5 ways to secure your Zoho One organization
In observance of National Cyber Security Awareness Month, we'll discuss all the ways you can protect your Zoho One organization in this article.
1. Monitoring incidents
The first step in securing your organization is monitoring and identifying your weaknesses and vulnerabilities. Zoho One's new Dashboard is a handy tool that identifies threats faced by your organization. The Sign-in Details graph lets you assess the sign-in attempts of all users, the location and time of the attempt, and even the device used for signing in.
The Dashboard has already helped our users understand the threat to their organization's security and the tools they have to combat it. Here is some of their feedback:
- I really love these new reports! I have browsed the reports, and I am seeing 1,585 failed login attempts in the past 7 days, most of them from outside the country. This is bringing a lot of insight and helping to educate users about security. - Christophe Mendéz, Operations Director - MZ Consultants
- Great update! One of the most interesting things I have seen is the number of failed logins from around the world. Thankful for MFA [multi-factor authentication]. - Gordon Mankelow, Business Technology & Zoho Specialist - Relativity Limited
- SPOT ON! Many customers don't bother [turning on MFA], but I believe it is essential. That said, in my list of failed logins are numerous IMAP logins from abroad. - Matt Koopmans, Founder & Director - Aurelian Group
Once you know where your problems lie, you can start fixing them. Learn more about dashboard and reports.
2. Access management
According to the 2019 Verizon Data Breach Investigations Report (DBIR), 34% of breaches occur due to internal actors, and most of these internally-caused incidents are not intentional. They are merely user errors. This highlights a need for stricter access management—the tighter the user access control, the fewer vulnerabilities for malicious parties to exploit.
A common pitfall for most of our users is enabling all the apps in their Zoho One bundle right away and granting everyone access to them. Use the Applications tab in Zoho One to ensure that only the right people have access to the right tools. For example, your support agents wouldn't need access to Zoho Books or Zoho Campaigns. Invest some time into auditing and managing your users' access.
Continuous access management with Zoho One
Regularly auditing your users' access and making changes manually might be infeasible in the long run. This is why we suggest you use Conditional Assignments in Zoho One. Conditional Assignment can automatically assign apps to existing and future users based on rule-based conditions. You can configure a condition to assign specific application roles to specific users, further fortifying access-based security. Learn more about Conditional Assignment.
Secure, trusted access points
Speaking of access management, securing physical access is just as important as securing digital access. We strongly suggest you make use of Zoho One's Allowed IPs feature to prevent malicious parties from gaining access to your organization. This feature follows the positive security model and allows your users to access their Zoho One accounts only from secure and trusted IP addresses. Learn more about Allowed IPs.
3. Secure delegation
The Verizon DBIR goes on to explain that the leading reason for security incidents is Privilege Misuse, which includes Unauthorized Access. Although "unauthorized access" sounds like complicated technical jargon, it is a simple concept—people signing in to accounts they shouldn't be signing into, often using credentials they obtain by unofficial (although not illegal) methods. A good example is a Zoho One Organization Owner sharing their credentials with an HR Manager, enabling them to add new employees to the organization. Even if the reasons behind the action are innocent, it leads to serious long-term problems.
If you find yourself in a situation where you need additional people operating your Zoho One organization, we strongly suggest that you use Zoho One Admins and App Admins to securely delegate responsibilities. Learn more about Admins.
4. Single sign-on
When talking about single sign-on (SSO), people tend to focus on convenience and ease-of-use. However, the biggest advantage of SSO is security. Not only does it eliminate the use of multiple passwords and the horde of problems they bring, it also follows the SAML 2.0 standard, ensuring only your users can access your applications. Learn more about using Zoho One as a SAML IdP.
5. Policy-based MFA
Using multi-factor authentication (MFA) is the first piece of advice given to organizations by almost every security expert. The only downside of MFA is that the more secure your authentication factors are, the harder they are to use. For example, using a hardware authenticator like Yubikey (which Zoho One now supports) is highly secure, but hard to use as it involves maintaining an additional hardware device. On the other hand, SMS-based OTPs are easy to use as they're tied to your mobile number, but they are considered the least secure form of MFA.
