While users can access Exchange from nearly anywhere using Outlook Web Access (OWA), you need to educate them about the risks of accessing any Web application, including OWA, from a public computer.
Public computers and kiosks are not under your control. Administrators may have locked them down to thwart the installation of software such as keystroke recorders, but how do you know for sure? Logging in to any Web site that requires authentication from a public computer may compromise a user's password.
Another potential problem exists if users don't close the browser after using OWA. Clicking the Logoff button from an OWA session may not be enough to prevent unauthorized access from the browser.
How can you mitigate these risks? Consider incorporating the following guidelines into your company's acceptable usage policy:
There are third-party products that can prevent or help alleviate the risks of accessing OWA from public systems. Visit Microsoft's Web site to obtain a list of applications that help enforce security.