Skip to Main Content

StayCyberAware

WebEx Best Practices

Auto Lock Personal Room for secure meetings.  This prevents all attendees in your lobby from automatically joining in the meeting. The host will see a notification when attendees are waiting in the lobby and as the host, you will authorize the attendees to join. This can be done from My Webex > Preferences > My Personal Room on your Webex site.

Set Personal Room Notifications before a Meeting to receive an email notification when attendees are waiting for a meeting to begin. You will then be able to review the participant list and expel any unauthorized attendees.

Schedule a Meeting instead of using your Personal Room.  Personal Rooms web links do not change.  Improve security by scheduling a meeting which includes a one-time web link.

Scheduled Meetings are unlisted by default by the Site Administrator for all Webex sites. Unlisting Meetings enhances security by requiring the host to inform the meeting attendees, either by sending a link in an email invitation, or hosts can enter the meeting number using the Join Meetings page. Listing a meeting reveals meeting titles and meeting information publicly.

Set a password for every Meeting by creating a high-complexity, non-trivial password (strong password).  A strong password should include a mix of uppercase and lowercase letters, numbers and special characters (for example, $Ta0qedOx!). Passwords protect against unauthorized attendance since only users with access to the password will be able to join the meeting.

Do not reuse passwords for meetings. Scheduling meetings with the same passwords weakens meeting protection considerably.

Use Entry or Exit Tone or Announce Name Feature to prevent someone from joining the audio portion of your meeting without your knowledge. This feature is enabled by default for Webex Meetings.  For notifications, select Audio Conference Settings > Entry and exit tone > Beep or Announce Name. Otherwise, select No Tone.

Do not allow attendees or panelists to join before host.  This setting is set by default by the Site Administrator for Meetings.

Assign an alternate host to start and control the meeting. This keeps meeting more secure by eliminating the possibility that the host role will be assigned to an unexpected, or unauthorized, attendee, in case you inadvertently lose your connection to the meeting. One or more alternate hosts can be chosen when scheduling a meeting. An alternate host can start the meeting and act as the host. The alternate host must have a user account on your Webex Meetings website.

Lock the meeting once all attendees have joined the meeting. This will prevent additional attendees from joining.  Hosts can lock/unlock the meeting at any time while the session is in progress.

Expel Attendees at any time during a meeting. Select the name of the attendee whom you want to remove, then select Participant > Expel.

Share an Application instead of sharing your Screen to prevent accidental exposure of sensitive information on your screen. Ex. Microsoft Office products, Web browsers, etc.

Set password for your recordings before sharing them to keep the recording secure. Password-protected recordings require recipients to have the password in order to view them.

Delete recordings after they are no longer relevant.

Create a Host Audio PIN. Your PIN is the last level of protection for prevention of unauthorized access to your personal conferencing account. Should a person gain unauthorized access to the host access code for a Personal Conference Meeting (PCN Meeting), the conference cannot be started without the Audio PIN.  Protect your Audio PIN and do not share it.

Do not click on emails where you don't know the sender, email has inconsistencies with grammar and/or spelling, or contain a web link you're unfamiliar with.

Zoom Best Practices:

Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.

Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.

Add a passcode to your meeting, then share that passcode with your guests. Once set, the passcode is required in order to enter the meeting.

Manage screensharing options. In Zoom, change screensharing to “Host Only.”

Ensure users are using the updated version of remote access/meeting applications.

Do not use Facebook to sign in: It might save time, but it is a poor security practice and dramatically increases the amount of personal data Zoom has access to.

Use two devices during Zoom calls: If you are attending a Zoom call on your computer, use your phone to check your email or chat with other call attendees. Don't use your personal meeting ID for meetings.  A Zoom Personal meeting ID is the same as a Personal Room meeting in WebEx.

Consider turning on the “waiting room” for your meeting so that you can scan who wants to join before letting everyone in.

If you don't want participants to join/interact before the host enters, uncheck "Join Before Host". Set an alternate host if you need a backup host.

