Meeting Center: Best Practices for Secure Meetings

Document created by rruman on Mar 19, 2015Last modified by rruman on Jul 6, 2015
Version 2Show Document
  • View in full screen mode

Overview of WebEx Security

Each Cisco WebEx online solution provides you with a secure forum in which you can collaborate with others. The information you present and share during a session is available to only those who attend your sessions, and is not stored in the Cisco WebEx Cloud.


Back to top

Levels of Security

The level of security you require depends on how and when you will be hosting and attending. For example, if you schedule a meeting to discuss an informal event, you probably need only to set a password for the meeting. On the other hand, if you plan to discuss sensitive financial data or include attendees outside of your organization, you might not want to list the meeting on the meeting calendar.


You may also choose to restrict access to the meeting after all attendees have joined so that nobody else can join.


Back to top

Meeting and Access Information for the Host

By following some best practices when you schedule and host meetings, you will help keep your meetings and information secure.


When can do this
Schedule unlisted meetingsUse unlisted meetings so they won’t appear on the meeting calendar or on the Browse Meetings page. Unlisted meetings require the host to inform attendees of the meeting, either by sending a link in an email invitation or by requiring them to enter a meeting number on the Join Meeting page.
Assign an alternate hostAssign an alternate host to start and control the meeting in case you are unable to attend or lose the meeting connection. This keeps meetings more secure by eliminating the possibility that the host role will be assigned to an unexpected, or unauthorized, attendee.
Restrict available featuresLimit the available features, such as chat and audio, if you allow attendees to join the meeting before the host.
Require registrationBlock the reuse of registration IDs in Training Center and Event Center. This ensures that only those who are invited can join.
Share contentUse Share Application instead of Share Desktop so that meeting attendees cannot see what is on your computer desktop.
Expel participantsRemove participants who should not attend or who become unruly.
Restrict meeting accessLock the meeting after it begins to prevent additional attendees from joining. The host can restore access at any time during the meeting.
Assign passwords to recordingsAdd passwords to meeting recordings before you share them to keep information secure. When you share the recording, recipients must have the password to view it.


Back to top

Before and During Meetings

Observing some basic guidelines will help keep both meetings themselves and their content secure. Always remember that if you are the host, you control nearly every aspect of the meeting itself, including when it begins and ends.

  • Do not re-use passwords, and do not use personal or common passwords.
  • In Meeting Center, use the Advanced Scheduler to exclude the meeting password from the invitation email.
  • Schedule the meeting so that participants are not allowed to join before the host.
  • Require attendees to provide their email address when joining meetings.
  • Monitor the list of participants to track who is joining the meeting.
  • Ask unidentified call-in users to identify themselves before continuing the meeting.
  • Request that email invitations are not shared or forward.
  • Limit sharing privileges to a small number of people.


Back to top

WebEx Site Administration

Effective security begins with WebEx Site Administration, which allows administrators to manage and enforce security policies for host and presenter privileges. For example, an authorized administrator can customize session configurations to disable a presenter’s ability to share applications or to transfer files on a per-site or a per-user basis. The WebEx Site Administration module manages these security related features.


Account management
  • Lock out an account after a configurable number of failed login attempts
  • Automatically unlock a locked-out account after a specified time interval
  • Deactivate accounts after a defined period of inactivity
Specific user account actions
  • Require a user to change password at next login
  • Lock or unlock a user account
  • Activate or deactivate a user account
Account creation
  • Require security text on new account requests
  • Require email confirmation of new accounts
  • Configure rules for self-registration of new accounts
Account passwords
  • Require specific rules for password format, length, and re-use
  • Prohibit easily guessed passwords (for example, “password”)
  • Set a minimum time interval before password change


Back to top