Securing your Zoho Assist account

Businesses around the world are becoming more dependent on remote work and software solutions that allow employees to access their devices from any location. In this new hybrid work environment, it is crucial to implement appropriate security measures to safeguard your critical information. With this in mind, we believe it is essential for us (and all software providers) to be upfront about the security and privacy standards we use to keep our customers' data secure.

Zoho Assist

What makes Zoho Assist secure?

Zoho Assist offers a wide variety of security features to protect your remote sessions. We use industry-standard SSL and 256-bit AES to encrypt data exchanged during every session. We have also established strict policies to adapt the Transport Layer Security (TLS) protocol version 1.2/1.3 to all connections. All sessions are safeguarded against infiltration and data modification.

On the remote side, your account's Super Admin can assign privileges to technicians, such as the ability to use input controls (like a keyboard and mouse) or even reboot a device. The screenshots and session recordings captured during remote support and unattended access sessions are encrypted and stored on our servers for you to download. Let's take a closer look at some of Zoho Assist's most important security features.

Security and compliance certifications

    
 

Two-factor authentication

You can enable two-factor authentication (TFA) for your organization's users to provide an additional measure of security while accessing their account. When using TFA, technicians can choose from multiple authentication methods to validate their identity. SMS, Time based-OTP, touch ID, push notifications, smartphones, and QR codes are all valid methods of secondary authentication.

 

Consent

Consent settings regulate how personal data is handled, and where it is shared, in order to maintain privacy. You can configure permission prompts for integrations and data sharing with third-party services like Google, ServiceNow, Freshdesk, and Zendesk.

 

Unattended access confirmation prompts

When a technician initiates an unattended access session, the customer is prompted to authorize the technician to join the session. Authorization is required for a technician to view and access a remote device.

 

Idle session timeout

With the Idle Session Timeout setting, you can end a remote session after a certain amount of time of inactivity on either side.

 

Right to erasure

A technician can opt to remove all data related to a given user, including their email address, action logs, and usage reports. Technicians can also anonymize personal data stored in Zoho Assist such as technician and customer IP addresses, or a customer's email address.

Technicians can change user settings in Zoho Assist to reassign or even remove existing user accounts. With the exception of your email address and name, Zoho Assist requires your permission to retain information.

If you modify the cleanup settings, you can set up automatic periodic cleanup for older information. This will erase session reports and action logs.

 

Data Protection

Zoho Assist helps you personalize your data privacy and security features using data protection settings.

Modify your data protection settings to require consent from a customer before starting an unattended access session. Provide limited access to data by assigning specific roles to users within your organization. You can even configure a notification prompt to get your customers' permission to use critical features, such as screen sharing and file transfers.

Technicians must send confirmation prompts before joining a session, blackening a user's screen, or enabling remote printing.

 

Breach Notification

Should we ever identify a data breach, we will notify Super Admins within 72 hours. Super admins can choose to have breach notifications sent to additional members of the organization. Other users can configure their settings to receive a notification if sensitive information is ever compromised as a result of a breach.

 

Action log viewer

The action log viewer records all changes to administrative settings made within the organization.

In order to maintain a secure remote experience, we always advise our users not to give personal information to unfamiliar people. If you encounter any suspicious activity while using Zoho Assist, please report it to us so that we can intervene.

With our extensive security features, we aim to safeguard remote desktop access for both technicians' and customers' devices.

More details