Overview of Webex Security

The Cisco Webex Meetings Suite helps enable global employees and virtual teams to meet and collaborate in real time as though they were working in the same room. Businesses, institutions, and government agencies worldwide rely on Cisco Webex to simplify business processes and improve results for sales, marketing, training, project management, and support teams.

For all organizations and their users, security is a fundamental concern. Online collaboration must provide multiple levels of security; from scheduling meetings to authenticating participants to sharing content.

The Cisco Webex Meetings Suite provides a secure environment yet it can be configured as an open place to collaborate. Understanding the security features as site administrators and end users can allow you to tailor your Webex site to your business needs.

For additional information, see the Webex Security Technical Paper.

Best Practices for Hosts

As a host, you’re the final decision maker concerning the security settings of your meetings, events, and training sessions. Always remember that you control nearly every aspect of the meeting, event, or training session including when it begins and ends.

Follow the security best practices when scheduling the meeting, and during and after the meeting based on your business needs for keeping meetings and information secure.

Don’t publish passwords to public-accessible websites.

Don’t share your Audio PIN with anyone.

Provide meeting passwords only to users who need them.

Never share sensitive information in your meeting until you’re certain who is in attendance.

Auto Lock Personal Room

You set your Personal Room to automatically lock when your meeting starts. We recommend locking your room at 0 minutes. You can set the Personal Room auto lock settings by selecting Preferences > My Personal Room.

This is essentially the same as locking your room when you enter it. This measure prevents all attendees in your lobby from automatically joining in the meeting. Instead, you will see a notification in the meeting when attendees are waiting in the lobby. You can then screen and allow only authorized attendees into your meeting.

Consider your Personal Room URL as a public URL, and unless the site administrator has configured Personal Rooms to only be used by signed-in users, anyone can wait for you in your lobby. Always check the names before you let the attendees into your room.

Personal Room Notifications Before a Meeting

When users enter your Personal Room lobby, they can send you an email notification to inform you that they are waiting for a meeting to begin. Even unauthorized users that gain access to your Personal Room lobby can send notifications.

We recommend that you review your email notifications before starting a meeting to screen unauthorized attendees. If you have not autolocked your Personal Room at zero minutes, then all attendees waiting in your Personal Room lobby enter the meeting when you do. Review the participant list and expel any unauthorized attendees.

If you are seeing too many email notifications from unauthorized attendees, consider turning off these notifications. Go to Preferences > My Personal Room, and uncheck Notify me by email when someone enters my Personal Room lobby while I am away.

Personal Room Notifications During a Meeting

If you lock your Personal Room, you are able to screen anyone waiting in your lobby. After you enter your meeting, you are notified when someone new enters the lobby, and you can then choose whether to admit the person or not. When multiple attendees are waiting in your Personal Room lobby, you can review the list of names and either select individuals or choose to select all to admit to the meeting.

Schedule Unlisted Meetings

To enhance meeting security settings, hosts can opt not to list the meeting on the meeting calendar. To not list the meeting, go to Schedule page, select Show advanced options, select Scheduling options and uncheck Listed on public calendar. This helps to prevent unauthorized access to the meeting and hides information about the meeting, such as its host, topic, and starting time.

Choose a level of security based on the meeting's purpose. For example, if you schedule a meeting to discuss your company picnic, you can set only a password for the meeting. If you schedule a meeting in which you will discuss sensitive financial data, you may not want to list the meeting on the meeting calendar. You may also choose to restrict access to the meeting once all attendees have joined.

  • An unlisted meeting does not appear in the meeting calendar on the Search Meetings page or on your My Meetings page.

  • To join an unlisted meeting, attendees must provide a unique meeting number.

  • Unlisted meetings require the host to inform the meeting attendees, either by sending a link in an email invitation, or hosts can enter the meeting number using the Join Meetings page.

Listing a meeting reveals meeting titles and meeting information publicly. If a meeting is not password protected, anyone can join it.

Choose the Meeting Topic Carefully

A listed meeting or a forwarded invitation email could, at a minimum, reveal the meeting titles to unintended audiences. Meeting titles can unintentionally reveal private information, so ensure that titles are carefully worded to minimize exposure of sensitive data, such as company names or events.

Exclude Meeting Password from Invitations

For highly sensitive meetings, events, or training sessions, exclude the password from the invitation email. This prevents unauthorized access to meeting details if the invitation email message is forwarded to an unintended recipient.

If you check Exclude password from email invitation when you schedule a meeting, event, or training session, the password will not appear in the invitation. You must provide the password to attendees by another means, such as by phone.

Webex Events (new) doesn't support this feature.

Prevent Guests from Joining Unlocked Meetings

When this setting is enabled, all attendees must have a user account on your site and be signed in to attend the meeting. Attendees who join by phone without an Attendee ID automatically get placed in the lobby. For information about how attendees can obtain a user account, ask your site administrator.

