Best Practices for Zoho Sign Users
As your digital signature solution, Zoho Sign holds confidential data like organization details, important documents, recipient information, and more that is integral to your day-to-day operations and business continuity.
At Zoho, we follow industry-standard best practices to comply with various industry regulations across the globe. However, we also recommend our users follow the below list of best practices to ensure data security and privacy:
- Use a strong and unique password for your Zoho account.
- Enable multi-factor authentication and save the back-up codes in a secure location for an additional level of security.
- Zoho Sign URLs always start with 'https://' and contain 'sign.zoho.com' for US, 'sign.zoho.eu' for Europe, 'sign.zoho.in' for India. Please exercise caution and don't click links to domains you do not recognize or have not seen before. Always hover over links you're clicking and ensure that you're indeed being directed to the same URL endpoint.
- If you're a Zoho Sign user, we recommend you access and sign documents you receive directly from the Zoho Sign application on your device or by visiting www.zoho.com/sign and logging in.
- Do not open unknown or suspicious attachments—or click such links—in the emails you receive.
- Do not fall prey to emails that claim urgency and/or demand immediate attention. Watch out for mistakes in spelling, grammar, and language in general.
- Keep your anti-virus software and other business software updated with the latest security patches and fixes.
- In case you are unable to resolve the authenticity of an email, please contact the purported sender offline to verify the email’s authenticity.
- Report suspicious Zoho Sign emails to your internal IT/security administrator. We also strongly urge you to forward them immediately to firstname.lastname@example.org for us to analyze and promptly initiate appropriate counter measures.
- Visit the Zoho Accounts console periodically to check active sessions and terminate any session you no longer need or that appears suspicious to you.
- Perform periodic role reviews and disable/remove any inactive users from your Zoho Sign account. Administrators of your Zoho Sign organization have access to all your documents and account settings. Ensure only the appropriate individuals are assigned the role of administrator.
Note: This is not an exhaustive list. Feel free to follow best practices advised by your organization and industry experts apart from these tips. We will also keep this page updated periodically.