Disable "Allow Removed Participants to Rejoin" so that participants who you have removed from your session cannot re-enter.

Disable "File Transfer" unless you know this feature will be required.

Disable annotation if you don't need it.

Scammers use email or text messages to trick you into giving them your personal information. They may try to steal your passwords, account numbers, or Social Security numbers. If they get that information, they could gain access to your email, bank, or other accounts. Scammers launch thousands of phishing attacks like these every day — and they’re often successful. The FBI’s Internet Crime Complaint Center reported that people lost $30 million to phishing schemes in one year. But there are several things you can do to protect yourself.

Read More

  1.  Use the latest version of your virus/spyware software.
  2.  Update your virus/spyware software regularly.
  3.  Scan your computers for virus/spyware on a regular basis.
  1.   Think before clicking.
  2.   Use extreme caution before you take action.
  3.   Verify links that may be included in an email.
  4.   Don't open emails from unknown sources.

When accessing websites online or using various online services, you are often asked to create a unique user name and password.  A password is a unique identifier of letters and/or numbers which allow a computer user to gain access to a computer and all of its files.  In addition, most online activity (such as shopping, participating in an online discussion, or simply signing up to receive a coupon or an electronic newsletter) now requires the selection of a user name and a password.

Secure Passwords

Ideally, a secure password is one which no one else can guess and which is resistant to being hacked. Hacking occurs when one's online information is breached. This leads to the danger of having one's identity, credit card information, and/or money stolen. In order to make your passwords less susceptible to compromise, you should seek to create passwords that avoid dictionary words and use six or more characters with a mix of letters and numbers and uppercase and lowercase letters to create the strongest password possible. You should also create a new password for each site on which you engage in online commerce. Avoid using the same password for all of your online accounts - and never share these passwords with anyone.

Since users are being asked more and more to think of unique user names and/or passwords, many are resorting to less than creative solutions. For example, many users will choose easy to remember passwords (such as admin, 12345, their own first name or year of birth, or even the word "password") to make this process more manageable. Unfortunately, these solutions are risky as they make one much more susceptible to a computer hacker. Avoid the use of obvious passwords such as your birthday, nickname, mother's maiden name, phone number, or the name of your pet.

Many Internet service providers now offer guidance on strategies to select a password which is less likely to be hacked. These strategies include:

  • Choose a long password (12 or more characters) rather than a short one.
  • Instead of a single word, use a combination of uppercase and lowercase letters, numbers, and/or symbols.
  • Avoid using dictionary words.
  • Use a phrase for a password such as "mydogsnameisfluffy."
  • Create a password which is actually an acronym for a phrase that only you would know, such as: "My favorite food is the Chicago style pizza they have at 19 Main Street," which becomes the password: MffitCspth@19MS.
  • Take advantage of free password selecting software located via any Internet search engine.

Storing Passwords

Some websites provide the user with an option to allow the computer to remember usernames and/or passwords. Although this is a convenient feature, in general, it is more prudent not to rely on these options. It is recommended that you use the "Delete stored passwords" feature (typically found under "tools" and then "Internet options"), available through most Internet browsers, to increase your password security.

  1.   Avoid opening emails and clicking on links in email messages.
  2.   Don't buy anything from a spammer.
  3.   Don't be tempted to reply.
  4.   Avoid 'unsubscribe' options on spam emails.

What is it?

Disaster recovery plans (DRP) seek to quickly redirect available resources into restoring data and information systems following a disaster. A disaster can be classified as a sudden event, including an accident or natural disaster, that creates wide scoping, detrimental damage. In information management, DRPs are considered a critical subset of an entity's larger business continuity plan (BCP), which seeks to prepare for, prevent, and recover from potential threats affecting an organization. While BCPs address all facets of an organization, DRPs specifically focus on technology. DRPs provide instructions to follow when responding to various disasters, including both cyber and environment-related events. DRPs differ from incident response plans that focus on information gathering and coordinated decision making to understand and address a specific event.

Why does it matter?

