Cisco Webex can be configured to be more secure while still allowing the features and settings you need to have an effective web conferencing experience. As a host, you are the final decision maker concerning the security settings of your meeting. Always remember that you control nearly every aspect of the meeting, including when it begins and ends.
Follow the security best practices below when scheduling and hosting meetings based on your business needs for keeping meetings and information secure.
Create a strong Host PIN and protect it.
Your PIN is the last level of protection for prevention of unauthorized access to your personal conferencing account. Should a person gain unauthorized access to the host access code for a PCN meeting, the conference cannot be started without the host PIN.
Protect your host PIN and do not share it.
A listed meeting or a forwarded invitation email could, at a minimum, reveal the meeting titles to unintended audiences. Meeting titles can unintentionally reveal private information, so ensure that titles are carefully worded to minimize exposure of sensitive data, such as company names or events.
Using complex meeting passwords for every session is the most important step you can take to protect your meeting. Although you have the option of creating a meeting without a password, under most circumstances, protecting all meetings with a strong password is highly recommended.
NOTE: Adding passwords to your meetings does not affect the meeting join experience of authorized attendees. Participants can easily join a meeting by clicking on the URL in the meeting invitation through email, via the Webex mobile application or other channels like Jabber.
Do not reuse passwords for meetings. Scheduling meetings with the same passwords weakens meeting protection considerably.
If you invite attendees to a meeting, the meeting password does not appear in the email invitations that attendees receive. You must provide the password to attendees by another means, such as by phone.
For highly sensitive meetings, exclude the meeting password from the invitation email. This prevents unauthorized access to meeting details if the invitation email message is forwarded to an unintended recipient.
When this setting is enabled, all attendees must have a user account on your site to attend the meeting. For information about how attendees can obtain a user account, ask your site administrator.
Using this feature prevents someone from joining the audio portion of your meeting without your knowledge.
This feature is enabled by default. It is not available in the Training Center.
To adjust the settings, select Participant Entry and Exit Tone.
Limit the available features, such as chat and audio, if you allow attendees to join the meeting before the host.
Request that your invitees do not forward the invitation further, especially for confidential meetings.
Assign an alternate host to start and control the meeting. This keeps meetings more secure by eliminating the possibility that the host role will be assigned to an unexpected or unauthorized attendee, in case you inadvertently lose your connection to the meeting.
NOTE: When inviting attendees to a scheduled meeting, you can designate one or more attendees as alternate hosts for the meeting. An alternate host can start the meeting and act as the host. For that reason, an alternate host must have an account with UMD Webex.
Lock the meeting once all attendees have joined the meeting. This will prevent additional attendees from joining. You can lock and unlock the meeting at any time while the session is in progress.
This option prevents anyone from joining the meeting, including participants who have been invited to the meeting but have not yet joined it.
To lock a meeting, select Meeting Restrict Access.
To unlock a meeting, select Meeting Restore Access.
Accounting for every attendee via a roll call is a secure practice. Ask users to turn on their video or state their name to confirm their identity.
NOTE: To attend a meeting via phone, a caller only needs to know a valid Webex dial-in number and the nine-digit meeting ID. Meeting passwords do not prevent attendees from joining the audio conference portion of Webex.
If attendees without an account are allowed to join the meeting, then unauthorized users can identify themselves with any name in your meeting.
Participants can be expelled at any time during a meeting.
Select the name of the participant whom you want to remove, then select Participant Expel.
Use Share >Application instead of Share Desktop to share specific applications and prevent accidental exposure of sensitive information on your desktop.
The best way to prevent unauthorized access to recordings is to not create recordings.
If recordings must be created, you can edit meeting recordings and add passwords before sharing them to keep the information secure. Password protected recordings require recipients to have the password in order to view them.
Delete recordings after they are no longer relevant.