One way to handle this duality is through Zoho One's Security Policies. We suggest you create multiple security policies with varying degrees of security, and apply them to users based on their risk factor. Ask yourself which employees are handling your organization's most sensitive data. For example, Systems Admins or Payroll Managers may need stricter security policies than Sales Agents and Marketers. Learn more about Security Policies.
Now that you know the purpose of the different ways you can protect your Zoho One organization, we hope you'll be able to monitor and manage your security better! Happy National Cyber Security Awareness Month, and feel free to share your feedback in the comments section.
Access your files securely from anywhere
Centralize Knowledge. Transform Learning.
All-in-one knowledge management and training platform for your employees and customers.
New to Zoho Recruit?
Zoho Developer Community
New to Zoho LandingPage?
Zoho LandingPage Resources
New to Zoho Survey?
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Bigin?
Topic Participants
Ahilesh K
Sticky Posts
How to Add Users to your Organization in ZohoMail?
A better clarity so you can create other users to start using Zoho Mail. You can directly Add Users from the Control Panel to your Organization. You can invite users with the existing email address. If the person (user) already uses ZohoCRM, then you can import users from Zoho CRM. You can also import them using a .csv file. (if you are planning to add them in Bulk) In this topic, We will be discussing on how to Add and Invite users only. The Import options are self explanatory. ____________________________________________________________________________________________________________
New to Zoho TeamInbox?
Zoho TeamInbox Resources
Zoho CRM Plus Resources
Zoho Books Resources
Zoho Subscriptions Resources
Zoho Projects Resources
Zoho Sprints Resources
Qntrl Resources
Zoho Creator Resources
Zoho CRM Resources
Design. Discuss. Deliver.
Zoho Show Resources
Get Started. Write Away!
Writer is a powerful online word processor, designed for collaborative work.
Zoho CRM コンテンツ
-
オンラインヘルプ
-
Webセミナー
-
機能活用動画
-
よくある質問
-
Ebook
-
-
Zoho Campaigns
- Zoho サービスのWebセミナー
その他のサービス コンテンツ
Nederlandse Hulpbronnen
ご検討中の方
Recent Topics
App passwords stop working
Some of my app passwords appear to stop working after awhile. Seems to happen every 6 months or so. Just had to change one again for the second time in a year. Is this a bug or a feature? Or perhaps changes are being made on the back end on occasion thatDuplicate entries for contacts birthdays
Good morning I have recently started to use my Zoho calendar and noticed that there are multiple birthday events showing for some of my contacts. I have checked my contacts and there were duplicates for some contacts which I have now rectified but theZoho IMAP Access to mail doesn't sync messages
As stated in the topic - I have company account email address setup, and it has ( as in the picutre ) ActiveSync and Imap access enabled. However the messages does not show up while logged in in Zoho Mail however when I log in in thunderbird everythingCliq iOS can't see shared screen
Hello, I had this morning a video call with a colleague. She is using Cliq Desktop MacOS and wanted to share her screen with me. I'm on iPad. I noticed, while she shared her screen, I could only see her video, but not the shared screen... Does Cliq iOS is able to display shared screen, or is it somewhere else to be found ? RegardsTemps working custom view in Zoho Recruit
How do you create a custom view of temps working for this week. I have tried multiple combinations of job status, start date, end date etc but I am unable to find the correct combinations to show the temps I have working this week?? Any suggestions on how I can do this.Client Scripts similar to CRM?
