5 ways to secure your Zoho One organization

5 ways to secure your Zoho One organization

In observance of National Cyber Security Awareness Month, we'll discuss all the ways you can protect your Zoho One organization in this article.

1. Monitoring incidents

The first step in securing your organization is monitoring and identifying your weaknesses and vulnerabilities. Zoho One's new Dashboard is a handy tool that identifies threats faced by your organization. The Sign-in Details graph lets you assess the sign-in attempts of all users, the location and time of the attempt, and even the device used for signing in.

The Dashboard has already helped our users understand the threat to their organization's security and the tools they have to combat it. Here is some of their feedback:
  • I really love these new reports! I have browsed the reports, and I am seeing 1,585 failed login attempts in the past 7 days, most of them from outside the country. This is bringing a lot of insight and helping to educate users about security. - Christophe Mendéz, Operations Director - MZ Consultants
  • Great update! One of the most interesting things I have seen is the number of failed logins from around the world. Thankful for MFA [multi-factor authentication]. - Gordon Mankelow, Business Technology & Zoho Specialist - Relativity Limited
  • SPOT ON! Many customers don't bother [turning on MFA], but I believe it is essential. That said, in my list of failed logins are numerous IMAP logins from abroad. - Matt Koopmans, Founder & Director - Aurelian Group
Once you know where your problems lie, you can start fixing them. Learn more about dashboard and reports.

2. Access management

According to the 2019 Verizon Data Breach Investigations Report (DBIR), 34% of breaches occur due to internal actors, and most of these internally-caused incidents are not intentional. They are merely user errors. This highlights a need for stricter access management—the tighter the user access control, the fewer vulnerabilities for malicious parties to exploit.

A common pitfall for most of our users is enabling all the apps in their Zoho One bundle right away and granting everyone access to them. Use the Applications tab in Zoho One to ensure that only the right people have access to the right tools. For example, your support agents wouldn't need access to Zoho Books or Zoho Campaigns. Invest some time into auditing and managing your users' access.

Continuous access management with Zoho One

Regularly auditing your users' access and making changes manually might be infeasible in the long run. This is why we suggest you use Conditional Assignments in Zoho One. Conditional Assignment can automatically assign apps to existing and future users based on rule-based conditions. You can configure a condition to assign specific application roles to specific users, further fortifying access-based security. Learn more about Conditional Assignment.

Secure, trusted access points

Speaking of access management, securing physical access is just as important as securing digital access. We strongly suggest you make use of Zoho One's Allowed IPs feature to prevent malicious parties from gaining access to your organization. This feature follows the positive security model and allows your users to access their Zoho One accounts only from secure and trusted IP addresses. Learn more about Allowed IPs.

3. Secure delegation

The Verizon DBIR goes on to explain that the leading reason for security incidents is Privilege Misuse, which includes Unauthorized Access. Although "unauthorized access" sounds like complicated technical jargon, it is a simple concept—people signing in to accounts they shouldn't be signing into, often using credentials they obtain by unofficial (although not illegal) methods. A good example is a Zoho One Organization Owner sharing their credentials with an HR Manager, enabling them to add new employees to the organization. Even if the reasons behind the action are innocent, it leads to serious long-term problems.

If you find yourself in a situation where you need additional people operating your Zoho One organization, we strongly suggest that you use Zoho One Admins and App Admins to securely delegate responsibilities. Learn more about Admins.

4. Single sign-on

When talking about single sign-on (SSO), people tend to focus on convenience and ease-of-use. However, the biggest advantage of SSO is security. Not only does it eliminate the use of multiple passwords and the horde of problems they bring, it also follows the SAML 2.0 standard, ensuring only your users can access your applications. Learn more about using Zoho One as a SAML IdP.

5. Policy-based MFA

Using multi-factor authentication (MFA) is the first piece of advice given to organizations by almost every security expert. The only downside of MFA is that the more secure your authentication factors are, the harder they are to use. For example, using a hardware authenticator like Yubikey (which Zoho One now supports) is highly secure, but hard to use as it involves maintaining an additional hardware device. On the other hand, SMS-based OTPs are easy to use as they're tied to your mobile number, but they are considered the least secure form of MFA.

One way to handle this duality is through Zoho One's Security Policies. We suggest you create multiple security policies with varying degrees of security, and apply them to users based on their risk factor. Ask yourself which employees are handling your organization's most sensitive data. For example, Systems Admins or Payroll Managers may need stricter security policies than Sales Agents and Marketers. Learn more about Security Policies.



