Overview of Webex Security
Cisco Webex Meetings Suite helps enable global employees and virtual teams to meet and collaborate in real time as though they were working in the same room. Businesses, institutions, and government agencies worldwide rely on Cisco Webex to simplify business processes and improve results for sales, marketing, training, project management, and support teams.
For all organizations and their users, security is a fundamental concern. Online collaboration must provide multiple levels of security; from scheduling meetings to authenticating participants to sharing content.
Cisco Webex Meetings provides a secure environment yet it can be configured as an open place to collaborate. Understanding the security features as site administrators and end users can allow you to tailor your Webex site to your business needs.
For additional information, see the Webex Security White Paper.
Best Practices for Hosts
As a host, you are the final decision maker concerning the security settings of your meeting. Always remember that you control nearly every aspect of the meeting, including when it begins and ends.
Follow the security best practices when scheduling the meeting, and during and after the meeting, based on your business needs for keeping meetings and information secure.
Do not share your Audio PIN with anyone.
Provide meeting passwords only to users who need them.
Never share sensitive information in your meeting until you are certain who is in attendance.
Auto Lock Personal Room
You set your Personal Room to automatically lock when your meeting starts. We recommend locking your room at 0 minutes.
From the Classic View, this can be done from Webex site.on your
From Modern View, go to.
This is essentially the same as locking your room when you enter it. This measure prevents all attendees in your lobby from automatically joining in the meeting. Instead, you will see a notification in the meeting when attendees are waiting in the lobby. You can then screen and allow only authorized attendees into your meeting.
Consider your Personal Room URL as a public URL, and unless the site administrator has configured Personal Rooms to only be used by signed-in users, anyone can wait for you in your lobby. Always check the names before you let the attendees into your room.
Personal Room Notifications Before a Meeting
When users enter your Personal Room lobby, they can send you an email notification to inform you that they are waiting for a meeting to begin. Even unauthorized users that gain access to your Personal Room lobby can send notifications.
We recommend that you review your email notifications before starting a meeting to screen unauthorized attendees. If you have not autolocked your Personal Room at zero minutes, then all attendees waiting in your Personal Room lobby enter the meeting when you do. Review the participant list and expel any unauthorized attendees.
If you are seeing too many email notifications from unauthorized attendees, consider turning off these notifications.
From Classic View, go to Notify me by email when someone enters my Personal Room lobby while I am away.and uncheck
From Modern View, go to Notify me by email when someone enters my Personal Room lobby while I am away., and uncheck
Personal Room Notifications During a Meeting
If you lock your Personal Room, you are able to screen anyone waiting in your lobby. After you enter your meeting, you are notified when someone new enters the lobby, and you can then choose whether to admit the person or not. When multiple attendees are waiting in your Personal Room lobby, you can review the list of names and either select individuals or choose to select all to admit to the meeting.
Schedule Unlisted Meetings in Classic View
To enhance meeting security settings, hosts can opt not to list the meeting on the meeting calendar. To not list the meeting from the Schedule a Meeting page, uncheck Listed on public calendar to help prevent unauthorized access to the meeting and hide information about the meeting, such as its host, topic, and starting time.
Choose a level of security based on the meeting's purpose. For example, if you schedule a meeting to discuss your company picnic, you can set only a password for the meeting. If you schedule a meeting in which you will discuss sensitive financial data, you may not want to list the meeting on the meeting calendar. You may also choose to restrict access to the meeting once all attendees have joined.
An unlisted meeting does not appear in the meeting calendar on the Search Meetings page or on your My Meetings page.
To join an unlisted meeting, attendees must provide a unique meeting number.
Unlisted meetings require the host to inform the meeting attendees, either by sending a link in an email invitation, or hosts can enter the meeting number using the Join Meetings page.
Listing a meeting reveals meeting titles and meeting information publicly. If a meeting is not password protected, anyone can join it.
Choose the Meeting Topic Carefully
A listed meeting or a forwarded invitation email could, at a minimum, reveal the meeting titles to unintended audiences. Meeting titles can unintentionally reveal private information, so ensure that titles are carefully worded to minimize exposure of sensitive data, such as company names or events.
Secure Meeting with Complex Password
Using complex meeting passwords for every session is the most important step you can take to protect your meeting. While uncommon, site administrators may choose to allow the creation of meetings without passwords. Under most circumstances, protecting all meetings with a strong password is highly recommended.
The most effective step to strengthen the security of your meeting is to create a high-complexity, nontrivial password (strong password). A strong password includes a mix of uppercase and lowercase letters, numbers, and special characters (for example, $Tu0psrOx!). Passwords protect against unauthorized attendance because only users with access to the password can join the meeting. A strong password will be at least 6 characters and have at least 1 uppercase letter, at least 1 lowercase letter, and at least 1 number. You can use special characters (!, ?, &) for added security.
