn more about Conditional Assignment.
Secure, trusted access points
Speaking of access management, securing physical access is just as important as securing digital access. We strongly suggest you make use of Zoho One's Allowed IPs feature to prevent malicious parties from gaining access to your organization. This feature follows the positive security model and allows your users to access their Zoho One accounts only from secure and trusted IP addresses. Learn more about Allowed IPs.
3. Secure delegation
The Verizon DBIR goes on to explain that the leading reason for security incidents is Privilege Misuse, which includes Unauthorized Access. Although "unauthorized access" sounds like complicated technical jargon, it is a simple concept—people signing in to accounts they shouldn't be signing into, often using credentials they obtain by unofficial (although not illegal) methods. A good example is a Zoho One Organization Owner sharing their credentials with an HR Manager, enabling them to add new employees to the organization. Even if the reasons behind the action are innocent, it leads to serious long-term problems.
If you find yourself in a situation where you need additional people operating your Zoho One organization, we strongly suggest that you use Zoho One Admins and App Admins to securely delegate responsibilities. Learn more about Admins.
4. Single sign-on
When talking about single sign-on (SSO), people tend to focus on convenience and ease-of-use. However, the biggest advantage of SSO is security. Not only does it eliminate the use of multiple passwords and the horde of problems they bring, it also follows the SAML 2.0 standard, ensuring only your users can access your applications. Learn more about using Zoho One as a SAML IdP.
5. Policy-based MFA
Using multi-factor authentication (MFA) is the first piece of advice given to organizations by almost every security expert. The only downside of MFA is that the more secure your authentication factors are, the harder they are to use. For example, using a hardware authenticator like Yubikey (which Zoho One now supports) is highly secure, but hard to use as it involves maintaining an additional hardware device. On the other hand, SMS-based OTPs are easy to use as they're tied to your mobile number, but they are considered the least secure form of MFA.
One way to handle this duality is through Zoho One's Security Policies. We suggest you create multiple security policies with varying degrees of security, and apply them to users based on their risk factor. Ask yourself which employees are handling your organization's most sensitive data. For example, Systems Admins or Payroll Managers may need stricter security policies than Sales Agents and Marketers. Learn more about Security Policies.
Now that you know the purpose of the different ways you can protect your Zoho One organization, we hope you'll be able to monitor and manage your security better! Happy National Cyber Security Awareness Month, and feel free to share your feedback in the comments section.
Access your files securely from anywhere
New to Zoho Recruit?
Zoho Developer Community
New to Zoho LandingPage?
Zoho LandingPage Resources
New to Zoho Survey?
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Bigin?
Topic Participants
Ahilesh K
Sticky Posts
How to Add Users to your Organization in ZohoMail?
A better clarity so you can create other users to start using Zoho Mail. You can directly Add Users from the Control Panel to your Organization. You can invite users with the existing email address. If the person (user) already uses ZohoCRM, then you can import users from Zoho CRM. You can also import them using a .csv file. (if you are planning to add them in Bulk) In this topic, We will be discussing on how to Add and Invite users only. The Import options are self explanatory. ____________________________________________________________________________________________________________
New to Zoho TeamInbox?
Zoho TeamInbox Resources
Zoho CRM Plus Resources
Zoho Books Resources
Zoho Subscriptions Resources
Zoho Projects Resources
Zoho Sprints Resources
Qntrl Resources
Zoho Creator Resources
Zoho CRM Resources
Design. Discuss. Deliver.
Zoho Show Resources
Get Started. Write Away!
Writer is a powerful online word processor, designed for collaborative work.
Zoho CRM コンテンツ
-
オンラインヘルプ
-
Webセミナー
-
機能活用動画
-
よくある質問
-
Ebook
-
-
Zoho Campaigns
- Zoho サービスのWebセミナー
その他のサービス コンテンツ
Nederlandse Hulpbronnen
ご検討中の方
Recent Topics
Change rate after xxxx kilometers
Is there a way to change the miileage rate after a certain mileage. After 5000 kilometers, we want the rate to automaticly change. Thank !Sync desktop folders instantly with WorkDrive TrueSync (Beta)
Keeping your important files backed up and accessible has never been easier! With WorkDrive desktop app (TrueSync), you can now automatically sync specific desktop folders to WorkDrive Web, ensuring seamless, real-time updates across devices. Important:Can't attach
I am having problems sending attachments. I am trying to attach some PDFs to an email (as I do several times every day) but the progress bar on the attached file gets stuck somewhere between 20%-70% and when I hit send I get the error message 'AttachmentWhatsApp Channels in Zoho Campaigns
Now that Meta has opened WhatsApp Channels globally, will you add it to Zoho Campaigns? It's another top channel for marketing communications as email and SMS. Thanks.Existing subform data is being changed when new subform entries are added
I'm having trouble with existing subform data being changed when new subform entries are created. I have the following setup to track registrations for a girl scout troop: Main Form: Child Subform: Registrations The data are a one-to-many relationship where each Child record has many Registrations (new Registration will be created for each year the child is in the troop.) Per the instructions, I have created the subfom, added it to the main form, gone back to the subform and created the bi-directionalBigin: filter Contacts by Company fields
Hello, I was wondering if there's a way to filter the contacts based on a field belonging to their company. I.e.: - filter contacts by Company Annual Revenue field - filter contacts by Company Employee No. field In case this is not possibile, what workaroundButton on Deal screen to automate changing deal dates?