Hi, Is there any plans for Client Scripts to become a feature of Recruit? Feel this will be a great benefit to a number of users. Would be great for example in cases where a Client has banned / blacklisted a Candidate - so that if that candidate is associatedAnnouncing Zoho Sheet desktop app for macOS and Windows (Beta)
Hello Sheet users, We know you’ve been waiting for this one. It has always been the top priority on our roadmap to provide a single native desktop app for macOS and Windows that works both online and offline. Today, we are excited to announce that theBilling Status Update
Hello Latha, I’m working on a new automation (deluge) to fulfill one of our requirements. In this automation, there is a step to update the Work Order billing status from “Not Yet Invoiced” to “Non-Billable.” I tried to find the API information relevantWhat's New in Zoho POS - April 2026
Hello everyone, Welcome to Zoho POS’s monthly update, where we share our latest feature updates, enhancements, events, and more. Let’s take a look at how April went. Access and manage other web applications in Zoho POS with Web Tabs You can now accessMany Zoho POS Issues
Can not apply credits from a customers account as a form of payment. It shows that you can but there is a bug that does not execute the action. Reported many times. Can not view Sessions from Zoho POS WebView, throws a JQUERY error Workflows and actionsHOW I CAN GET BETA VERSION FOT TESTING
HI. ZOHO I AM INTERESTED IN YOUR BETA SOFTWARE TO EXPERIENCE NEW FEATURES.Multiple EAN code for product
option to add multiple EAN code for product???Issue adding/changing mobile number for OTP
Hi Zoho Community, I’m trying to add or change my mobile number, but I keep getting this error: “We’re unable to send OTP to this mobile number. Please contact support-as@eu.zohocorp.com” Because of this, I can’t verify my number or continue the setup.Zoho Payroll Canada does not work
We submitted payroll within the required timelines. The money was withdrawn from our account and our employees have not been paid. Impossible to get a hold of someone at Zoho. I can’t believe the company operates like this. What a bloody disgrace. ShameEnhance Appointment Buffers in Zoho Bookings
There was previously a long-standing feature request related to enhancing the way appointment buffers work in Zoho Bookings, but it looks like the original post has been deleted. I am therefore adding a new request that Zoho Bookings adjust how appointmentAllow customers to choose meeting venue and meeting duration on booking page
My business primarily involves one-to-one meetings with my clients. Given the hybrid-work world we now find ourselves in, these meetings can take several forms (which I think of as the meeting "venue"): In-person Zoom Phone call I currently handle theseElektronische Rechnung (PDF) im xRechnung / ZUGFeRD-Format
Hat jemand eine Lösung in Books realisiert? Wir sind am Export- und am Eingangsrechnung-Import interessiert.Event Time Zone in meeting invites are confusing users
When sending calendar invites to internal and external users, the first section "Event Time Zone" is confusing people and they are automatically declining events. Can this section please be removed??? It already shows the correct time zone next to theForwarding without verification
Hi, I use Tripit to keep track of all my business travel. I've recently moved over to Zoho and wanted to set up a forwarding rule to send various travel confirmation emails automatically to plans@tripit.com Obviously this is an email address I don't control,Wie veröffentliche ich ein PDF Datei?
Hallo! Wie veröffentliche ich PDF Datein ich habe ein PDF Datei und den sieht ihr im Upload ich möchte ihn veröffentlichen wie? Mit Freundlichen Grüßen, Herr Bahaa Addin ChkiridFilter by user in Pivot Chart
I have a Pivot chart where the data should be filtered by user. The user enters the system and should see only the data that correspond to it. Can anyone help me?Internal mails on our company domain (managed by Zoho) do not get delivered
Hi last week Thursday and Friday a colleague had sent me two emails which did not show up at all in my inbox, spam or anywhere else. What this a problem with Zoho mail in general or did this affect just us? From the forum is reads like many problems had#2 The Tax Talk Nobody Wants to Have
"We are also able to manage our GST invoices without worrying about compliance issues. With Zoho Invoice, we are happy, our tax consultant is happy, and so are our customers," rejoices Shivprateek Habib, Partner, Flutterboots Services LLP. That's usuallyBulk upload images and specifications to products
Hi, Many users have asked this over the years and I am also asking the same. Is there any way in which we can bulk upload product (variant) images and product specifications. The current way to upload/select image for every variant is too cumbersome.Workflows fail silently in Zoho CRM and there is no native way to know
Workflow automation is honestly one of the biggest reasons my clients choose Zoho. But there is one problem I keep running into across almost every implementation. When a workflow fails, nobody finds out. Email alerts hit daily limits and just stop. CustomIs there a way to update bounce domain after verification process has started
Hi Zeptomail Team, I've created a domain and we did not update the bounce domain to our custom record... the validation has already started and I am now unable to update the bounce domain. Is there any way to get this updated on the backend without deletingPre-orders at Zoho Commerce
We plan to have regular producs that are avaliable for purchase now and we plan to have products that will be avaliable in 2-4 weeks. How we can take the pre-orders for these products? We need to take the money for the product now, but the delivery willHow to Customize the Member Portal Login Page?
