Best practices for secure meetings: hosts

Meetings, events, webinars, and training sessions that you host are under your purview as the host, which means that you have the last say over how the security settings are configured. You are in charge of practically every aspect of the gathering, event, webinar, or training session, including determining when it starts and when it concludes.

Maintain the privacy of both your meetings and your information. Acquire knowledge of, and compliance with, the organization’s security policies. When you are scheduling a meeting, while you are in a meeting, and after a meeting, you should follow the best practices for security.

• Use Meeting Lobby and Auto Lock controls when available.
• Don’t publish passwords to publicly accessible websites.
• Don’t share your Audio PIN with anyone.
• Provide meeting passwords only to users who need them.
• Never share sensitive information in your meeting until you’re certain who is in attendance.

Secure your Personal Room

Webex Meetings Personal Rooms are a type of Webex meeting that are consistently accessible to the individual who is hosting the conference. Once a participant has joined the meeting, the host will activate their Personal Room and then deactivate the meeting room once the participant has left. Personal Rooms offer a speedy and hassle-free method for trustworthy participants to get together, and as a result, they only come with a limited range of security settings that can be customized. If the safety of the gathering is of the utmost importance to you, we strongly suggest that you make use of scheduled Webex meetings, as these events come equipped with an extensive range of security settings that may be customized.

Personal Room lobby

Each and every Personal Room meeting has access to the lobby enabled by default. When you start a meeting in your Personal Room with this default configuration, and the meeting is unlocked, all of your guests will be placed in the lobby until you (the host) admit them into the meeting.

The following characteristics make up a guest:

• Not signed in (identity isn’t authenticated)

• Signed in, but belongs to an external organization

anyone in your organization who have signed in with a Webex account using a host or attendee license are able to join unlocked meetings directly even though the default setting is “They wait in the lobby until the host admits them.” If you change this setting, anyone in your organization will be able to join unlocked meetings immediately.

They wait in the lobby until the host accepts them, which is the default setting for the Webex site administrator to modify the lobby setting to one of the following options for all Personal Rooms in your organization:

• They can join the meeting – This function disables the lobby for all Personal Rooms in your organization, making it possible for anyone to immediately join your Personal Room meeting as long as it is unlocked. We strongly advise against deactivating the lobby because doing so makes your meeting susceptible to fraudulent meeting tolls and unwelcome guests joining your meeting.
  

• They can’t join the meeting – In order to participate in the meeting, each attendee has to have an account on your website and be signed in to that account. With this option enabled, Personal Room meetings are restricted to members of your organization only, meaning that only those working for you will have access to them.

When individuals are brought into the lobby of your Personal Room, they are sorted into one of the following three groups in order to simplify the screening process and the meeting admission decisions you must make:

• Internal users (authenticated users in your organization)

• External users (authenticated users in external organizations)

• Unverified users (users who haven’t signed in and aren’t authenticated)

Users who have been authenticated both internally and outside have logged in and had their identities validated. Because they haven’t gone through the authentication process, unverified users, also known as users who haven’t signed in, can’t have their identities taken at face value as being true.

Auto lock your Personal Room

while you lock the door to your Personal Room, it changes how everyone else behaves while entering the meeting. When the meeting is locked, everyone is required to wait in the lobby in order to be let in by the host until the meeting is unlocked.

Your site administrator may also create a setting that is more stringent, and this setting may apply to all of the Personal Rooms in your business. When this setting is on, it prevents anyone from joining the meeting at all, making it one of the most restrictive options available.

You, as the host of the meeting, always have the ability to lock and unlock your meeting while it is taking place by utilizing the controls that are provided within the conference.

On your Webex site, navigate to the Preferences menu and then click on the My Personal Room option. This will allow you to automate the locking of your Personal Room.

Your Personal Room will automatically close after 5 minutes of inactivity. We strongly suggest that you preserve this setting so that the door to your Personal Room will close and lock as soon as your meeting begins.

This configuration locks your room and stops attendees from instantly joining the meeting when they arrive. When this option is selected, you will be notified whenever attendees are waiting in the lobby. You can do attendance verification in the foyer, so that only approved attendees are allowed into the meeting.

Your site administrator has the ability to prevent you from modifying the autolock setting and the autolock time period for your Personal Room. This can be done by locking both of these settings. The default autolock value for your Personal Room will be set by this administrative feature, but you will always have the ability to unlock and relock your meeting while it is in session.