To enable this setting, when you schedule a meeting, go to Show advanced options > Scheduling options, and under Unlocked meetings, select Guests can't join the meeting.

Require Invitees to Register for Your Meeting, Event, or Training Session

You can require your invitees to register for your meeting, event, or training session before they join. This lets you secure meeting information and track and gather information on the invitees who plan to attend your meeting, event, or training session.

This feature is enabled during scheduling. To enable this setting in Webex Meetings and Webex Events (new), go to Show advanced options > Scheduling options, and under Registration select Require attendee registration.

To enable this setting in Webex Events (classic) and Webex Training, when you schedule an event or training session, under Registration select Require attendee registration..

Use Entry or Exit Tone or Announce Name Feature

Using this feature prevents someone from joining the audio portion of your meeting without your knowledge. This feature is enabled by default for Webex Meetings and Webex Training. You can go to Preferences > Audio and Video, and in the Entry and exit tone section, select a tone option from the drop-down list.

While scheduling your meeting, event, or training session, go to Show advanced options > Audio connection options, and in the Entry and exit tone section, select a tone option from the drop-down list.

When using the Webex Audio option, if the Announce Name feature is selected, those joining using the Use computer for audio option don't get the option to record and announce their name.

Restrict Available Features

Limit the available features, such as chat and audio, if you allow attendees to join the meeting, event, or training session before the host.

Request That Invitations Are Not Forwarded

Request that your invitees do not forward the invitation further, especially for confidential meetings.

Assign a Cohost or Alternate Host

Assign a cohost to start and control the meeting, event, or training session (alternate host). This practice keeps meetings, events, and training sessions more secure by eliminating the possibility that the host role is assigned to an unexpected, or unauthorized, attendee, in case you inadvertently lose your connection to the meeting.

When inviting attendees to a scheduled meeting, you can designate one or more attendees as cohosts for the meeting. A cohost can start the meeting and act as the host. Thus, a cohost must have a user account on your Webex Meetings website. You can assign a cohost when scheduling your meeting with the Webex Meetings integration to Microsoft Outlook.

Restrict Access to the Meeting

Lock the meeting, event, or training session once all attendees have joined. This practice prevents more attendees from joining. Hosts can lock or unlock the meeting, event, or training session at any time while the session is in progress. To lock a meeting that you're currently hosting, go to Meeting > Lock Meeting.

This option prevents anyone from joining the meeting, event, or training session, including participants who have been invited to the meeting but have not yet joined it. To unlock a meeting that you're currently hosting, go to Meeting > Unlock Meeting.

Validate Identity of All Users in a Call

Accounting for every attendee by using a roll call is a secure practice. Ask users to turn on their video or state their name to confirm their identity.

To attend a meeting using a phone, a caller only needs a valid Webex dial-in number and the nine-digit meeting ID. If attendees can join meetings on your site by phone without a password, they will not be prevented from joining the audio conference portion of the meeting.

If attendees without an account are allowed to join the meeting, then unauthorized users can identify themselves with any name in your meeting.

Remove a Participant from the Meeting

Participants can be expelled at any time during a meeting. Select the name of the participant whom you want to remove, go to Participant > Expel.

Share Application, Not Screen

When you select Share , you can choose to share an application instead of your screen to prevent accidental exposure of sensitive information on your screen.

Control Who Can Share

If allowed at the site level, hosts can choose whether to allow all participants to share. If you don't enable the option, you can assign the Presenter role to select participants or attendees.

Only designated Presenters can share content from video devices and the Webex app.

End the Meeting

When the meeting, event, or training session is over, be sure to end the meeting, event, or training session for all participants. You may be presented with an option to leave the meeting, event, or training session running without ending it. If you need to leave early, make someone else the host so they can be responsible for ending the meeting, event, or training session.

Assign Passwords to Recordings

The best way to prevent unauthorized access to recordings is not to create recordings.

If recordings must be created, you can edit the recordings and add passwords before sharing them to keep the information secure. Password-protected recordings require recipients to have the password in order to view them. You can assign passwords to recordings by going to Recordings. Select More button on the recording to adjust, and then select Share. On the Share Recording Window, enable Public Link. Check Password protection, and then enter in the password in the text field. Select Save.

Delete Recordings

Delete recordings after they are no longer relevant. Go to Recordings. Select More button on the recording to delete, then select Delete. Select Delete.

Create a strong Audio PIN and protect it. On your Webex site, go to Preferences > Audio and Video to create your Audio PIN.

Your PIN is the last level of protection for prevention of unauthorized access to your personal conferencing account. If a person gains unauthorized access to the host access code for a Personal Conference Meeting (PCN Meeting), the conference can't start without the Audio PIN. Protect your Audio PIN and do not share it.