Now that you know the purpose of the different ways you can protect your Zoho One organization, we hope you'll be able to monitor and manage your security better! Happy National Cyber Security Awareness Month, and feel free to share your feedback in the comments section.

    Access your files securely from anywhere

          Zoho Developer Community




                                    Zoho Desk Resources

                                    • Desk Community Learning Series


                                    • Digest


                                    • Functions


                                    • Meetups


                                    • Kbase


                                    • Resources


                                    • Glossary


                                    • Desk Marketplace


                                    • MVP Corner


                                    • Word of the Day



                                        Zoho Marketing Automation
                                                • Sticky Posts

                                                • How to Add Users to your Organization in ZohoMail?

                                                  A better clarity so you can create other users to start using Zoho Mail. You can directly Add Users from the Control Panel to your Organization. You can invite users with the existing email address. If the person (user) already uses ZohoCRM, then you can import users from Zoho CRM. You can also import them using a .csv file. (if you are planning to add them in Bulk)  In this topic, We will be discussing on how to Add and Invite users only.  The Import options are self explanatory. ____________________________________________________________________________________________________________


                                                Manage your brands on social media



                                                      Zoho TeamInbox Resources

                                                        Zoho DataPrep Resources



                                                          Zoho CRM Plus Resources

                                                            Zoho Books Resources


                                                              Zoho Subscriptions Resources

                                                                Zoho Projects Resources


                                                                  Zoho Sprints Resources


                                                                    Qntrl Resources


                                                                      Zoho Creator Resources



                                                                          Zoho Campaigns Resources


                                                                            Zoho CRM Resources

                                                                            • CRM Community Learning Series

                                                                              CRM Community Learning Series


                                                                            • Kaizen

                                                                              Kaizen

                                                                            • Functions

                                                                              Functions

                                                                            • Meetups

                                                                              Meetups

                                                                            • Kbase

                                                                              Kbase

                                                                            • Resources

                                                                              Resources

                                                                            • Digest

                                                                              Digest

                                                                            • CRM Marketplace

                                                                              CRM Marketplace

                                                                            • MVP Corner

                                                                              MVP Corner





                                                                                Design. Discuss. Deliver.

                                                                                Create visually engaging stories with Zoho Show.

                                                                                Get Started Now


                                                                                  Zoho Show Resources


                                                                                    Zoho Writer Writer

                                                                                    Get Started. Write Away!

                                                                                    Writer is a powerful online word processor, designed for collaborative work.

                                                                                      Zoho CRM コンテンツ






                                                                                        Nederlandse Hulpbronnen


                                                                                            ご検討中の方





                                                                                                  • Recent Topics

                                                                                                  • Zoho Analytics Pivot Table - How to compare month vs last year same month

                                                                                                    Hi, I had created a pivot table with setup as below: Column: - Delivery Date Row: - Customer Group Data as column - Total amount (sum > normal) (show data of the month) - Total amount (sum > % difference from previous value) (compare between this month
                                                                                                  • Recorded imported goods

                                                                                                    I have imported some goods from a foreign vendor called ABC. to Bahrain. My Customs duty and VAT are paid by an agency called XYZ to authorities. I have paid the amounts to XYZ and they have paid to authorities in behalf of us using our TRN Number. Now
                                                                                                  • Notes created in mobile app not syncing with web notebook

                                                                                                    I have created certain notes in a new notebook in mobile app. The new notebook is also created using mobile app and when I logged in through web I am unable to see notebook that I have created using mobile app. there is no trace of notes in which i have created in mobile app on the web even after days of creating in mobile app This is not the case vise-a-versa. the notes and note book created on web are accessible on mobile app on real time.  this is very inconvenient and big demotivating factor
                                                                                                  • Match Transaction > Filter | Allow wildcards in search

                                                                                                    The Filter function is useful for narrowing down to a specific set of transactions. It would be useful to have the ability to use wildcards in search. e.g. customer name "starts with" or " * " as a placeholder. e.g. "National * " instead of "National
                                                                                                  • Marketing Automation Emails Going to Spam

                                                                                                    Google is trapping all the marketing automation emails in spam. My domain has a perfect reputation and it looks like Zoho has a low reputation which is sending it to spam. When I pull the email out of spam and click on a link in the email, I get this
                                                                                                  • Convert Request to Forum Topic

                                                                                                    I know you can convert a forum topic to a request and a request to a solution in the knowledge base, but how do you convert a request to a forum topic?  Is this possible?  If not is this a feature coming down the pipe in the near future? Thanks!
                                                                                                  • Zoho Sign / Prefill By You - Editable by Them!