Do not reuse passwords for meetings. Scheduling meetings with the same passwords weakens meeting protection considerably.
Adding passwords to your meetings does not affect the meeting join experience of authorized attendees. Participants can easily join a meeting by selecting the URL in the meeting invitation or from the Webex site.
Exclude Meeting Password from Invitations
If you check Exclude password from email invitation when you schedule a meeting, the password will not appear in the invitation. You must provide the password to attendees by another means, such as by phone.
For highly sensitive meetings, exclude the meeting password from the invitation email. This prevents unauthorized access to meeting details if the invitation email message is forwarded to an unintended recipient.
Require Attendees to Have an Account on Your Site
When this setting is enabled, all attendees must have a user account on your site to attend the meeting. For information about how attendees can obtain a user account, ask your site administrator.
From Classic View in the Webex Meetings Advanced Scheduler, check Require attendees to have an account on this site in order to join this meeting.
From Modern View, go to Require attendees to have an account on this site in order to join this meeting., and check
Use Entry or Exit Tone or Announce Name Feature
Using this feature prevents someone from joining the audio portion of your meeting without your knowledge. This feature is enabled by default for Webex Meetings and Webex Training.
From Classic View in the Webex Meetings Advanced Scheduler, select .
From Modern View, go to Entry and exit tone section, select a tone option from the drop-down list., and in the
While scheduling your meeting in Modern View, select Entry and exit tone section, select a tone option from the drop-down list., and in the
Restrict Available Features
Limit the available features, such as chat and audio, if you allow attendees to join the meeting before the host.
Request That Invitations Are Not Forwarded
Request that your invitees do not forward the invitation further, especially for confidential meetings.
Assign an Alternate Host
Assign an alternate host to start and control the meeting. This practice keeps meetings more secure by eliminating the possibility that the host role is assigned to an unexpected, or unauthorized, attendee, in case you inadvertently lose your connection to the meeting.
When inviting attendees to a scheduled meeting, you can designate one or more attendees as alternate hosts for the meeting. An alternate host can start the meeting and act as the host. Thus, an alternate host must have a user account on your Webex Meetings website. You can assign an alternate host when scheduling your meeting in Classic View, or with the Webex Meetings integration to Microsoft Outlook.
Restrict Access to the Meeting
Lock the meeting once all attendees have joined the meeting. This practice prevents more attendees from joining. Hosts can lock or unlock the meeting at any time while the session is in progress. To lock a meeting that you're currently hosting, select.
This option prevents anyone from joining the meeting, including participants who have been invited to the meeting but have not yet joined it. To unlock a meeting that you're currently hosting, select.
Validate Identity of All Users in a Call
Accounting for every attendee by using a roll call is a secure practice. Ask users to turn on their video or state their name to confirm their identity.
To attend a meeting using a phone, a caller only needs a valid Webex dial-in number and the nine-digit meeting ID. If attendees can join meetings on your site by phone without a password, they will not be prevented from joining the audio conference portion of the meeting.
If attendees without an account are allowed to join the meeting, then unauthorized users can identify themselves with any name in your meeting.
Remove a Participant from the Meeting
Participants can be expelled at any time during a meeting. Select the name of the participant whom you want to remove, then select.
Share Application, Not Screen
Use> instead of to share specific applications and prevent accidental exposure of sensitive information on your screen.
Assign Passwords to Recordings
The best way to prevent unauthorized access to recordings is not to create recordings.
If recordings must be created, you can edit meeting recordings and add passwords before sharing them to keep the information secure. Password-protected recordings require recipients to have the password in order to view them.
From Classic View, go to More button on the recording to adjust, and then select Modify. Under Access Settings, check Password protection, and enter the password to assign to the recording. Select Save.. Click the
From Modern View, go to Recordings. Click the More button on the recording to adjust, and then select Share. On the Share Recording Window, enable Public Link. Check Password protection, and then enter in the password in the text field. Select Save.
Delete recordings after they are no longer relevant.
From Classic View, go to More button on the recording to adjust, and then select Delete. Select OK.. Click the
From Modern View, go to Recordings. Click the More button on the recording to delete, and then select Delete. Click Delete.
Create a strong Audio PIN and protect it. On your Webex site, go to My Webex Preferences in Classic View, or go to in Modern View to create your Audio PIN.
Your PIN is the last level of protection for prevention of unauthorized access to your personal conferencing account. If a person gains unauthorized access to the host access code for a Personal Conference Meeting (PCN Meeting), the conference can't start without the Audio PIN. Protect your Audio PIN and do not share it.