Office's high profile makes Outlook an interesting target for cyber-attackers. What encryption measures does vendor Microsoft actually take for secure mail traffic? If there is a desire to work security-first, concessions must be made left or right.
By default, Microsoft applies several security options in Office and Outlook 365 to make working with files and mailing relatively secure. Despite these basic protections, Microsoft software has traditionally been attractive prey. The vendor has been promising security improvements for years, so it recently added MFA obligation , for example, and introduced bundled data security solutions with Microsoft Purview. Where Microsoft still drops the ball, however, is outbound mail security and email security outside Office 365 environments.
E-mail encryption (encoding) is a must for organizations that want to work securely. With encryption, messages and attachments are converted to (seemingly) unreadable characters when mail is sent. Only the recipient can then decrypt the contents of the mail with a unique key. This principle secures e-mail from the eyes of unauthorized persons and is also applied in messaging from, for example, WhatsApp, browser traffic via HTTPS and on the contents of hard drives via applications such as BitLocker.
Encryption, however, is not available out-of-the-box for all Outlook products. Microsoft offers three types of encryption to make mail more secure: OME, S/MIME and IRM.
OME(Office 365 Messsage Encryption) is available to users with business E3 and E5 licenses and offers the bare minimum of encryption. Although messages are sent encrypted, if you want to prevent emails from being forwarded, printed or downloaded, the additional (pricey) module Azure Information Protection (AIP) is required.
S/MIME is an older encryption protocol supported by Microsoft, but requires installation of required S/MIME certificates on the recipient's computer. Without the correct key, the recipient cannot do anything with the mail, which can be inconvenient with messaging to external parties.
Finally, there is Information Rights Management (IRM), a Microsoft product that (like AIP) can be taken on top of OME. Although IRM gives administrators full control over encrypted mail, not all mail servers are compatible with the system, which also makes it not always convenient for outgoing mail.
As you read, Microsoft's encryption methods come with some snags. Compared to a solution like FileCap, for example, the option to have recipients use two-factor authentication and to retract messages even after receipt is missing. You also run into a blockade once the files you want to send are larger than 50MB. Sending via FileCap has no restrictions.
FileCap offers organizations appropriate security measures so that e-mail traffic is safe at all times even with contacts outside the organization. Sent mail is protected end-to-end with a high level of encryption, without being dependent on additional software or making demands on the mail server used. FileCap can also protect messages and files with multiple authentication methods in parallel.
Also nice is the functionality that by setting business rules, the content of e-mails can be checked for personal identifiable information (pii), credit card data and financial data, for example. In FileCap, administrators always have complete access to the organization's mail traffic, so control over data is always maintained.
The FileCap add-in makes sending a secure email or sensitive files child's play. Check out how it works below:
Invite someone to send you large files or a message securely with FileCap. Fast and simple!
Choose one of four available authentication methods: password, code via email, code via SMS or a company password. Sending extra sensitive information? Simply use a second verification.
Customize your FileCap portal with a large background, your company logo and, of course, matching colors. The emails that you send with FileCap will also automatically receive your house style. Very familiar for your customers.
By taking advantage of the additional security options, business rules to monitor the content of emails and messages and the ability to retract sent messages, you reduce the likelihood of data breaches.
Those who choose FileCap do not have to make any concessions. Organizations can continue to work with their existing Microsoft 365 environment and mail addresses. FileCap functions as a plug-in within Outlook and is available as a Web application from the browser.Test FileCap without obligation for 30 days