GDPR/ DPA Contract EU Germany
Hello I need the GDPR/ DPA Contract or Declaration for the EU/Germany from Zoho for one of my clients. How can I get/ download that? Thank you.Any status about log4spring
Hi Zoho, can you provide us with an official statement if and how Zoho is affected by the log4spring vulnerability? ThanksCVE-2021-40539
Hi zoho Support, We use zoho. Is zoho affected by this vulnerability? CVE-2021-40539 Joe Salvaggio Town of Norwood MAUpdate on the recent Apache Log4j vulnerability
Dear Users, A high severity vulnerability, (CVE- 2021-44228), impacting multiple versions of Apache Log4j utility, was disclosed publicly on December 9, 2021. The vulnerability impacts Apache Log4j 2 versions- 2.0 to 2.14.1. Find the details of this vulnerabilityGDPR- Unlearn and re-learn: Busting the GDPR Myths
If a sapling was planted every time there was a misconception about GDPR, we'd have probably defeated global warming by now. Any new revolution, be it in technology, philosophy or any other dimension, always creates chaos and confusion during its inception, bringing along with it, a plethora of misconceptions as well. However, it is time we got it all cleared from our heads. You might have been a victim of this contagion as well, or have you not? Let us unlearn the (un)popular misconceptions andLack of alignment of DPAs with actual products
I'm just looking again at a DPA which I initiated/signed some time ago, when I noticed it was for Zohoreports. However, I wanted to sign one for Zohocreator, so this I've done now. Seems I got it wrong first time round. However, I also have Zoho Desk and Zoho Drive, but I can't find them listed, and I find it confusing... it provides Zohosupport and Zohodocs, but this is not the same?Feature request - U2F - 2-Step Verification with Security Key
Hi, Please consider offering U2F. http://googleonlinesecurity.blogspot.nl/2014/10/strengthening-2-step-verification-with.html It works really well and offers an extra layer of protection against MITM attacks JeroenAsk the Experts - Live Q&A session on Zoho's Privacy policy in compliance with GDPR
A couple of weeks ago, we had a session on GDPR and its compliance in Zoho. The session brought in questions around a host of Zoho products and how they comply with GDPR. Popular feedback said the session was quite useful. Owing to this and several questions centering around Zoho's privacy policy, we're rolling out another session of Ask the Experts this May 24th and 25th, which invites questions on Zoho's Privacy policy and its compliance with the General Data Protection Regulation. (Please tryData subject rights under GDPR
"The world’s most valuable resource is no longer oil, but data" - The Economist GDPR encourages that we treat personal data and privacy with discipline and the respect it deserves. It gives individuals more control over their data. Under the GDPR, individuals have eight basic rights: 1. Right to be informed Individuals have the right to be informed of how, when and where their personal data is being used. Users have to opt in for their data to be gathered, and consent must be freely given ratherGDPR - you can't bury your head in the sand and hide from it. Here's what you need to do if your business isn't GDPR Compliant yet.
GDPR has landed! In an ideal world all businesses would be GDPR compliant after crossing the 25th May deadline but in reality for most businesses it is still a working process. It is too late if you haven't started working on it - but hey! It doesn't mean you shouldn't start now. The ICO is the regulating body for the General Data Protection Regulations. The right course of action for you will be to finalize a plan for your compliance and take small steps towards your goal. Document all the processGDPR - What is all the fuss about?
May 25th is behind us and the Earth is still spinning. This probably is the best time to sit back and calmly assess where you are in business with respect to GDPR compliance. The last two years have had the global business in a frenzy. As with most deadlines, the last two months is when most of us seem to have woken up to GDPR. While the businesses have had GDPR nightmares, common people have been basking in the attention and importance given to data protection and an individual's rights to personalWhere can I obtain a copy of Wednesday's GDPR webinar?
Where can I obtain a copy of Wednesday's GDPR webinar? I signed up to attend but had a scheduling conflict. I understand that a copy was to be made available to those who signed up but I have not received information on how to access it. Thanks, RobAsk the Experts: Q&A session on GDPR and its compliance in Zoho
As 25th of May inches closer, so does the need to be GDPR compliant. Second to ensuring Zoho products are compliant with GDPR, educating our users on it is crucial. GDPR (General Data Protection Regulation), as we all know, protects data of all individuals, solicits control over personal data within the European Union and addresses the export of data outside the EU. Zoho has always honored its users right to privacy and protection, and has no necessity to collect and process its users' personal informationGDPR - Data Processing Addendum(DPA)
The ICO state the following: "Under the GDPR, when a controller uses a processor it needs to have a written contract (or other legal act) in place to evidence and govern their working relationship." Where can I request the DPA contract with between ourselves and Zoho?Optimizing opt-ins
Research has shown that providing users a choice between Optin and Optout, results in more optins, than if you just have a box to OptIn, and the default is opted out. People generally take the path of least resistance, and if the default is to submit without making a choice, they do so. If forced to make a choice, they consider the options, and more choose to opt in. Do your consent features provide this option? There have been several articles like these: https://medium.com/@forward_action/gdpr-how-changing-your-opt-in-language-can-increase-consent-rate-by-50-f9cffe1f6f22Where can I store the data from my customers?
