Best practices for securing Webex meetings
General
- Do not publish meeting passwords and connection information to public-accessible websites
- Provide meeting passwords and connection information only to users who need them
- Never share sensitive information in your meeting until you are certain who is in attendance
Be careful using your Personal Room
- Auto lock Personal Room: When using your Personal Room, set your Personal Room to automatically lock when your meeting starts. This measure prevents all attendees in your lobby from automatically joining in the meeting. You can then screen and allow only authorized attendees into your meeting.
- From the web: Preferences > My Personal Room
- Lock your room at 0 minutes
- You will be notified when someone new enters the lobby, and can choose whether to admit the person or not.
- The link to your Personal Room should be considered public so anyone can wait for you in your lobby. Always check the names before you let the attendees into your room.
- If possible, use scheduled meetings rather than Personal Rooms.
Scheduling a meeting
- Control the meeting password: By default, meeting invites are setup to include the meeting link and password. When setting up a meeting, an option is to remove the password from the meeting invite and the meeting host has to provide the password seperately. This increases the security of the session since passwords are not being shared with the meeting link.
- From Outlook: Change settings > check Don't include meeting password in email invitation.
- From the web: Schedule > Show advanced options > Scheduling options > check Exclude password from meeting invite.
- Note: Users will receive a meeting invite that states the host will provide the password.
- Include meeting protocols: Include text within the body of your invite stating that it is a confidential meeting and any protocols for the meeting (e.g. Do not share/forward this meeting invite).
- Automatically lock the meeting: Meetings can be setup so they can be locked as soon as they start or after a specified number of minutes. The host can then control when and which users are admitted.
- From the web: Schedule > Show advanced options > Scheduling options > select Automatically lock the meeting after x minutes after the meeting starts. Enter 0 minutes to lock the meeting as soon as it begins.
- Consider requiring registration: Meetings can be setup so attendees must register and provide their name and email address. The host can then manage the registrations by accepting or rejecting requests. Meeting connection infromation is only sent to a registrant upon registration acceptance.
- From the web: Schedule > Show advanced options > Scheduling options > select Require attendee registration.
During the meeting
- Do not begin discussions or share any content until you have confirmed all attendees by checking each virtual attendee to your attendee list (i.e. do a roll call).
- If an attendee is connecting via dial in/internet for voice only (no video), confirm that they are who you’re expecting since you don’t have a visual to confirm. Ask a few questions to confirm.
- When sharing content, only share the specific application (i.e. PowerPoint) and not your entire screen. This ensures IM messages, email notifications, etc. aren’t visible to your attendees.
- Once the attendees have been confirmed, lock your meeting (if it is unlocked) so no others can join.
- Participants can be expelled at any time during a meeting. Select the name of the participant whom you want to remove, go to Participant > Expel.
- At the end of the meeting, the host should End Meeting as oppose to Leave Meeting. This ensures all attendees are removed from the meeting.
Adapted from Cisco Webex Best Practices for Secure Meetings: Hosts