Hi I spend a lot of time working with our accounts managers here moving deals around the calendar, qualifying things etc. I'd like to have an easy way to change the closing date on a deal, from the deal screen table, rather than either click in to theAttention API Users: Upcoming Support for Renaming System Fields
Hello all! We are excited to announce an upcoming enhancement in Zoho CRM: support for renaming system-defined fields! Current Behavior Currently, system-defined fields returned by the GET - Fields Metadata API have display_label and field_label propertiesHow to authenticate my domain on ovh
I don't succeed in adding an domain authentification on ovh. Should i first create a subdomain? But this doesn't work either, ti gi ves te same screen and the next button is greyed out when adding the info received from zohoUndelivered Mail Returned to Sender
commerciale@etruriadesign.it, ERROR CODE :550 - "The mail server detected your message as spam and has prevented delivery." I have been corresponding with the receiver and they wrote "Ciao, ho fatto verificare ma purtroppo non è un problema che derivaKaizen #190 - Queries in Custom Related Lists
Hello everyone! Welcome back to another week of Kaizen! This week, we will discuss yet another interesting enhancement to Queries. As you all know, Queries allow you to dynamically retrieve data from CRM as well as third-party services directly withinNotifications no longer being sent to my email address for any scheduled events
The last few weeks, I stopped receiving email notifications to my email for events I have scheduled and have a selected reminder option checked.This domain is not allowed to add. Please contact support-as@zohocorp.com for further details
I am trying to setup the free version of Zoho Mail. When I tried to add my domain, theselfreunion.com I got the error message that is the subject of this Topic. I've read your other community forum topics, and this is NOT a free domain. So what is theGroup to shared mailbox conversion
Is it possible to convert a group in Zoho mail to a shared mailbox?Mail Merge Stuck in Queue
I am trying to send Mail Merge's and it never sends out to the full list. It always hits a portion and the rest remain in the "Queue" - the emails I am sending are time sensitive, so I need this to be resolved or have a way to push the emails throughwhy do I get error message each time I open zoho mail
why do I get error message each time I open zoho mailCross-department Parent-Child ticketing for faster and efficient ticket resolution
Hello everyone, Organizations frequently need to have multiple departments set up in their customer service ticketing system. However, when a customer raises an issue or an internal process that requires agents to collaborate with their peers, a lackCan't setup email on outlook (Android Phone)
Dear All Support, I have tried many time to setup this zoho mail over the android phone (outlook app) . But it's always show me to check username/password of my email . But i can login from the webmail , that's why i confuse , How can i able to accessHaving problem with MX records and SPF
Hi there, I have been facing a problem that my zoho mail doesn't receive mail. See Error in below The MX Records of your domain(s) mydomain.com are not pointed to Zoho and you may not receive emails in Zoho SPF entries in your domains DNS are not configuredZOHO Mail App Not working
There seems to be an issue with Zoho Mail App today. It is not connecting to server, internet is working fine, tried uninstalling app and reinstalling, loading circle keeps spinning round. Is there an update on the way?Account with own domain, IMAP vs IMAPPRO
Hi, I have email account with my own domain. I use Em Client email plan and when I use IMAPPRO incoming host, email comes in Em Client only when I restart program. If I use IMAP incoming host everything is ok. Port is 993 both option. Why so? What´s differentAutomatic Display the Price from CPQ
Is it possible to display the discounted price from CPQ that I created for my customer? For example, when the customer selects Product A, instead of showing the default price, it should display the discounted CPQ price.Enhancement - Financial Reports
Hello Everyone, As part of enhancing reports in Zoho Books, we have added an option`Compare With` in Financial reports. Using this, you can compare the current period with Previous Year(s)/Previous Period(s) (Maximum 3 periods). This option is available in the following Financial Reports: * Profit and Loss * Cash Flow Statement * Balance Sheet Please feel free to share your feedback. We are glad to hear from you. Regards, Nithya - Zoho Books Team.Associating Multiple Work Orders with a Single Invoice in Zoho FSM