Hi, I only use zoho email, contact list and invoices, but those three contain quite a lot of information about my customers. I don't have a payment system installed, as everything is paid to me by bank transfer, so that is not a concern. My main questions are: - Can I still keep all the emails and the info about my customers on my contact lists (I provide activities to children, so there may be details about the names of the parents and children and area where they live, but not full addresses there).Consent, anonymisation and rights of subjects
Hi, We use Zoho CRM within our organisation (B2B services company), and currently store details of many prospective sales contacts within the database. Mostly these are company name and address records, but we also store contact records and in many cases don't currently have consent from the data subjects. under GDPR we need to change this and get consent from each contact (before 25th May), otherwise we need to remove the personally identifiable information for those contacts that have not givenAplicación de Avances y Ruta crítica con zoho project
It's been some years that I've kept this application, and zoho has improved many things but this seems like it can not be done yet. It is about the sub tasks and the application of the advances, that I mean: when the execution of a sub task that goes beyond a level 2 (can be 3, 4, 5, 6, etc, subtasks.) NO progress is being accumulated for your task dad is to say for higher levels, this causes, that you can not see a real progress of the project. Critical Path.- You can not see it in the Gantt, as[Security concern] Don't show if a username exists
Hi, It would be much better from a security perspective if you won't show if a username doesn't exist. By confirming that an account does not exist, it is implied that when the message is not shown the account, does exist. This creates opportunities for hackers to brute force and find all possible e-mail-addresses that exist on the Zoho servers. It is unnecessary to show if an account exists or not. Just show a message; unknown e-mail address and/or password like all other main websites do.. forCompliance with Privacyshield
Hi, I am the legal representant of Social Learn SL (Witcamp). My legal department has just warned me that Zoho does not have the privacyshield agreement yet, and that forces us to move our client records. I just read in the Internet that we have a possibility if Zoho sends us an additional authorization agreement. Can you send us this agreement? when will you comply with Privacyshield? ThanksZoho privacy and security
Hi, This is not applicable in cases of services like emails, etc. that zoho provides but I am asking it for the sake of asking. In some cases (like in banks and other online srvices) customer service agents have access to customer data and they can modidy/take action on behalf of the customer in customer's account. I just want to be sure that our accounts cannot be modified/ accessed in any way by any person within and without zoho. Please advise.Please improve security
Please look here: https://dev.ssllabs.com/ssltest/analyze.html?d=zoho.com&s=74.201.113.118&hideResults=on Minimum changes required: replace sha-1 with sha-256 switch off SSLv3 Thank you for your attention to the above. Best regards, MartinPOODLE attack: Withdrawing SSL 3.0 support for all Zoho services from Dec 8, 2014
You might have come across this news over the past couple of weeks - the Version 3 of Secure Sockets Layer (SSL 3.0) has vulnerabilities at the protocol level. The vulnerability allows a man-in-the-middle attack, i.e., an attacker can extract data from secure HTTP connections. Although difficult to exploit, to further protect our customers, all Zoho services will stop extending support to SSL 3.0 from December 8, 2014 . After Zoho disables SSL 3.0 encryption, any communication with a Zoho serviceZoho and Heartbleed Vulnerability
Quick note: All Zoho servers are patched, and your data is safe. The details: Soon after the information about this vulnerability became known, we started patching all our servers using the newer, protected versions of OpenSSL. This operation was completed in a few hours after the news broke out. We renewed our SSL certificates too. So, we are no longer vulnerable. As of now, we have no indication that the vulnerability has been exploited against any of the Zoho applications. However, we would likeTwo Factor Authentication (TFA) - an extra layer of security for your Zoho Account !