Hi everyone, I am currently using the default member portal login page for Zoho Commerce, but I feel it looks quite plain and doesn’t align well with my brand's style. I would like to make it more visually appealing, possibly by: Adding custom colorsPicklist values out-of-date in Campaigns
Hi I use a CRM (Global) picklist set of values for my field "Connection Strength" (see screenshot 1). . I use Campaigns to follow-up and change the Connection Strength value depending on their stage. The picklist values that appear in the dropdown forRefering cell from other sheet
Hi, If we want to refer any cell in the same sheet its very easy, like suppose if I want to refer cell A2 in P7 I just need to type =A2 in P7, similarly how can I refer a cell present in different sheet ( I mean refer cell A2 from Sheet1 into Sheet2) ThanksHow to keep track of bags, cans, drums of inventory?
We buy and sell products that are packaged in bags 🛍️, cans🥫, drums🛢️, etc. with batch numbers. When we get a shipment of one of the products, how do we track we received (say) 10 cans each of 5L of a product and maybe we received 10 cans of anotherGlobal/Overall Reports & Dashboards in Zoho Sprints
Hi, Do we have an option to refer Global Level Reports & Dashboards in Zoho Sprints? We could see that we have Project specific Reports & Dashboards inside every Project. However, for a management level we want Reports & Dashboards visibility at a GlobalImportant Update: New Fields Addition in Zoho Sprints Integration
We'd like to inform you of an upcoming update to the 'Timesheets' module in the Zoho Sprints integration from June 3, 2026. To enhance time tracking and reporting accuracy for the Zoho Sprints integration, three new fields - Log Type, Meeting ID, ReleasePackaged Weight And Dimensions
Hello, we have item weight and dimensions, please add packaged weight and dimensions. Thank youNome do Agente não aparece nas conversas do whatsapp para o nosso cliente
Nome do Agente não aparece nas conversas do whatsapp para o nosso cliente! Isso é ruim pois so,os em 5 agentes e o cliente fica sem saber com quem ele está falando, pois tentei procurar configurações que pudessem ter esta opção, mas até então não encontrei.Marketing Plus : quatre ans à réinventer la simplicité des opérations marketing
Pourquoi et comment ? Il y a exactement quatre ans, nous avons démarré simplement, avec une seule vision: unifier et simplifier les opérations marketing pour les équipes marketing de tous les secteurs. Chez Zoho, nous proposons des outils dédiés à chaquehide resolution from help centre
to my surprise, i just found out that the resolution text is public in the helpcenter, even if 'notify customer' is off. is there a workaround to that? how do others deal with this? How zoho support does this and I don't think its used by Zoho in the first place. the resolution is meant to be private, not publicZoho Desk - Event Calendar View
Hi Desk team, Are there any plans to introduce a calendar or timeline view for Events in Zoho Desk? It would be very helpful if we could see Events visually in a calendar and/or timeline. This is very helpful when desk side support activities need toPasting Images in Zoho Desk ignores cursor location
My team has reported an issue which started recently where when we paste an image into a new or existing reply or comment, the pasted image seems to ignore the current cursor location instead paste itself at the last character present in the reply/comment,Enrich your contact and company details automatically using the Data Enrichment topping
Greetings, I hope you're all doing well. We're happy to announce the latest topping we've added to Bigin: The Data Enrichment topping, powered by WebAmigo. This topping helps you automatically enhance your contact and company records in Bigin. By leveragingNext Page