Cisco WebEx
Best Practices for Secure Meetings for Hosts
Overview of WebEx privacy
Cisco WebEx online solutions help enable global employees and virtual teams to meet and collaborate
in real time as though they were working in the same room. Businesses, institutions, and government
agencies worldwide rely on Cisco WebEx solutions to simplify business processes and improve results
for sales, marketing, training, project management, and support teams.
For all of these organizations and their users, privacy is a fundamental concern. Online collaboration
must provide multiple levels of security; from scheduling meetings to authenticating participants to
sharing content.
Cisco WebEx is a very secure environment yet it can be configured as a very open place to
collaborate. Understanding the privacy features as site-administrators and end-users can allow you to
tailor WebEx to your business needs.
Recommended security practices for hosts
As a host, you are the final decision maker concerning the security settings of your meeting. Always
remember that you control nearly every aspect of the meeting, including when it begins and ends.
Follow the security best practices in this guide when scheduling and hosting meetings based on your
business needs for keeping meetings and information secure.
Page 1Page 1
10/6/2014
Cisco WebEx
Best Practices for Secure Meetings for Hosts
When
scheduling a
meeting…
Schedule unlisted
meetings
Benefit
To enhance meeting privacy settings, hosts can opt not to list the meeting on the
meeting calendar. To do this, remove the check mark from this option to help
prevent unauthorized access to the meeting and hide information about the
meeting, such as its host, topic, and starting time.
 An unlisted meeting does not appear in the meeting calendar on the Browse
Meetings page or on your Personal Meetings page.
 To join an unlisted meeting, attendees must provide a unique meeting number
 Unlisted meetings require the host to inform the meeting attendees, either by
sending a link in an email invitation, or hosts can enter the meeting number
via the Join Meetings page.
 Please Note: Listing a meeting reveals meeting titles and meeting information
publicly. If a meeting is not password protected, anyone can join it.
Tip: Choose a level of security based on the meeting's purpose. For example, if
you schedule a meeting to discuss your company picnic, you probably need to set
only a password for the meeting. On the other hand, if you schedule a meeting in
which you will discuss sensitive financial data, you may not want to list the
meeting on the meeting calendar. You may also choose to restrict access to the
meeting once all attendees have joined it.
Choose the
meeting Topic
carefully

A listed meeting or a forwarded invitation email could, at a minimum, reveal the
meeting titles to unintended audiences. Meeting titles can unintentionally
reveal private information, so ensure that titles are carefully worded to
minimize exposure of sensitive data, such as company names or events.
 Using complex meeting passwords for every session is the most important step
you can take to protect your meeting. While uncommon, site administrators
may choose to allow the creation of meetings without passwords. Under most
circumstances, protecting all meetings with a strong password is highly
recommended.
Secure meeting
with complex
password
 The most effective step to strengthen the security of your meeting is to create a
high-complexity, non-trivial password (strong password). A strong password
should include a mix of uppercase and lowercase letters, numbers and
special characters (for example, $Tu0psrOx!). Passwords protect against
unauthorized attendance because only users with access to the password will
be able to join the meeting.
 Please Note: Adding passwords to your meetings does not affect the meeting
join experience of authorized attendees. Participants can easily join a meeting
by clicking on the URL in the meeting invitation through email, via the WebEx
Page 2Page 2
10/6/2014
Cisco WebEx
Best Practices for Secure Meetings for Hosts
mobile application or other channels like Jabber.
 Do not reuse passwords for meetings. Scheduling meetings with the same
passwords weakens meeting protection considerably.
Exclude Meeting
Password from
invitations
Require attendees
to have an account
on your site
Use entry or exit
tone or announce
name feature
Restrict available
features
 If you invite attendees to a meeting, the meeting password does not appear in
the email invitations that attendees receive. You must provide the password to
attendees by another means, such as by phone.
 For highly sensitive meetings, exclude the meeting password from the
invitation email. This prevents unauthorized access to meeting details if the
invitation email message is forwarded to an unintended recipient.
 When this setting is enabled, all attendees must have a user account on your
site to attend the meeting. For information about how attendees can obtain a
user account, ask your site administrator.
 Options to enable this setting are shown below:
 Using this feature prevents someone from joining the audio portion of your
meeting without your knowledge
 This feature is enabled by default. To adjust the settings,
Select Participant > Entry and Exit Tone. (Not available for Training Center)