When DRPs are properly designed and executed, they enable the efficient recovery of critical systems and help an organization avoid further damage to mission-critical operations. Benefits include minimizing recovery time and possible delays, preventing potential legal liability, improving security, and avoiding potentially damaging last minute decision making during a disaster.

Apart from their specific focus on technology, DRPs and the process for developing them are no different than the range of emergency response protocols and backup plans developed to address potential issues or disruptions. The lessons learned from those exercises are often valuable to DRP development. You develop these plans due to the potential risk impacts during key operational periods.

What you can do?

You should have a comprehensive DRP in place and regularly exercise it to ensure effectiveness. In order to create an effective DRP, we recommend the following:

  • Include relevant stakeholders from the various business units that may be impacted in the planning process.
  • Conduct a business impact analysis (BIA) to identify and prioritize critical systems.
  • Test your DRP.
  • Conduct after action reviews to identify what went right, what went wrong, and make improvements.
  • Regularly review the DRP to ensure contacts are up to date and procedures are still effective and relevant.

What are they?

A backup is a copy of the system or network’s data for file restoration or archival purposes. Backups are an essential part of a continuity of operations plan as they allow for data protection and recovery.

To successfully backup data, administrators use one of the three backup types: full, differential, and incremental, or a combination of the types. A full backup copies the whole system, or all of the network’s data, every time a backup is completed. A differential backup copies anything that has changed since the previous full backup was completed. Lastly, an incremental backup is a backup of any changes since the last backup, whether that happened to be a full or differential backup.

Full backups are the most complete, allowing for a faster restore process, but are also slower and more expensive to implement. Incremental backups are the fastest and most cost effective to implement because they only include changed information, but restoring the system is slow because it requires reinstalling from many backups to ensure all information is retrieved. For this reason, many administrators perform a combination of backups, creating weekly full backups, supplemented by differential and incremental backups.

Why do they matter?

Backups are necessary due to the constant threat of modification or erasure of data due to accidental deletions; malware and ransomware; natural disasters; or other events. CIS Control 10 advises the creation of processes and tools to properly back-up critical information with a proven methodology for timely recovery of it. Backups also play a crucial role in expediting the recovery from malicious cyber activity; allowing the restoration of a system to a reliable state that is free of malware infections and retains the original data. Rebuilding or reimaging an infected system from a known good backup or fresh operating system installation is a common best practice in incident response.

What can you do?

An effective backup strategy consists of six components: data classification, frequency, encrypted, offline, offsite, and tested. In addition, best practices dictate that any time major system upgrades or changes occur, technical staff should re-evaluate and test the backups.

1.   Data Classification – Classifying data by its importance and sensitivity is part of the risk management process and will help you determine what, and how frequently, that data should be backed up. 

2.   Frequency – Utilize a risk management process to identify the frequency in which the data should be backed up, based on how much data loss would be acceptable in the event of a catastrophic failure. The amount of data that can be lost (e.g. 24 hours’ worth) should then be used to determine how often data should be backed up. When making this decision, look back to your data classification. Data that is classified as essential should be backed up more often than less important data. Additionally, examine whether you will back up everything every time, or only the newer data that has been added to the system.

3.   Encrypted– To ensure data integrity, backups should be encrypted. Having the backup encrypted will safeguard it if someone unauthorized tries to access it.

4.   Offline – Storing backups offline is an industry best practice that reduces the risk of malware infecting the copies. Some malware, such as ransomware, will specifically look for backups that are available on the network to hinder the recovery process.

5.   Offsite – Decide where and how often the backups will be stored offsite. Industry best practice dictates that backups should be stored offsite to ensure recovery is possible in the event of disasters, such as fire or flooding. Offsite backups could be physical copies or cloud based. The backup location is vital to the recovery process and must be a place where the backups will be secure and quickly accessible. The backup’s accessibility is directly tied to your recovery objective (how fast you need the data restored), which should be taken into consideration.

6.   Tested– Testing the backup’s integrity and the ability to successfully restore a system from the backup is essential to a successful restoration. This ensures that, if needed, the backups will be able to restore what has been corrupted or destroyed.