                                                                                                    Zoho Sign seems to have two field options available - an empty field for signer(s) to complete or a field that has been prefilled by you, that becomes read only once sent.  What I would like is an option on the pre-filled by you fields, to leave them
                                                                                                  • Is the Contacts sync between Campaigns and CRM bi-directional?

                                                                                                    Is the Contacts sync between Campaigns and CRM bi-directional?
                                                                                                  • Task does not syncing to google calendar shedual

                                                                                                    Hi why does the tasks activities do not syncing with the google calendar like the event option does?
                                                                                                  • Bug with Zobot Human transfer

                                                                                                    I have configured the brand, the operator, and the Zobot in Spanish. However, no matter what I do, it always says "YES" instead of "Sí" or "Sure, why not " instead of "Claro, ¿por qué no?" when asking if the user wants to contact a human operator. The
                                                                                                  • This mobile number has been marked spam. Please contact support.

                                                                                                    Hi Support, Can you tell me why number was marked as spam. I have having difficult to add my number as you keep requesting i must use it. My number is +63....163 Or is Zoho company excluding Philippines from their services?
                                                                                                  • Something went wrong. One or more fields contain errors

                                                                                                    I am getting this error but there is no way to debug what field is causing the issue . I have over 100 fields. Everything was working fine and then i fixed some fields that should have the same field names but had a typo and i am getting this error. It
                                                                                                  • Integrating Zoho Desk Instances from two separate organizations

                                                                                                    Is it possible to integrate Zoho Desk with an instance from another organization? For example, creating a ticket in one organization can cause the creation of a ticket in the second organization? Or certain tickets from one organization be viewable by
                                                                                                  • Knowledge base bug - Error: Article couldn't be updated.

                                                                                                    It took me a while to figure this out, truly one of the most irritating bugs in Zoho. I hope you find this information helpful. When using the knowledge base to create articles, make sure your keywords are in lowercase and separated by commas. Otherwise,
                                                                                                  • Is this possible with Campaigns?

                                                                                                    My company is currently moving CRM's from Monday to Zoho One. Currently, our marketing lead process is send out 7 sms messages over 14 days if the lead is in a certain status. If we don't get a response the lead is put into a "Closed" status. Do we buy
                                                                                                  • How to view two portals (Zoho CRM & Zoho Books) in single login

                                                                                                    Hello there, I need to create a portal access for the Customers. Customer data present in two applications namely Zoho CRM & Zoho Books. My requirement is to show the two different portals(Zoho CRM Portal & Zoho books Portal) in single login. I could
                                                                                                  • Updating Bounced Contacts in Campaigns to the CRM

                                                                                                    The article explains how to update Opt-outs from Campaigns to CRM, but not bounces. While Campaigns will automatically remove any bounced emails from future campaigns, is there a process by which a bounce will update or make a notification in the CRM
                                                                                                  • Bandwidth, voice and poor video

                                                                                                    Dear Team, The webinar has made things quite easy and convenient for educators around the world. We are an art & culture-based organization where students and researchers are our major audience.  While using the Zoho webinar platform, we have observed that the audio lags and the video is of poor quality and often freezes. Some participants don't hear what is being spoken.  We also found that even a slightly slow internet connection disrupts the webinar while it should be working well even on lower
                                                                                                  • Zoho books and venmo

                                                                                                    Hi, Is there a way to hook Venmo into zoho books? I have a Venmo business account and want to be able to sync that. I know you can do it with the paypal integration but I dont want to use paypal for the fees and that doesnt allow me use/integrate my current
                                                                                                  • Global Sets for Multi-Select pick lists

                                                                                                    When is this feature coming to Zoho CRM? It would be very useful now we have got used to having it for the normal pick lists.
                                                                                                  • 550 5.4.6 Unusual sending activity detected. Please try after sometime. <a href=https://www.zoho.com/mail/help/usage-policy.html target=_blank>Learn more.</a>

                                                                                                    Please help me with this. Sending of mails is blocked.
                                                                                                  • The Social Wall: November 2024

                                                                                                    Hey everyone, As we move into December, we're excited to share all the updates that went live in Social during November. View, monitor, and respond to your WhatsApp and Telegram messages from Inbox Take your communication a step further by integrating
                                                                                                  • Segmenting Contacts Based on Product Purchased

                                                                                                    I am trying to organize our main Marketing Automation email list in a way that segments contacts based on products they have purchased (for example in this case it is 3 different products). To my knowledge, this would require the sync from Zoho CRM to
                                                                                                  • Urgent Assistance Needed with DKIM Verification

