Sensitive data leaks are too common in the headlines these days, and there is no need to waste space explaining why it is essential to secure your sensitive information. Secure encryption is one such method to ensure your email messages are encrypted to be read-only by the intended recipients. Sending an encrypted email message is the need of the hour for business or professional practice and Outlook encryption is the best possible solution available in the market.
This blog will discuss how to send a secure email or encrypted email in Outlook. Before discussing that, let’s first talk about Microsoft Outlook.
What is Microsoft Outlook?
Developed by Microsoft Corporation, Microsoft Outlook is an application for sending and receiving emails. Apart from sending an encrypted response, Outlook can also be used for scheduling appointments, managing tasks, contacts, notes and much more. Microsoft Outlook is a part of Microsoft Office Suite.
Non-commercial use of this application is free like all other email service providers, but for commercial use, you need to buy a commercial subscription to Office 365. Subscription of Office 365 comes with all the other Microsoft Office apps like Microsoft Word, Powerpoint, Excel, Outlook and much more.
As we all know, Microsoft Outlook is one of the most reliable and used email service providers in a broad spectrum of industries for sending and receiving emails, distributing files, scheduling meetings and much more. It is crucial for an organisation to keep sensitive information and data secure.
Importance Of Encrypted Email
Email having effectively replaced coded handwritten letters, it has become all the more important to encrypt messages digitally so that they reach their destination securely, maintaining the integrity of the message. Mishandling of information or any message can lead to an organisation’s financial and reputational loss because of non-compliance with laws related to data protection like HIPPA and GDPR.
Because of rising cybersecurity concerns, it is essential to do email encryption. One of the industry standards for data protection is email encryption. Email encryption is important whether you want to share confidential information or negotiate a confidential client deal.
3 Ways To Send Encrypted Messages In Outlook
With time, Microsoft Outlook has gained a lot of popularity and usage in all industries because of the robust features that it provides to its users. As its users are increasing and email crime is also rising, Outlook is working on its email security so that its users can send secure messages or secure emails in encrypted form.
Two years ago, in 2019, attackers hacked the web application of Outlook and gained some sensitive information like some emails, email subject lines, shared files and confidential data. But now, Outlook has worked on the security that protects the platform and the emails sent and received, contacts, notes, and all other shared files and data.
Here are the three compatible Outlook email encryption methods that help to send encrypted emails that range from built-in email encryption options to third-party add-ins:-
- Using Certificates to Encrypt Emails
- Office 365 Message Encryption (OME)
- Outlook Email Encryption Add-ons
The encryption methods can be different for different persons. The choice of encryption option or method is mainly based on the factors like pricing, features provided, compatibility and usage.
Now let’s see the above three mentioned encryption methods one by one.
Using certificates to encrypt emails (S/Mime)
A more out-of-date alternative for encrypting an email that isn’t available to customers of free webmail accounts providers like Gmail and Yahoo is S/Mime. Successful encryption of email using the S/Mime Encryption method is only possible when both the sender and receiver have their certificates installed and shared, making it costlier.
The S/Mime encryption method is not a popular choice. It is only available to those who have an Outlook email account. The recipient receives the encrypted email only when that user also has an Outlook account or using that email platform.
For such encryption, both should be compatible with similar S/Mime. This is a certificate-based encryption method, and encryption certificates need to be installed on both sides.
Sadly, this method of sending an encrypted email is not that secure. Attacks like message takeovers can compromise the security of this email encryption method because this method is vulnerable to outside attacks.
In this method, the encryption keys should be exchanged between the sender and the intended recipient to send an encrypted email. If the keys somehow got into other hands, your email exchange online is not secure anymore.
How to configure email encryption with S/Mime
As we have discussed the S/Mime encryption method, let’s now see how to configure the email encryption certificate S/Mime on Outlook.
First, the users need to obtain an email encryption certificate then that certificate needs to be imported into Outlook. The user must then share the certificate with the intended recipient.
For successful configuration of S/Mime, it is a must for the receiver to purchase and install the email encryption certificates into Outlook or any other email platform compatible with S/Mime. The receiver, too, needs to share that certificate with the respective sender.
Email encryption certificates
There are a lot of Certificate Authorities (CA) from which we can purchase email encryption certificates. Microsoft Outlook has some of their preferred certificate authorities like IdenTrust, GlobalSign and Comodo. But Outlook does not force its users to buy the email security certificate from their preferred certificate authorities.
Users can choose any of the Certificate Authorities of their own will to get the email security certificate. Users should also check that they have successfully installed the certificate file that is a secure email certificate or S/Mime Encryption certificate and not the often advertised SSL certificate.
After purchasing the certificate, the user will have two certificates: his own and the other, sent by the intended recipient, and the password. Password is required to encrypt the emails, and he needs to install certificates into Outlook.
