So reading that it was OWA (Outlook Web Access) that was the flaw. I know my company ditched that years ago citing security concerns. It's probably the small organizations that have the issues the most, but then you get into what could have been done. Centralize more? Ugh I hope not.

I guess they could use something other than MS, but I used to contract with small businesses in this very type thing, and since most of those places are not tech savvy, already Windows-heavy, and often concerned about cost, MS servers just make sense. Sure the software isn't free, but it's a hell of a lot easier to set up the way they want, since it plays nice with Windows and Outlook by default. Which means less time spent and therefore less cost. The companies I worked with were too small for their own IT employee and paid me to come in at an hourly rate.