                                                                                                    Hi, I have been trying to verify the DKIM for the past month using your instructions as well as other resources. Unfortunately, I have not been able to resolve the issue, and it remains persistent. I need to address this problem as soon as possible so
                                                                                                  • How do I attach tasks from one task to other tasks in the same project

                                                                                                    How do I attach tasks from one task to other tasks in the same project
                                                                                                  • Incorrect Handling of XLSX data

                                                                                                    Trying to import an XLSX schedule of bills into Zoho Books I ran across the problem of date formatting. To replicate: Build a CSV file with bill dates in whatever format you like and import it - this should work if you match the "dd/MM/yyy" etc. format
                                                                                                  • Zoho Books Invoice Salesperson: requires ID but there is no "Fetch salesperson" action

                                                                                                    Hi, I am trying to attach a Salesperson to a Zoho Books invoice. In Zoho Flow, the salesperson field required an ID. However, I only have the salesperson name, I need to fetch salesperson by name and then provide the ID. There is no option to fetch salesperson...
                                                                                                  • Change format of quantity format

                                                                                                    Hi,  I would like to change the qunatity format from 1,00 to 1.  Is this possible?   thanks!
                                                                                                  • Ticket Views: filter criteria -> dynamic date values in relation to the current date

                                                                                                    Hello all, It would be very helpful if you could build custom views in such a way that you do not have to adjust the criteria daily or at whatever interval in order to change the fixed date value as needed. For example, I would like to create a view that,
                                                                                                  • Captchas: No support for Google reCAPTCHA or similar

                                                                                                    Hi all, The current captcha integrated into Creator is very basic, and often near-impossible to read. I'm building an app for a charity which includes a couple of public-facing forms, and this is a real issue for people with dyslexia and related conditions - it's effectively excluding them if you want any form of spam protection at all on your published forms (and that being said, the current captcha doesn't even seem very effective - bots can often read it more easily than humans). I've raised this
                                                                                                  • Maintain consistency in ticket responses with shared snippets

                                                                                                    Hello everyone! We are excited to announce that our highly anticipated snippet sharing feature is now available to all users. As you know, snippets are pre-defined message templates, or canned messages, that help agents respond to tickets with efficiency.
                                                                                                  • Tickets - Zoho Desk

                                                                                                    Hi Team, My Clients need to see their tickets created and the status of the ticket in the Zoho Support Desk itself. How can I do this? My Client doesn't have a Zoho Account. They need to access the ticket by the provided link without signing in.
                                                                                                  • Automatically assign Contacts to Account owners

                                                                                                    Hi, I have a finite number of accounts set up in the CRM, and each new contact that comes in is automatically assigned to an Account according to a rule I set up. I want the Contact owner in the Contacts module to be assigned to the relevant Account owner.
                                                                                                  • Making Copies/Duplicates of Zoho Forms (Shared)

                                                                                                    Question to the community: is there a way to take a 'shared form' , make a duplicate copy and save under My Forms, so that i can use that which was already created as a template to make updates to and use as a test form and be able to have full access,
                                                                                                  • Using IMAP configuration for shared email inboxes

                                                                                                    Our customer service team utilizes shared email boxes to allow multiple people to view and handle incoming customer requests. For example, the customer sends an email to info@xxxx.com and multiple people can view it and handle the request. How can I configure
                                                                                                  • Can you help us creating a customised form with payment link?

                                                                                                    I would like to create a customised Transport form where the user will be asked to make payment basis the drop/ pick up they select.
                                                                                                  • Deleting or disabeling predefined ticket list views

                                                                                                    Is it possible to delete or disable predefined views or is this still not possible? For instance, we are not using the chat function and therefore have no use for the "Missed Chats" view. Thanks!
                                                                                                  • Email an Invoice from API

                                                                                                    When calling the API to email an invoice, it seems it does not actually send it. Below is a screen shot where I used an API call for the bottom record, and it updated its' status to "Due Today", but no email was actually sent. The top record, I hit the
                                                                                                  • Unable to load your extension. Please check your plugin-manifest or Resources.json.

                                                                                                    Hi Team, I am using the config module with multiple fields of different types, such as checkboxes and picklists. However, I am encountering the following issues: Error Message: When loading the extension, I get the error: "Unable to load your extension.
                                                                                                  • Layout Rules / Quick create

                                                                                                    Hello, is there a way to create a layout rule for quick create option? Regards, Katarzyna
                                                                                                  • Next Page