Microsoft Outlook, a widely used tool by over 400 million users globally, offers a level of email encryption to safeguard everyday emails.
But is this encryption sufficient for businesses that need to send sensitive information to their customers?
Let's take a look.
Encryption disguises the contents of your email, transforming messages and attachments into a code that human eyes can't read.
It achieves this through the use of 'keys'—strings of randomly generated numbers used to encode data.
Encryption is particularly relevant to business emails.
The UK Information Commissioner's Office (ICO) advises that all personal information sent by email should be protected using encryption.
"Email encryption is a cornerstone of secure communication, especially for businesses handling sensitive customer information.
Choosing the right encryption method makes sure your data is protected without compromising usability."
— Paul Holland, Founder, Beyond Encryption
Microsoft Outlook offers different levels of email encryption, depending on your preference and budget.
As one of the most basic encryption methods on the market, TLS is offered natively with the basic Outlook package.
It works by encrypting the connection between you and your recipients' email providers, preventing unwanted access to a message on its journey.
Emails using TLS encryption may not remain encrypted once they have reached the recipient’s inbox, leaving them vulnerable to attacks.
TLS for email is also associated with known incompatibility problems with some email clients. That's why alone, it is not enough for sensitive data.
Unlike TLS, which encrypts the transmission, S/MIME encrypts the contents of emails themselves and not just the connection.
It requires that both sender and recipient have a mail application that supports S/MIME, and both must exchange 'digital certificates'.
S/MIME can provide solid protection for sensitive information.
However, it can be inconvenient for communication with recipients who may not have the necessary setup (for example, customers).
Setting up S/MIME certificates on devices may be difficult for people who aren't familiar with digital configuration and settings.
Learn more about encrypting emails with S/MIME.
Available to Enterprise Office 365 users, MPME encrypts messages and attachments throughout their journey, known as end-to-end encryption.
Recipients of encrypted emails must click a link and then verify they have access to their inbox using a code or their Microsoft/Gmail credentials.
This decreases the risk posed by email account takeover attacks and is suitable for protecting highly confidential data.
However, MPME can still be a challenge for recipients.
It lacks a user experience streamlined enough to deliver documents to vulnerable customers or people with low levels of technological literacy.
That's why businesses tend to use purpose-built solutions designed to be easy to access when they send sensitive information to customers.
There may also be a concern from businesses that MPME has no recipient authentication features to make sure messages reach the right people.
Learn more about Microsoft's secure email offering.
Outlook add-ins are useful integrations created by third parties for use within the Outlook application.
Add-ins can introduce additional security features such as email encryption and recipient authentication, in a user-friendly way.
For example, our Outlook email encryption add-in for secure email provides everything you need to exchange sensitive emails safely.
It is designed for professionals or businesses to share information with their customers while protecting it in line with data regulations.
Before deciding whether Outlook's security is right for the information you need to email, it's important to understand data classification.
"Understanding the sensitivity of your data is the first step towards effective email security.
Data classification allows businesses to apply the right protection to the right information, ensuring efficiency and safety."
— Mike Wakefield, CTO, Beyond Encryption
The process involves categorising your organisation's information based on its sensitivity.
Classifying your data helps determine the most appropriate security measures for each type.
For example:
Once you've classified your data, you can choose the appropriate security measures.
Here's a guideline:
Classifying your data helps to make sure your most valuable information receives the strongest protection.
It means you can prioritise your security efforts and avoid applying excessive security measures to less sensitive data.
Email encryption is a great tool for protecting sensitive information, but not all Outlook's encryption methods are created equal.
You should carefully evaluate your requirements and choose the method that's right for you or your customers' data.
"Strong email security is not just a necessity—it's a critical component of building trust through your communications."
— Adam Byford, CCO, Beyond Encryption
Learn more about email encryption.
Email encryption transforms the content of emails into unreadable text to protect sensitive data during transmission.
S/MIME encrypts the email content, while TLS encrypts the transmission path. Both have unique applications and limitations.
Yes, they provide enhanced security and usability, particularly for businesses handling sensitive data and requiring compliance with regulations.
Number of Sent and Received E-Mails per Day Worldwide from 2018 to 2027, Statista, 2024
Encryption in Outlook, Microsoft, 2024
Learn About Encrypted Messages in Outlook.com, Microsoft, 2024
Microsoft 365 Secure Email vs Mailock: A Comparison, Beyond Encryption, 2024
How to Recall (or Revoke) an Email in Outlook, Beyond Encryption, 2024
Email Security: Sending Confidential Data Using Outlook?, Beyond Encryption, 2024
Sabrina McClune, 20.12.24
Sam Kendall, 04.01.25