Skip to main content

Secure email in Outlook

Microsoft Outlook is one of the most popular email clients worldwide. But is it a good choice for having a safe mail? This blog explores whether using Outlook can provide a secure email. In doing so, I’ll examine what constitutes an email and the considerations needed to establish secure email.

What is an Email?

To understand how to get a secure emails when using Outlook, you must first understand what an email is. Technically, an email is a digital file sent over the internet through servers. It begins at the sender’s email client and ends at the recipient’s mail server. The recipient then uses an email client, like Outlook, to access the message. Once received, the email is stored on the recipient’s server or downloaded to a device if it is a mobile or tablet. The recipient sees the email in their inbox. Similarly, the sender’s server stores the email, and the sender views it in their outbox. After the email is sent, the same email is distributed across both the sender’s and recipient’s mail servers.

Get our Newsletter!

In our newsletter you get tips and tricks for dealing with privacy management from our founder Sebastian Allerelli.

When you sign up for our newsletter you get a license for one user to ShareSimple, which will give you a secure email in Outlook. This special offer is for new customers only, with a limit of one freebie per company.

What does it take for an email to be secure?

When talking about email security, you must distinguish between two phases of an email’s lifetime. The reason for paying attention to these two phases is that an email must be protected in one way when the email is in the first phase, while it must be protected in another way while being in the second phase. The first phase is while an email is sent or received. This phase is called “in transit”. The second phase is when the mail is sent or received and stored on a mail server. This phase is called “in rest”.

A secure email means that the email you send or receive (in transit) and store (in rest) is protected against unauthorised access. This means that only the intended recipient can read the content of the email and that data or content cannot be changed along the way. When the email is received or sent, a secure email also means that the email is stored in a way so that it is protected against unauthorised access. This applies to both the recipient and the sender.

How to get a secure email

For an email to be secure, the email must be encrypted while being in transit and in rest.

When an email is in transit, encryption must be implemented by both the sender and the recipient. This is done using end-to-end encryption (E2EE) to ensure that only the sender and recipient have access to the content of the email. The most common technology for protecting mail in transit is TLS, which stands for Transport Layer Security, and S/MIME, which stands for Secure/Multipurpose Internet Mail Extensions.

When the email has landed in the recipient’s inbox (as well as in the sender’s sent mail), and it is stored in the rest on a mail server, you must also ensure that the data is encrypted. Since data must be stored, you have to use a different type of encryption than during transit, namely disk encryption and database encryption. This applies to both sender and receiver.

Start your GDPR cleanup where it is needed the most

Sensitive data can tends to accumulate in the employees' e-mails. With a GDPR Risk Scan from DataMapper, you get a report that shows any potential GDPR risks in the company's e-mails.

Secure mail in Outlook

Getting a secure email when using Outlook can be a challenge. There are four reasons for this:

1. Adequate security is expensive: The standard edition of Outlook, Microsoft 365 Business Standard, encrypts emails in transit with TLS and S/MIME. But when emails are to be stored at rest, they must be encrypted via disk encryption and database encryption. However, these technologies require an Office 365 E3 license. However, the E3 license is a costly affair, making it irrelevant for small or medium-sized businesses. In addition, it must be said that extended licenses from Microsoft requires expertise to implement.

2. Dependent on the employees: Regardless of security measures in Outlook, Outlook does not protect against bad email practices, such as when an employee clicks on a link in a phishing email, uses weak passwords, fails to update software, etc.

3. Dependent on the mail server: Outlook stores emails – in the form of data – on mail servers. For content of the mail is not breached therefore depends on the mail server being protected.

4. Dependent on others: Even if you use Outlook, you are dependent on the user from whom you receive an email or send an email to also have a secure email.

The easy way to secure mail in Outlook

Outlook supports secure handling of emails. But to have a secure email, you must have at least an E3 license for Outlook, and then you are still dependent on your employees, your mail server and your contact person. It is thus not simple to have a secure email when using Outlook – or other email clients for that matter.

At Safe Online, we have developed ShareSimple for Outlook. ShareSimple is an upload portal that completely removes the content from emails – including sensitive material. ShareSimple uses TLS 1.2 encryption during transmission and RSA encryption when the email is subsequently stored. In this way, you don’t have to worry about data security when it comes to your employees, your mail server or those you mail with.

Sebastian Allerelli

Founder & COO at Safe Online
Governance, Risk & Compliance Specialist
Follow me on LinkedIn to get tips on GDPR →


How to handle sensitive personal data


How to find personal data with datamapping tool


How to prepare for a data audit