TFA - Stronger security for your Zoho Account At Zoho, we take account security very seriously. Here is how to make it hard for your Zoho account to fall into wrong hands. Two Factor Authentication (TFA) is an additional level of security that can be applied to your Zoho account. With TFA enabled on your account, anyone attempting to login to your Zoho account from an unrecognized computer must provide additional authorization. You can activate TFA to send you a uniquely generated verification codeJava US-CERT Alert and Zoho login page
Re: US-CERT Alert TA12-240A and Vulnerability Note VU#636312. Zoho seems to rely on javascript for the email log in page (and other functions?). We have been advised to disable java scripting in our browsers. When I did so, I could not log into Zoho. Do you have a different login option that addresses the security issue - does not use java script?Uncheck "Reminder" by Default
I would like to have the "Send Notification Email" unchecked by default; I do NOT want any notification. Where can I go to change this setting?Very Serious Security Problem
When you log out of zoho from a computer and someone uses the same computer and logs into zoho you are still logged in and they have your account and access priviledges. This is a very serious problem and no one at Zoho has acknowledged this. Has anyone else experienced this? 1. As soon as you log out of Zoho and close the browser 2. Open a new browser and go to zoho.com 3. Have another user log in 4. You will see on the top right that the previous user is still logged in 5. If the previous userHIPAA Compliance
Is Zoho HIPAA compliant for protected health information (PHI) that might be within emails stored in Zoho?Font Inconsistency in Zoho Security Policy
Dear Zoho Team, I have an observation in Zoho Security Policy (https://www.zoho.com/security.html) wherein the 'Data Protection Policy' has been font-dimmed. I think that is the most significant one in any cloud-based operation and it is rather unfortunate that the technical writer who composed the document has overlooked the fact. ---- Deepak Vasudevan http://thamizhththendral.blogspot.com/Stumbled upon a security warning alert in Zoho Blogs
Whilst clicking on the permalinks in Zoho blogs, I stumbled upon a security alert as attached. Can you address them? ---- Deepak Vasudevan http://thamizhththendral.blogspot.com/Geo Mirroring
Hi, The Zoho Security Practices, Policies & Infrastructure document (https://www.zoho.com/security.html) mentions that geo mirroring of data "is available on select products and plans." Can somebody provide more details on this security feature? Which products are geo mirrored? Does a user have to request, and pay extra for data to be geo mirrored? Thank you, AdamSecurity vulnerability to user account and server side user data
Zoho stores unencrypted account information in the client side registry (e.g. zohopassword and zohousername keys under HKEY_USERS in Windows XP). Does this constitute a serious and widespread security vulnerability - e.g. could a server side program steal this information and use it to access user accounts? If not, what prevents this? Even if server side theft of user account credentials is theroetically impossible, storing this data in plain ASCII format, and unencrypted, still represents a seriousCreating Security Groups using CSV
I need to create many nested security groups and want to import the names into AD. Looks like I can not find a choice to do that, only to import users via CSV into a security group. Anyone know how to do this?Cross Site Scripting (XSS) vulnerabilities
I've not tested it yet, but how does Zoho prevent XSS attacks with so many 'open' fields in the wild on other sites accessing Zoho databases? thanks Dennis
New to Zoho Recruit?
Zoho Campaigns Resources
Announcements
Update on the recent Apache Log4j vulnerability
Dear Users, A high severity vulnerability, (CVE- 2021-44228), impacting multiple versions of Apache Log4j utility, was disclosed publicly on December 9, 2021. The vulnerability impacts Apache Log4j 2 versions- 2.0 to 2.14.1. Find the details of this vulnerabilityPOODLE attack: Withdrawing SSL 3.0 support for all Zoho services from Dec 8, 2014
You might have come across this news over the past couple of weeks - the Version 3 of Secure Sockets Layer (SSL 3.0) has vulnerabilities at the protocol level. The vulnerability allows a man-in-the-middle attack, i.e., an attacker can extract data from secure HTTP connections. Although difficult to exploit, to further protect our customers, all Zoho services will stop extending support to SSL 3.0 from December 8, 2014 . After Zoho disables SSL 3.0 encryption, any communication with a Zoho serviceZoho and Heartbleed Vulnerability
Quick note: All Zoho servers are patched, and your data is safe. The details: Soon after the information about this vulnerability became known, we started patching all our servers using the newer, protected versions of OpenSSL. This operation was completed in a few hours after the news broke out. We renewed our SSL certificates too. So, we are no longer vulnerable. As of now, we have no indication that the vulnerability has been exploited against any of the Zoho applications. However, we would likeTwo Factor Authentication (TFA) - an extra layer of security for your Zoho Account !
TFA - Stronger security for your Zoho Account At Zoho, we take account security very seriously. Here is how to make it hard for your Zoho account to fall into wrong hands. Two Factor Authentication (TFA) is an additional level of security that can be applied to your Zoho account. With TFA enabled on your account, anyone attempting to login to your Zoho account from an unrecognized computer must provide additional authorization. You can activate TFA to send you a uniquely generated verification code
Zoho Subscriptions Resources
Zoho CRM コンテンツ
-
オンラインヘルプ
-
Webセミナー
-
機能活用動画
-
よくある質問
-
Ebook
-
-
Zoho Campaigns
- Zoho サービスのWebセミナー
その他のサービス コンテンツ
ご検討中の方
Zoho Sprints Resources
Zoho Books Resources
Zoho Projects Resources
Zoho Orchestly Resources
Zoho CRM Plus Resources
Zoho WorkDrive Resources
Migrate to Show’s New Community
A place to share, discuss and stay updated about everything relating to Zoho Show presentations.
Get Started. Write Away!
Writer is a powerful online word processor, designed for collaborative work.