Skip to main content

Virtual Meeting Best Practices

Whether you're hosting a team check-in or a public webinar, securing your virtual meetings is essential.

With so many people working from home, webinars and conference calls have become the standard method for holding meetings or working collaboratively. But even though we have all become more security conscious when working online, we often overlook the security concerns of these virtual meetings. Given the current climate, it’s helpful to take a step back and think about the platform itself as well as what is to be discussed when you are hosting an online meeting.

Skip table of contents

Table of Contents

You skipped the table of contents section.

General Tips & Tricks

Below are shared recommendations to help you prevent disruptions like Zoom-bombing and ensure a safe, productive experience for all participants.

Before Your Meeting

  • Use Unique Meeting IDs: Avoid using your personal meeting room for public or recurring meetings.
  • Enable Waiting Rooms or Lobbies: Screen participants before admitting them into the meeting.
  • Require Passwords & share securely: Always set a strong password and share it through secure channels – don’t share it directly in the meeting invite. Refer to our password guidance for suggestions on creating a strong password.
  • Restrict Access to Authenticated Users: Limit entry to users who are signed in with verified accounts.
  • Require Registration: Collect attendee info and control access.
  • Prevent participants from entering before you do: use a Lobby feature, or disable any “Join before host” features.
  • Assign a Cohost: Ensure someone can manage the meeting if the host disconnects.

During Your Meeting

  • Consider using video: This will not only allow you another way to validate participants but will also give your meeting a more “personal” feeling.
  • Don’t record a meeting unless it’s necessary: Keep in mind that many states (including Massachusetts) require that you notify all attendees that a meeting will be recorded.
  • Lock the Meeting once it starts: Prevent late or unauthorized entries by locking the session.
  • Use Entry/Exit Tones or Name Announcements: Know when someone joins or leaves.
  • Remove Disruptive Participants: Most platforms allow hosts to remove attendees at any time.
  • Avoid Sharing Sensitive info: Confirm identities before discussing confidential topics.  When sharing screens, remind participants to hide sensitive information before doing so; share an individual application rather than your entire screen.

After Your Meeting

  • End the Meeting for All Participants: Don’t just leave - end the session to prevent lingering access.
  • Secure Recordings: Add passwords to recordings and delete them when no longer needed.

Commonly Used Collaboration Tools

By following these platform-specific best practices, you can significantly reduce the risk of unauthorized access and ensure a secure, professional virtual meeting experience.

You should only use a platform supported by your organization to host your meeting. Many security and privacy settings are set by company administrators, and certain features may not be available. If you are unsure which platform to use, contact your agency help desk. 

WebEx

  • Use Scheduled Meetings Over Personal Rooms: Scheduled meetings offer more robust security controls.
  • Enable Auto-Lock: Automatically lock meetings after a set time.
  • Use the Lobby Feature: Guests are placed in a lobby until admitted by the host.
  • Protect Your Audio PIN: Especially for Personal Conference Numbers (PCNs).
Additional information from WebEx:

Best practices for secure meetings - hosts (WebEx)

Zoom

  • Disable “Join Before Host”: Prevent participants from entering before you do.
  • Use the Security Tab During Meetings: Quickly enable the waiting room or remove participants.
  • Disable Personal Meeting ID for Public Sessions: Use auto-generated IDs for better protection.
  • Enable “Only Authenticated Users Can Join”: This also enables features like pre-assigned breakout rooms.
  • Adjust Default Settings: Go to Settings > Meetings to apply security defaults to all future meetings.
Additional information from Zoom:

Zoom user authentication settings (Zoom)

Keeping unauthorized users out of your meeting (Zoom)

Government Meeting Guidelines (Zoom for Government)

GoTo Meeting (by LogMeIn)

  • Use the "Attendee List" to view all meeting participants. Through the attendee pane, the moderator can give or revoke additional rights such as chat features or screen sharing.
  • Chat Mindfully: use the “Send to” drop-down menu to select the recipients of your message:
    • Everyone: All participants will see the message in their chat pane
    • Organizer(s) only: All Organizers will see the message in their chat pane
    • Individual attendee: Only the selected Organizer or attendee will receive the private message
Additional information from GoTo:

5 Best Practices for Staying Secure (GoTo)

Microsoft Teams

  • Verify external participants in the waiting room before giving them access.
  • Turn off incoming video for large meetings.
  • Remember that files shared within the meeting and chats may be retained on servers indefinitely. 
Additional information from Microsoft:

Microsoft Teams - Manage Meetings (Microsoft)

Contact

Online

For cybersecurity or risk management questions: Email Cybersecurity and Enterprise Risk Management at ERM@mass.gov

Address

McCormack Building
1 Ashburton Place, 8th Floor, Boston, MA 02108
Directions 

Related

Help Us Improve Mass.gov  with your feedback

Please do not include personal or contact information.
Feedback