How to get secure email in Outlook

Microsoft Outlook is one of the most popular email clients worldwide. But is it a good choice for having a safe mail? This blog explores whether using Outlook can provide a secure email. In doing so, I’ll examine what constitutes an email and the considerations needed to establish secure email.

To understand how to get a secure emails when using Outlook, you must first understand what an email is. Technically, an email is a digital file sent over the internet through servers. It begins at the sender’s email client and ends at the recipient’s mail server. The recipient then uses an email client, like Outlook, to access the message. Once received, the email is stored on the recipient’s server or downloaded to a device if it is a mobile or tablet. The recipient sees the email in their inbox. Similarly, the sender’s server stores the email, and the sender views it in their outbox. After the email is sent, the same email is distributed across both the sender’s and recipient’s mail servers.

When talking about email security, you must distinguish between two phases of an email’s lifetime. The reason for paying attention to these two phases is that an email must be protected in one way when the email is in the first phase, while it must be protected in another way while being in the second phase. The first phase is while an email is sent or received. This phase is called “in transit”. The second phase is when the mail is sent or received and stored on a mail server. This phase is called “in rest”.

A secure email means that the email you send or receive (in transit) and store (in rest) is protected against unauthorised access. This means that only the intended recipient can read the content of the email and that data or content cannot be changed along the way. When the email is received or sent, a secure email also means that the email is stored in a way so that it is protected against unauthorised access. This applies to both the recipient and the sender.

For an email to be secure, the email must be encrypted while being in transit and in rest.

When an email is in transit, encryption must be implemented by both the sender and the recipient. This is done using end-to-end encryption (E2EE) to ensure that only the sender and recipient have access to the content of the email. The most common technology for protecting mail in transit is TLS, which stands for Transport Layer Security, and S/MIME, which stands for Secure/Multipurpose Internet Mail Extensions. When the email has landed in the recipient’s inbox (as well as in the sender’s sent mail) and it is stored in the rest on a mail server, E2EE ensures that the content of the email remains encrypted.

Getting a secure email when using Outlook can be a challenge. There are four reasons for this:

1. Adequate security is expensive: The standard edition of Outlook, Microsoft 365 Business Standard, encrypts emails in transit with TLS and S/MIME, but not with E2EE. This type of encryption requires an Office 365 E3 license. However, the E3 license is a costly affair, making it irrelevant for small or medium-sized businesses. In addition, it must be said that extended licenses from Microsoft requires expertise to implement. This means that the standard edition of Outlook do not encrypt emails in rest, when its stored on the mail server.

2. Dependent on the employees: Regardless of security measures in Outlook, Outlook does not protect against bad email practices, such as when an employee clicks on a link in a phishing email, uses weak passwords, fails to update software, etc.

3. Dependent on the mail server: Outlook stores emails – in the form of data – on mail servers. For content of the mail is not breached therefore depends on the mail server being protected.

4. Dependent on others: Even if you use Outlook, you are dependent on the user from whom you receive an email or send an email to also have a secure email.

Outlook supports secure handling of emails. But to have a secure email, you must have at least an E3 license for Outlook, and then you are still dependent on your employees, your mail server and your contact person. It is thus not simple to have a secure email when using Outlook – or other email clients for that matter.

At Safe Online, we have developed ShareSimple for Outlook. ShareSimple is an upload portal that completely removes the content from emails – including sensitive material. ShareSimple uses TLS 1.2 encryption during transmission and RSA encryption when the email is subsequently stored. In this way, you don’t have to worry about data security when it comes to your employees, your mail server or those you mail with.