Hello Everyone, Is it possible to associate multiple Work Orders with a single Invoice in Zoho FSM? Best Regards, Subhash KumarSent emails not going and showing "Processing"
Hello Team, Could you please assist with sent emails showing "processing" and not actually going through? Many thanks and regards, CycologyFree Plan mail accounts details
In the zoho mail pricing there's a free plan that includes: FREE PLAN Up to 25 Users 5GB* /User, 25MB Attachment Limit Webmail access only. Single domain hosting. I need to make sure that I'm able to create multiple email accounts in the form of: name@domain.comSpf cannot verify
Hello, Thank you for your service. I am not able to configure my SPF. I have follow several times your instructions but it does not work. I cannot verify. My domain is ptjpt.co.id Please help meCustom Function : Copy multilookup field to text field
Hi, I'm a newbie on function programming, I try to copy text from a multi lookup field named "societe" to a text field named "societe2". I've used this code. In deluge script it seems to work, but when I trigger this function it doesn't work (Societe2Introducing Global Sets for easy management of similar picklists in CRM
[Update | Sep 2024] We've increased the maximum count limit for global sets. These new limits are now live for AU and JP data centers and will be gradually opened to all. Please check this link for the updated limits. Hello folks, As administrators whoTikTok (and other social platform) Messages and comments of the past
When I link a social channel, Zoho will show in "Inbox", "Messages" and "Contact" sections the interaction done in the past? (comment, messages...)Announcing Zoho Community Developer Bootcamps in India – Extensions
Hey everyone! We're back with another line-up of Zoho Community Developer Bootcamps in India! Following the success of the first leg of bootcamps on Extensions, we're now ready with the second leg. These bootcamps focus on empowering developers of allUnable to send message:mail rate exceeded limit
Hi Admin I just got an email that outgoing has been blocked, I know why is the reason said " Mail rate exceeded limit", but I don't know the rule of Mail rate , so please tell me how to avoid the situation and fix this issue , my email id is morgan@homemesh.com.tw.Error when using fetchById in Client Script
When using client script when creating page (onLoad), I suddenly getting error "Cannot read properties of undefined (reading 'Accounts')" when using: var account_details = ZDK.Apps.CRM.Accounts.fetchById(account_id); I'm getting this error whenever tryingLos correos que envio, llegan como spam (Bandeja de correos no deseados)
Estimados, Buenas tardes, necesito su soporte, los correos que envío desde mi cuenta llegan como spam. (no deseados). ya sea hacia cuentas de hotmail, gmail... etc.. El dominio lo tengo alojado en nic.ar (argentina). Por favor, necesito resolver estoZoho say my domain seems to be already associated with another account
I created a website on zoho and associated my domain (bompescado.com) on it. You can see the A record and CNAME are working to it. Now I need to associate the same domain as webmail, but when I try it return with: " This domain name seems to be already associated with another account. If you own this domain, please contact us for assistance." Im following the advice and conctacting you to say I've not been associated this domain on zoho before. What do I need? Well, I need you manually remove itZoho Mail Not Receiving or Sending Email
My zoho mail is not sending or receiving mail. What's the fix for this?Cannot add new mail client
Hi Guys, I've just got a new laptop and am trying to set up Outlook to connect to my Zoho account. No matter what I do, I cannot connect I'm using IMAP for incoming mail, it's enabled in my account settings, and I'm using the setting shown on the accountZoho Payroll: Product Updates | April 2025
At Zoho Payroll, we’re always working to make every payday feel effortless. And sometimes, that means listening closely to your unique needs. This month, we’ve focused on adding features that give you the flexibility to pay your employees based on yourZoho CRM to Zoho Projects Workflow {"error":{"code":6831,"message":"Input Parameter Missing"}} connecting
void automation.Untitled_Function(String ProjName) { resp = invokeurl [ url :"https://projectsapi.zoho.com/restapi/portals/" type :GET connection:"zohoprojects" ]; info "Portal API Response: " + resp; portalId = null; if(resp != null) { if (resp.containsKey("portals"))Zoho mail Virus Scan Virus Detected (but I checked it with VirusTotal)
Dear all, since this morning we can;t send any attachments out. Zoho says there is a virus in it, but clearly there is not when I checked the file on VirusTotal.com. Please help us out!Next Page