Learn about how to keep your Webex meetings secure for you and for your guests.
Overview of Webex security
The Webex Meetings Suite helps enable global employees and virtual teams to meet and collaborate in real time as though they were working in the same room. Businesses, institutions, and government agencies worldwide rely on Webex. Webex helps to simplify business processes and improve results for sales, marketing, training, project management, and support teams.
For all organizations and their users, security is a fundamental concern. Online collaboration must provide multiple levels of security; from scheduling meetings to authenticating participants to sharing content.
Webex provides a secure environment that you can configure as an open place to collaborate. Understanding the security features as site administrators and end users can allow you to tailor your Webex site to your business needs.
For additional information, see the Webex Security Technical Paper.
Best practices for hosts
As a host, you’re the final decision maker concerning the security settings of your meetings, events, and training sessions. You control nearly every aspect of the meeting, event, or training session including when it begins and ends.
Keep your meetings and information secure. Know and follow the security policies for your organization. Follow security best practices when you schedule a meeting, and during and after the meeting.
Don’t publish passwords to public-accessible websites.
Don’t share your Audio PIN with anyone.
Provide meeting passwords only to users who need them.
Never share sensitive information in your meeting until you’re certain who is in attendance.
Auto lock Personal Room
You set your Personal Room to lock automatically when your meeting starts. We recommend locking your room at 0 minutes. You can set the Personal Room auto lock settings by selecting.
This setting essentially locks your room when you enter it, and prevents attendees from joining the meeting automatically. Instead, you see a notification when attendees are waiting in the lobby. You can screen and allow only authorized attendees into your meeting.
Consider your Personal Room URL as a public URL. Unless the site administrator configured Personal Rooms to require authentication, anyone can wait for you in your lobby. Always check the names before you let the attendees into your room.
Personal Room notifications before a meeting
When users enter your Personal Room lobby, they can send you an email notification to inform you that they are waiting for a meeting to begin. Even unauthorized users that gain access to your Personal Room lobby can send notifications.
We recommend that you review your email notifications before starting a meeting to screen unauthorized attendees. If you haven’t autolocked your Personal Room at zero minutes, then all attendees waiting in your Personal Room lobby enter the meeting when you do. Review the participant list and expel any unauthorized attendees.
If you’re seeing too many email notifications from unauthorized attendees, consider turning off these notifications. Go to Notify me by email when someone enters my Personal Room lobby while I am away., and uncheck
Personal Room notifications during a meeting
If you lock your Personal Room, you can screen anyone waiting in your lobby. During the meeting, notifications alert you when someone new enters the lobby; you can choose whether to admit the person. When multiple attendees wait in your Personal Room lobby, you can choose to admit select individuals, or to admit all waiting attendees to the meeting.
Schedule unlisted meetings
To enhance meeting security settings, hosts can opt not to list the meeting on the meeting calendar. For an unlisted meeting, go to the Schedule page, select Show advanced options, select Scheduling options and uncheck Listed on public calendar. This setting helps prevent unauthorized access and hides meeting information, such as the host, topic, and starting time.
Choose a level of security based on the meeting purpose. For example, if you schedule a meeting to discuss your company picnic, you can set only a password for the meeting. If you plan to discuss sensitive information, such as financial data, you may not want to list the meeting on the meeting calendar. You may also choose to restrict access to the meeting after all attendees have joined.
Unlisted meetings don't appear in the meeting calendar on the Search Meetings page or on your My Meetings page.
To join an unlisted meeting, attendees must provide a unique meeting number.
Unlisted meetings require the host to inform the meeting attendees. Hosts can send a link in an email invitation, or they can enter the meeting number using the Join Meetings page.
Listing a meeting reveals meeting titles and meeting information publicly. If a meeting isn’t password protected, anyone can join it.
Choose the meeting topic carefully
A listed meeting or a forwarded invitation email could, at a minimum, reveal the meeting titles to unintended audiences. Meeting titles can unintentionally reveal private information. To minimize exposure of sensitive data, such as company names or events, carefully word meeting titles.
Exclude the meeting password from the invitations
For highly sensitive meetings, events, or training sessions, exclude the password from the invitation email. This measure prevents unauthorized access to meeting details if the invitation email message is forwarded to an unintended recipient.
If you check Exclude password from email invitation when you schedule a meeting, event, or training session, the password doesn't appear in the invitation. Provide the password to attendees by another means, such as by phone.
Events (new) doesn't support this feature.
