Webex is a video conferencing platform known for its commitment to security, but there are still risks journalists must keep in mind. In Part 4 of this series on video conferencing for Reporters Without Borders (RSF), tech security expert Bence Kócsi explains the benefits and risks of using Webex, and steps journalists should take to use the platform safely.
Webex is developed by the US digital communications tech company Cisco. Though less widely known than other video conferencing apps in this series, Webex is increasingly the platform of choice for security conscious journalists, despite its connection sometimes slower than other apps.
Risks of using Webex
- Multiple vulnerabilities have been reported. However, these have all been considered non-major, and were quickly patched by Webex.
- Webex has an attention-tracking feature that can alert the host when a participant is interacting with another window. Intended to help educators keep students engaged, attention-tracking doesn’t give the host any information about what the participant is doing, but journalists should keep this feature in mind. Attention-tracking was removed from Zoom in 2020 following backlash over privacy concerns.
- Dial-in feature is not secure. Participants who dial-in to Webex meetings over the phone compromise the security of the whole call. Data sent over the telephone network is unencrypted and easy to intercept.
Webex’s in-built security features
- Multi-factor authentication (MFA). Webex is compatible with popular authentication apps like Duo and Google Authenticator. MFA can be made mandatory by the host, and can be set per-participant, meaning it is much harder for an unwanted guest to join.
- Encrypted communication. Webex employs high-level encryption across the platform by default, protecting user data from hackers and internet service providers (ISPs). It also has the option for end-to-end encrypted meetings which hides the communication even from Webex itself.
- Password protection. When setting up a password-protected meeting, it is possible to exclude the password from the invitation email and send it separately to another point of contact, that way if the invitee’s email is compromised, the hacker cannot access the meeting through the invite alone.
- Webex protects its users’ privacy. The parent company, Cisco, has spoken out against government agencies asking for access to user data.
Recommendations when using Webex
- Enable multi-factor authentication. That way if a hacker gains access to a Webex account, they still can’t join meetings or alter security settings.
- Use end-to-end encryption for meetings. This feature has to be enabled manually.
- Use password-protection and multiple routes of communication in case a participant’s email or messaging app is compromised.
- Lock meetings once they have started to prevent additional people joining.
- Keep the Webex app up-to-date. As vulnerabilities are found, Webex rolls out regular security updates. Always update the app before using it.
← Read Part 1: Common security risks
← Read Part 2: Zoom
← Read Part 3: Google Meet
Bence Kócsi is an experienced freelance editor, writer, and researcher. He has been focusing on a wide range of topics including digital security, technology, historical linguistics, politics, and medicine.