Importance of the backup of the certificate and password
In case the user’s device (laptop, desktop computer, phone) gets damaged or stolen, in that case, the Outlook email encryption needs to be installed on his new device. For that, the certificate file and the password will be required. Therefore, keeping the backup of the email encryption certificate and the password is recommended.
If the certificate and password get misplaced, then the user will not be able to access the previously sent and received emails that were encrypted. And if the user purchases a new certificate, the recipients need to update the user’s old certificate with the new one. The update process is perhaps the most challenging of all the configuration steps.
How to import the S/Mime encryption certificate into Outlook?
The following steps will direct users on how to import the certificates in Outlook:-
- Open the Outlook application.
- From “Menu”, select “File” and go to the options tab.
- On the bottom of the “Menu”, present on the left side of the Outlook options tab, select “Trust Centre”.
- Open the “Trust Centre” and click the “Trust Centre Settings” button.
- Now the trust centre window will open. From the menu of trust centre settings, click on “Email Security”.
- Under the Digital IDs section, click on the “Import/Export” button.
- Now Import/Export Digital ID window will open. Check whether the “Import existing Digital ID” is checked; if not, then put a check against it.
- Click on the “Browse” button, navigate the certificate file, and click on “Open”.
- Enter the password you received while downloading that security certificate.
- Click on OK.
Now, the certificate is successfully imported into Outlook.
How to send a digitally signed message using Outlook
A digitally signed message must be sent in order to share the certificate with all those whom the user wants to send an encrypted email. Let’s see how it can be done.
- While composing a new message, a new message window opens. From the menu tab of that window, click on the Options.
- Besides More Options, click on the small icon present there.
- Now new Properties window will open. Click the “Security Settings” button.
- The Security Settings window will open, and then click on “Add Digital Signature to this message”.
- To choose the specific certificate that you want to use to sign the message, click on the “Change Settings” option.
- Click “OK” and then on “Close” to close the properties window.
- Now send the message to the recipient of your choice.
After successfully completing the steps mentioned above, the public key associated with the certificate used to sign the message digitally will be shared with the receiver.
The public key is required to encrypt the messages that the user will send to the others. And the others require the private key in order to decrypt the messages sent by the user. The private keys will only be available to the intended recipients.
How to add certificates to someone’s contact data?
In order to send an encrypted email, the sender must be aware of the public key of the recipient. Once after sending a digitally signed message to the receiver, the certificates need to be added to one’s contact data. One can use the following steps to add certificates to someone’s contact data:-
- Open the message that was digitally signed and sent by the recipient.
- Right-click on the name of the sender, and from there, you can add that sender to the Outlook contacts.
- Instead of creating a new contact, you can also edit/update the contact details if that contact is already present in your Outlook contacts.
- From the top ribbon of the contact card, click Certificates.
- Now a list of certificates will appear. Select the proper certificate from the list for that contact.
After following these steps and successfully adding the certificate to that contact’s data, now you can send the encrypted messages to that sender.
How to send encrypted emails in Outlook using S/Mime
Now let’s see how to send encrypted emails to a contact using the S/Mime encryption method. Follow the steps listed below and you are set:-
- Start a new message composition form.
- From the menu that appears on the new message window, click options.
- Besides more options, click on the small icon present there.
- Now new Properties window will open; click “Security Settings”.
- Select “Encrypt Message Content and Attachments” from the security properties window that appears.
- Click OK and close the previous window.
- Add any attachments if necessary and click on “Send”.
This way, one can send encrypted messages to that contact.
Note:- The subject lines of the messages are not encrypted. Therefore, it is recommended not to send any sensitive information in the subject lines.
Price and features of S/Mime encryption option in Outlook
S/Mime encryption in Outlook becomes easier to use and handy after the configuration and installation of certificates. If large companies or enterprises, or government agencies are your business’s clients, then only send the encrypted emails to them.
Organisations or companies who are free webmail users on Gmail and Yahoo are not supposed to use the S/Mime because this encryption method needs to be purchased before being used. Small organisations also do not possess the required resources and knowledge to configure this encryption method.
In the case of the S/Mime encryption method, encrypted email outside Outlook can not be accessed by the user, and the users can not forward even the encrypted email. G-Suite email accounts that use GGSMO use IMAP because S/Mime is not compatible with them.
There is a great variation in the price of the S/Mime encryption method. The cost of Microsoft’s preferred CA’s certificates ranges from $39 to $369 annually. This amount needs to be paid each year or after a few years for the renewal of the plan purchased by the user.