Prevent guests from joining unlocked meetings
When this setting is enabled, all attendees must have a user account on your site and be signed in to attend the meeting. Attendees who join by phone without an Attendee ID automatically get placed in the lobby. For information about how attendees can obtain a user account, ask your site administrator.
To enable this setting, when you schedule a meeting, go to Unlocked meetings, select Guests can't join the meeting., and under
Require invitees to register for your meeting, event, or training session
You can require your invitees to register for your meeting, event, or training session before they join. This lets you secure meeting information and track and gather information on the invitees who plan to attend your meeting, event, or training session.
This feature is enabled during scheduling. To enable this setting in Webex Meetings and Events (new), go to , and under Registration select Require attendee registration.
To enable this setting in Events (classic) and Webex Training, when you schedule an event or training session, under Registration select Require attendee registration..
Use entry or exit tone or announce name feature
Using this feature prevents someone from joining the audio portion of your meeting without your knowledge. This feature is enabled by default for Webex Meetings and Webex Training. You can go to , and in the Entry and exit tone section, select a tone option from the drop-down list.
While scheduling your meeting, event, or training session, go to Entry and exit tone section, select a tone option from the drop-down list., and in the
When using the Webex audio option, if you select the announce name feature, attendees joining using the Use computer for audio option don't get the option to record and announce their name.
Restrict available features
Limit the available features, such as chat and audio, if you allow attendees to join the meeting, event, or training session before the host.
Request that invitees not forward invitations
Request that your invitees do not forward the invitation further, especially for confidential meetings.
Assign a cohost or an alternate host
Assign a cohost to start and control the meeting, event, or training session (alternate host). This practice keeps meetings, events, and training sessions more secure by eliminating the possibility that the host role is assigned to an unexpected, or unauthorized, attendee, in case you inadvertently lose your connection to the meeting.
When inviting attendees to a scheduled meeting, you can designate one or more attendees as cohosts for the meeting. A cohost can start the meeting and act as the host. Thus, a cohost must have a user account on your Webex Meetings website. You can assign a cohost when scheduling your meeting with the Webex Meetings integration to Microsoft Outlook.
Restrict access to the meeting
Lock the meeting, event, or training session after all attendees have joined. This practice prevents more attendees from joining. Hosts can lock or unlock the meeting, event, or training session while the session is in progress. To lock a meeting that you're currently hosting, go to.
This option prevents anyone from automatically joining the meeting, event, or training session. To unlock a meeting that you're currently hosting, go to.
Validate the identity of all users in a call
Accounting for every attendee by using a roll call is a secure practice. Ask users to turn on their video or state their name to confirm their identity.
To attend a meeting using a phone, a caller needs a valid Webex dial-in number and the nine-digit meeting ID. If permitted on your site, attendees who join by phone without a password can join the audio conference portion of the meeting.
If permitted on your site, attendees without accounts can join the meeting. Unauthorized users could identify themselves with any name in your meeting.
Remove a participant from the meeting
You can expel participants at any time during a meeting. Select the name of the participant whom you want to remove, and then go to.
Share an application, not your screen
When you select Share , you can choose to share an application instead of your screen. Sharing an application rather than your screen helps to prevent accidental exposure of sensitive information.
Control who can share
If allowed at the site level, hosts can choose whether to allow all participants to share. If you don't enable the option, you can assign the presenter role to select participants or attendees.
Only designated presenters can share content from video devices and the Webex App app.
End the meeting
When the meeting, event, or training session is over, be sure to end it for all participants. A dialog may open to provide you the option to leave the meeting, event, or training session running without ending it. If you need to leave early, make someone else the host so they can be responsible for ending the meeting, event, or training session.
Assign passwords to recordings
We recommend that you don't create recordings that contain sensitive information.
If you must create recordings, you can edit the recordings and add passwords before sharing them to keep the information secure. Password-protected recordings require recipients to have the password in order to view them. You can assign passwords to recordings by going to Recordings. Select More button on the recording to adjust, and then select Share. On the Share Recording Window, enable Public Link. Check Password protection, and then enter in the password in the text field. Select Save.
Delete recordings after they are no longer relevant. Go to Recordings. Select More button on the recording to delete, then select Delete. Select Delete.
Create a strong Audio PIN and protect it. Sign in to your Webex site, and go to to create your Audio PIN.
Your PIN is the last level of protection to prevent unauthorized access to your Personal Conference Meeting (PCN Meeting). Even if an unauthorized person obtained your host access code, the conference can't start without the Audio PIN. Protect your Audio PIN and don’t share it.