New Security Defaults Coming to Webex

by Randy Hollowell, IT Services

As Miami has moved to a landscape of remote instruction and work, the use of collaboration tools like Webex has increased significantly. As a result, Miami has been constantly working with the vendor to improve quality, consistency, and security.

laptop sitting on the grassNew security measures

After reviewing our current security settings, Miami will be instituting several global changes for Webex to better align with industry best practices. These updates will go into effect on Tuesday, April 7, at 7:00 am and are outlined below.

  1. All meetings, events, and sessions will require a password. Passwords are created automatically by Webex and sent to all registered participants via email and the calendar invitation. If an invited Miami user is signed into Webex they will NOT need to manually enter the password. Only non-Miami invited guests will need to enter it.
  2. Restrict unauthorized users for personal rooms. Your Webex Personal Room is your own static virtual conference space that you can use for meetings at any time. Attendees that are signed into Webex will be allowed into unlocked personal rooms and attendees who have not logged in must wait in the lobby until the host manually admits them. The host sees a list of who is waiting and can choose who to admit.
  3. Enforce meeting passwords when joining from a phone. Users that do not use the Webex app, but call into a meeting through voice-only will be required to enter the meeting password that is sent out through email and the calendar invitation. This creates consistent security levels for all devices.

Current security settings

There are some security features that have already been enabled.

  1. Make all meetings unlisted. Meeting titles and topics are currently hidden from non-participants in the Webex control hub.
  2. Enforce personal room locking after a default time. This has been set to lock at five minutes after a meeting starts. After this time authenticated guests can enter, but unauthenticated guests will need to be let in manually by the host. Visit Lock or Unlock your Webex Personal Room for more information.
  3. Webex sessions in Canvas. Sessions/meetings that have been scheduled through Canvas already have the password requirement built in, so they will not have to be recreated after the security updates have been initiated.

What to do with existing meetings

The new global changes will only affect meetings scheduled after 7:00 am on April 7. If you have sessions that have already been scheduled, IT Services and eLearning Miami strongly recommend that after the changes are made on April 7, you cancel the scheduled sessions and recreate them to take advantage of the updated security protocols.

The exception to this are sessions that have been scheduled through Canvas. These meetings/classes already have the password requirement built in.

We believe these changes should not cause too much of a disruption and are necessary to enhance the safety and security of all Miami Webex users, specifically to curtail video conferencing attacks. For more information about using Webex at Miami, please visit Knowledge Base: Webex.