Think of the URL for your Personal Room as if it were a public URL; if they knew it, anyone can wait for you in the lobby of your room. Always double check the user identities of prospective attendees before letting them into your room.

Personal Room notifications before a meeting

When individuals enter the lobby of your Personal Room, they have the option of sending you an email notification to let you know that they are currently awaiting the start of a meeting. Even unwelcome guests who find their way into the lobby of your Personal Room have the ability to send notifications.

Before you begin a meeting, it is highly recommended that you check any alerts that have been sent to you via email in order to exclude any uninvited guests.

Consider turning off these email notifications if you are receiving an excessive number of messages from people who are not permitted to attend the event. Go to your Webex site’s Preferences menu, then click on “My Personal Room,” then de-select the box labeled “Notify me by email when someone enters my Personal Room lobby while I am away.”

Personal Room notifications during a meeting

You will be able to investigate anyone who is waiting in your lobby if you lock your Personal Room. Notifications will alert you if a new person enters the lobby while you are in a locked meeting; from there, you can decide whether or not to let them in. You have the option of admitting only certain individuals to the meeting when many attendees wait in the foyer of your Personal Room, or you can choose to let all of the waiting attendees in.

Secure scheduled meetings

Scheduled meetings

When it comes to matters of confidentiality that are crucial to you or your company, the sort of meeting that we advise using is scheduled Webex. Scheduled meetings are one-time meetings that are protected by a password and contain a wide range of security measures, including controls over the meeting features as well as controls over the attendees. Please refer to the actions that are outlined below to ensure the safety of your upcoming appointments.

Choose the meeting topic carefully

A meeting that is publicly advertised or an invitation email that is sent may, at the very least, reveal the meeting titles to audiences that were not intended to see them. It’s possible for the names of meetings to inadvertently divulge sensitive information. Meeting titles should be crafted with care to prevent the accidental disclosure of confidential information such as corporate names or upcoming events.

Exclude the meeting password from the invitations

For gatherings, webinars, events, or training sessions that are extremely confidential, the password should not be included in the invitation email. If the meeting invitation email message is accidentally forwarded to the wrong person, this safety precaution will prevent unauthorized access to the meeting’s specifics.

When you plan a meeting, webinar, event, or training session, you have the option to “Exclude password from email invitation.” Selecting this option causes the password to be omitted from the invitation. Give the password to the participants by an other method, such as over the phone.

This feature is not supported by Webex Webinars at this time.

Scheduled meeting room lobby

For Webex versions 43.3 and later, the lobby will be automatically enabled for any and all Webex meetings that have been booked. On existing websites that do not have the lobby activated by default, no changes are made to such websites.

All of your visitors will be herded into the lobby as soon as the scheduled meeting begins and the door to the meeting space is unlocked, and they will remain there until you (the host) decide to let them in. People who have gotten a meeting invite and have signed in with a Webex account are able to attend unlocked meetings directly without having to go via the lobby.

The following characteristics make up a guest:

• Not signed in (identity isn’t authenticated)

• Signed in, but belongs to an external organization

They wait in the lobby until the host lets them in is the default setting for the lobby when you book a meeting on your Webex site. However, this setting can be changed to either They can join the meeting or They can’t join the meeting, depending on the admin security settings for your site. You have the ability to alter this setting when you schedule a meeting.

In the event that your Webex site previously utilized the settings for Unlocked meetings, the comparable setting for Auto admit will now be applied automatically. For instance, You are welcome to join the meeting would become You are welcome to join the meeting. Guests are required to wait in the foyer until they are admitted by the host. They must wait in the lobby until the host allows them to enter the establishment.

When individuals are brought into the lobby of your meeting, they are sorted into one of three categories in order to simplify the screening process and the decisions regarding meeting admission:

• Internal users (authenticated users in your organization)

• External users (authenticated users in external organizations)

• Unverified users (users who haven’t signed in and aren’t authenticated)

Users who have been authenticated both internally and outside have logged in and had their identities validated. The identities of users who have not been confirmed cannot be considered to be accurate because those users have not been authenticated.

You have the ability to let individuals in the lobby or kick them out, either one at a time or in groups.

Auto lock for scheduled meetings

When you lock your meeting, it changes the way people interact with the meeting entrance behavior. When you lock your meeting, everyone will have to wait in the lobby until the host lets them in. This is the default behavior.

