Tech Tip: Educate users about public OWA access

While users can access Exchange from nearly anywhere using Outlook Web Access (OWA), you need to educate them about the risks of accessing any Web application, including OWA, from a public computer.

Public computers and kiosks are not under your control. Administrators may have locked them down to thwart the installation of software such as keystroke recorders, but how do you know for sure? Logging in to any Web site that requires authentication from a public computer may compromise a user's password.

Another potential problem exists if users don't close the browser after using OWA. Clicking the Logoff button from an OWA session may not be enough to prevent unauthorized access from the browser.

How can you mitigate these risks? Consider incorporating the following guidelines into your company's acceptable usage policy:

  • Discourage users from logging into OWA from kiosks or other public systems, and educate them about the risks associated with using public computers.
  • If users find that they must log in from a public computer for some reason, they should consider their password compromised and change it at the first opportunity.
  • Instruct users to close the browser when finished with an OWA session if they use a public computer.

There are third-party products that can prevent or help alleviate the risks of accessing OWA from public systems. Visit Microsoft's Web site to obtain a list of applications that help enforce security.

Editor's Picks

Free Newsletters, In your Inbox