Using Microsoft Office 365 message encryption (OME)
There is another way users can send an encrypted email, and this method does not require the installation of any certificates. That method is Microsoft Office 365 message encryption method, and only users having Office 365 email accounts can send encrypted emails to others using this encryption method. For using Office 365 message encryption, the Outlook application must be integrated with an active Office 365 subscription.
How to configure Office 365 message encryption
OME is not available with all the Office 365 plans. Some Office 365 plans that offer OME are Microsoft Business, Office 365 A1, A3 or A5, Microsoft Enterprise E3 or E5 or Office 365 Enterprise E3 or E5, or Office 365 Government G3 or G5. OME is not available with Office 365 Business Premium and Business Essentials.
Azure Information Protection Plan 1 can also be added to your Office 365 subscription if you are ready to pay a fair amount for the protection of information.
Users having Office 365 subscription that does not offer OME can upgrade their plans to one that offers OME. Follow these steps:-
- Visit the official website of Office, i.e. https://www.office.com.
- Now sign in to your Microsoft account using Office 365 admin account.
- From the options menu, click “Admin”.
- Now click “Billing” and then click “Subscriptions”.
- To upgrade to the plans that offer OME, click “Switch Plans”.
How to send encrypted messages in Outlook using OME
Compared with S/Mime, it is very easy to send encrypted emails using OME. To send an encrypted email or encrypted message, you need to follow these steps:-
- Start writing a new message.
- Click “Options” present on the top of the menu.
- Click on the “Encrypt” button.
One more feature has been added to this method to prevent forwarding. Forwarding of encrypted email can be avoided by simply clicking the arrow present below the Encrypt button.
- Now, the user will see a notification that ‘the message is encrypted’ now.
- Complete writing your message.
- Click on the “Send” button.
This way, a user can send an encrypted email to the intended recipient using Office 365 message encryption method.
Price and features of OME in Outlook
There are a lot of significant features provided by OME which make OME better than S/Mime. Users can access encrypted email also outside of Outlook. If you have an Office 365 account with Outlook installed, you can maintain secure emails from any device.
Unlike the S/Mime encryption method, backup of the certificates and passwords are not required in OME. The intended recipients don’t need to worry about the certificates and passwords for forwarding the secure messages.
OME price depends on the plan that the user is willing to buy. Additional costs will be added if a user is willing to buy the Azure Information Protection plan. OME is suggested for corporate email needs, particularly when communicating with vendors or other parties that must adhere to strict security standards.
Using Outlook encryption add-ins
Small organisations having considerably fewer employees can use Outlook email encryption add-ins, which will help them send secure emails to others with ease. This method does not require any certificates, sign-in, passwords, or setup configuration. This method is considered the most cost-effective among all the different methods that help users to send an encrypted message in Outlook.
Configuring Outlook add-in
The main thing that you need to do for Outlook email encryption is the installation of add-ins. Let’s see how to configure add-ins in Outlook.
First, visit any website of the add-in. Download the installer. Installation time depends on the browser you are using like Microsoft Edge, Mozilla Firefox or Google Chrome.
After successful installation, open the Outlook application and start writing a new email. At the top of the window, you will find the “Send Secure” button available after installing the email encryption add-in. Outlook may send encrypted emails to any recipient’s email address, independent of the platform, if this is the case.
How to send encrypted messages using Add-ins
In order to send encrypted messages, users need to follow these simple steps:-
- Click on the “New Email” button present.
- Start writing a new message.
- Complete the message and attach all the attachments that you need to share.
- Now instead of clicking the “Send” button, click on the “Secure Send” button present at the top left of the window.
Both the attachments and the entire email content will be encrypted by this Outlook email encryption Add-ins method.
Price and features
The pricing and features vary depending on the provider, as different providers offer different features of add-ins at different pricing. For example, Trustifi gives customers complete control over their email security while personalising services to the needs of each individual and company.
Trustifi’s email encryption solution is unrivalled, with NSA-grade encryption and full incoming and outgoing security. Furthermore, Trustifi allows users to recall effortlessly, block, alter, and set expiration periods for emails that have already been received and delivered. Because Trustifi provides bespoke solutions, plans and pricing may be adapted to any organisation’s specific demands and resources.
This blog post has focused on the three email encryption methods used for sending encrypted emails in Outlook. Large enterprises mostly use the S/Mime and OME encryption methods, and OME has more advantages over the S/Mime method.
Outlook encryption add-ins are a good option for small companies. This method helps companies send secure messages on a tight-string budget, making it the most cost-effective option for small scale industries.
Still, the choice of encryption method depends upon the size of industries and their usages and on what their client or recipient explicitly asks.
Shahrukh, is a passionate cyber security analyst and researcher who loves to write technical blogs on different cyber security topics. He holds a Masters degree in Information Security, an OSCP and has a strong technical skillset in offensive security.