Secure email in Outlook
Outlook is one of the most popular email clients in the world. But is it a good choice if you want a secure e-mail? And what does it really mean to have a secure email? How can you ensure that you send and receive e-mails in a secure way? In this blog we will look at the problem with secure mail and Outlook and how I can receive and send secure mail in Outlook.
What does it mean to have a secure email?
A secure email means that the email you send or receive is protected against unauthorized access and hacking. A secure e-mail also ensures that only the intended recipient can read the content of the e-mail, and that data or content cannot be changed along the way. Secure mail includes authentication of sender and recipient as well as protection against spam, phishing and other forms of malicious content. Having a secure email is fundamental if you are to transfer personal data.
The problem with secure mail and Outlook
Outlook is a secure email client, but that does not mean that emails sent or received in Outlook are automatically secure. Outlook is simply an e-mail client. When you send an e-mail, it travels through many different servers and networks before it finally reaches its destination. It is still possible for unauthorized persons to gain access to the contents of the email. This applies both when the email is en route or when it is in sent mail afterwards. This happens because Outlook send emails unencrypted by default. If you want Outlook to send data securely, you must acquire a license for Office 365 E3.
Get ShareSimple FREE for one user today!
How to send secure mail in Outlook?
If you do not want to buy an E3 license in Outlook, you should actually not send data in emails at all if you want to transfer content in emails securely. Instead, you should send the content via another service. Here you have three options:
1. Certificate-based solution
A certificate-based email solution uses digital certificates to authenticate the sender and encrypt the content of the email. Certificates act as digital identities and can be issued by a certification authority. When an email is sent from a certificate-based email account, the email includes a digital certificate that can be verified by the recipient to ensure that the email was sent by the correct sender and has not been altered along the way. This solution requires a local installation at both sender and receiver.
2. Tunnel mail
This is a Danish invention that uses encryption and tunneling to protect emails during transmission. It works by creating an encrypted tunnel between the sender’s and recipient’s mail servers. The mail is sent through this tunnel, from which it is protected.
3. An upload portal
This solution works by attaching the file to an email, but instead of the file being in the email, it is uploaded to a secure location. The recipient receives a link in the email from which the file can be accessed. An upload portal does not require certificates or special installation.
Choose the right encryption method
You must be sure that the service you use to send and receive content in emails uses a proper encryption method. As a starting point, there are four different encryption methods, namely S/MIME, PGP, DKIM or TLS.
S/MIME
S/MIME is an encryption and digital signature method for e-mails that requires a valid certificate from both the sender and recipient. The configuration can be difficult and can lead to incompatibility issues, making the solution problematic for individuals and organizations.
PGP
PGP (Pretty Good Privacy) is an encryption method for e-mails that requires third-party software on both the sender and receiver side. It is often used by individuals and organizations that want high security and confidentiality, but can be complex to use and incur additional costs and incompatibility issues. PSG also has known security holes.
DKIM
DKIM (DomainKeys Identified Mail) combats spam and forgery of sender addresses in e-mails by signing e-mails with a digital signature that is verified by the recipient’s e-mail server. It can lead to false positives and block legitimate emails, and it focuses primarily on protecting against spoofing sender addresses and not on encrypting the content of emails.
TLS
TLS is an encryption protocol used to secure network communications, including email communications. TLS encrypts emails as they are sent and retrieved and is based on public-key encryption. It requires certificates and digital signatures for authentication. Mail servers exchange security certificates with public keys and use them to encrypt and decrypt emails. TLS requires support from both the sender’s and recipient’s mail servers.
How to receive secure mail in Outlook?
The same principles and encryption methods apply here as when you send emails. When you need to receive files or data by mail in Outlook, you must have an E3 license. If you do not have this, you should avoid sending it in the mail in Outlook. You should use a service instead. Here you can either use a certificate-based solution, tunnel post or an upload portal.
The easy way to secure mail in Outlook
Having a secure email is essential for handling personal data responsibly. The emails you send and receive in Outlook are not necessarily secure. Here you have to either acquire an E3 license for Outlook or use a service that encrypts the data that is transferred.
At Safe Onlines, we have developed ShareSimple for Outlook. ShareSimple is an upload portal that completely removes sensitive content from emails. ShareSimple uses the TLS 1.2 encryption method during transmission and RSA encryption when the email is sent or received. In this way, you can be sure that you can both send and receive data in Outlook. Furthermore, ShareSimple also ensures that data is deleted after a given period, which is a requirement in the GDPR.
Sebastian Allerelli
Governance, Risk & Compliance Specialist
Follow me on LinkedIn to get tips on GDPR →
