Cisco has warned customers to lock down WebEx after a security researcher and journalist found many big-name companies left some online meetings open for anyone to join.
Brian Krebs wrote on his blog that he found companies and organizations that failed to password protect WebEx meetings, which allowed “anyone to join daily meetings about apparently internal discussions and planning sessions.”
Meeting schedules for organizations were available through WebEx’s “Event Center,” he wrote.
Cisco has a variety of options for WebEx that are intended to accommodate sensitive meetings and ones intended for the public.
For example, Cisco requires a password to be set by default for a meeting, but that option can be turned off, wrote Aaron Lewis, who works in global social media marketing, on a company blog.
“The most secure meetings will always be protected by a complex password,” Lewis wrote.
Companies may publicly list a meeting for webinars that anyone can join, but “if your WebEx site administrator or IT department allows listed meetings, then we recommend listing your meeting only if there is a true business reason,” Lewis wrote.
Another tip is to disable the option “join before host,” which will then give the host visibility on who has joined. Also, setting the “host as presenter” prevents someone else form joining the meeting and sharing content, Lewis wrote.
Krebs wrote he found meetings not protected by a password from a host of companies and organizations, including Charles Schwab, CSC, CBS, CVS, The U.S. Department of Energy, Fannie Mae, Jones Day, Orbitz, Paychex Services and Union Pacific.