Limit the available features, such as chat and audio, if you allow attendees to
join the meeting before the host.
Request that
invitations not be
forwarded
 Request that your invitees do not forward the invitation further, especially for
confidential meetings.
Assign an
alternate host
 Assign an alternate host to start and control the meeting. This keeps meetings
more secure by eliminating the possibility that the host role will be assigned to
an unexpected, or unauthorized, attendee, in case you inadvertently lose your
connection to the meeting.
 Note: When inviting attendees to a scheduled meeting, you can designate one
or more attendees as alternate hosts for the meeting. An alternate host can
start the meeting and act as the host. Thus, an alternate host must have a
user account on your Meeting Center Web site
Page 3Page 3
10/6/2014
Cisco WebEx
Best Practices for Secure Meetings for Hosts
During the Meeting
 Lock the meeting once all attendees have joined the meeting. This will prevent additional
attendees from joining. Hosts can lock/unlock the meeting at any time while the session is in
progress.
Restrict access to
the meeting
 To lock a meeting, Select Meeting > Restrict Access.
Validate identity of
all users in a call
 Accounting for every attendee via a roll call is a secure practice. Ask users to
turn on their video or state their name to confirm their identity.
 Please Note:
o To attend a meeting via phone, a caller only needs to know a valid
WebEx dial-in number and the nine-digit meeting ID. Meeting
passwords do not prevent attendees from joining from the audio
conference portion of WebEx
o If attendees without an account are allowed to join the meeting,
then unauthorized users can identify themselves with any name in
your meeting.
Remove a
participant from
the meeting
 Participants can be expelled at any time during a meeting.
 Select the name of the participant whom you want to remove, then
select Participant >Expel
Share Content or
Applications, Not
Desktop
 Use Share >Application instead of Share >Desktop to share specific
applications and prevent accidental exposure of sensitive information on your
desktop.

Tip: This option prevents anyone from joining the meeting, including
participants who have been invited to the meeting but have not yet joined it.
To unlock a meeting, select Meeting > Restore Access
After the Meeting
 The best way to prevent unauthorized access to recordings is to not create
recordings.
Assign passwords
to recordings
 If recordings must be created, you can edit meeting recordings and add
passwords before sharing them to keep the information secure. Passwordprotected recordings require recipients to have the password in order to view
them
Delete Recordings
 Delete recordings after they are no longer relevant.
Page 4Page 4
10/6/2014
Cisco WebEx
Best Practices for Secure Meetings for Hosts
WebEx Personal Conferencing (PCN Meetings)
 Do not enable “Join before Host” for PCN for any user unless you fully
understand the security impact and require this functionality.
Personal
Conferencing
(PCN) in site
administration
 PCN Meetings use two randomly assigned 8-digit access codes for controlling
and accessing a personal conference (a host access code and an attendee
access code). These codes are static and are always available without prior
scheduling. If a PCN meeting is scheduled in advance, the host receives an
invitation with both host & attendee code while invitees receive a separate
invitation which includes (only) the attendee access code.
 With “Join before Host” disabled (recommended), a host must dial the WebEx
Access number for the audio bridge and enter the host access code and host
PIN before attendees can join the meeting.

With “Join before Host” enabled, attendees can join the meeting without the
host being in attendance. Enabling this setting can result in unintended
consequences including misuse of teleconferencing minutes.
 Create a strong Host PIN and protect it.
Personal
Conferencing
security for hosts
Conclusion

Your PIN is the last level of protection for prevention of unauthorized access to
your personal conferencing account. Should a person gain unauthorized
access to the host access code for a PCN meeting, the conference cannot be
started without the host PIN. Protect your host PIN and do not share it.
Taking a few extra steps when configuring site settings and when scheduling and
participating in a WebEx meeting can greatly enhance the meeting’s security and
privacy.
 Cisco WebEx Quick Start Guide
 WebEx Security White Paper
User Guides
and Knowledge  What Level of Security Should I have for my Scheduled Meeting?
Base articles
 How Do I Require All Meetings or Training Sessions to be Unlisted for the
for enhancing
Entire Site?
security and
 How Do I Schedule an Unlisted Meeting?
privacy
 How Do I Change an Unlisted Meeting to a Listed Meeting?
Page 5Page 5
10/6/2014