Your organization’s site administrator may also select a setting that is more stringent to apply to all of the planned meetings that users in your organization will be hosting. When this setting is on, it prevents anyone from joining the meeting at all, making it one of the most restrictive options available.

You, as the host of the meeting, always have the ability to lock and unlock your meeting while it is taking place by utilizing the controls that are provided within the conference.

You can plan a meeting, and then from the controls in the Security area of your Webex site, you can set the meeting to automatically lock after a certain amount of time.

Your scheduled meeting will automatically end 5 minutes after it has been scheduled. This is the default setting. We strongly suggest that you preserve this setting so that your scheduled meeting will be locked immediately after it begins, preventing attendees from automatically entering the meeting after it has begun.

When this option is selected, you will be notified whenever attendees are waiting in the lobby. You are able to conduct security checks on individuals in the lobby before admitting only authorized guests to your meeting.

Your site administrator has the ability to lock the auto lock setting and specify the time period for auto lock for your planned meetings so that you are unable to make any changes to them. This administrative feature sets the default auto lock value for your scheduled meeting; however, you are free to unlock and relock your meeting at any time while it is already in process.

Require invitees to register for your meeting, event, or training session

Before participating in any gathering, whether it be a meeting, webinar, event, or training session, you can stipulate that invitees must first register. Because of this, you are able to keep track of the invitees who intend to attend your gathering, event, or training session, as well as acquire information about those individuals.

Activating this feature takes place throughout the scheduling process. You may enable this setting in Webex Meetings and Webex Webinars by navigating to the Advanced settings menu and selecting the Require attendee registration option under the Registration heading.

Use entry or exit tone or announce name feature

If you make use of this function, it will prevent someone from sneaking into the audio component of your meeting without your awareness. This function is activated automatically for all Webex Meetings and Webex Training sessions. You have the option of selecting a tone from a drop-down menu in the Entry and exit tone section of the Preferences menu located under the Audio and Video heading.

Go to Audio connection settings while you are planning your meeting, webinar, event, or training session, and under the Entry and exit tone section, choose a tone option from the drop-down list. This will allow you to customize the tone that is played as participants enter and leave the meeting.

Attendees who join the meeting using the Use computer for audio option are not given the opportunity to record and declare their names if you use the Webex audio option and select the announce name feature at the same time.

Restrict available features

If you let participants join the meeting, webinar, event, or training session before the host does, you should put restrictions on the capabilities that are available to them, such as chat and audio.

Request that invitees not forward invitations

You should specifically ask anyone you’ve invited to not share the invitation with anybody else, especially for private gatherings.

Assign a cohost

To ensure that the event, meeting, webinar, or training session gets off to a smooth start, a cohost should be appointed. This technique makes gatherings such as meetings, webinars, events, and training sessions safer by removing the likelihood that the host role would be delegated to an unanticipated or unauthorized guest in the event that you lose your connection to the meeting.

You have the option of designating one or more attendees to a planned meeting as cohosts for the meeting when you invite guests to attend the meeting. A cohost may initiate the meeting and serve as the host for the duration of the event. Therefore, a cohost is required to have a user account on the Webex site in question.

Security during the meeting

Restrict access to the meeting

After everyone who was going to attend has logged in, lock the meeting, webinar, event, or training session. Because of this, fewer people will sign up to attend. The meeting, webinar, event, or training session can be locked or unlocked by the hosts at any time while the session is taking place. Simply click followed by the slider located next to Lock Meeting in order to make a meeting that you are presently hosting inaccessible to others.

By selecting this option, no one will be automatically added to the meeting, webinar, event, or training session. Simply click, then move the slider located next to Lock Meeting to the Unlock position, and you will be able to unlock any meeting that you are now hosting.

Validate the identity of all users in a call

A safe procedure is to use a roll call in order to identify and account for every person who is present. To verify the identification of people, you can either ask them to turn on their video or give their name.

A caller needs a working Webex dial-in number in addition to the nine- to eleven-digit meeting ID in order to participate in a meeting by using their phone. It is possible for attendees who join the meeting by phone but do not have a password to participate in the audio conference component of the gathering if this is authorized on your site.

Attendees who do not have accounts can participate in the meeting if this is allowed on your website. During your meeting, unauthorized users could identify themselves by using any name they wanted.