Secure Email 101

What is secure email?

Thinking through secure email solutions

Woman in IT looking at secure email solution (1)

Secure email, defined

Secure email solutions use email encryption and identity authentication to protect email contents from interception and manipulation and to ensure that messages are delivered to the right people. Secure email services often include additional features such as outbound security triggers, audit trails, and access control.

man and woman looking at computer screen to set up secure email solution (1)-1

What's the risk?

Email was invented a long time ago. It hasn't changed much since, but the world around it has. The internet has become a centre of global business and communication, making email a valuable target for those who may look to exploit it. The need for global compatibility puts limits on the extent to which the underlying technology behind email can be advanced to meet these rising threats. Any emails and attachments sent "in the clear" may be intercepted or manipulated before reaching their recipient. In most cases, this is not a concern but for businesses sending confidential documents it can be costly.

Man staring at computer screen

Who is secure email designed for?

Secure email can be used by anyone who needs to send sensitive information or documents and make sure they reach the right people. Most often, secure email is used by businesses in highly regulated sectors to deliver important information to customers, colleagues, and partners without exposing it to risk.

IT professionals discussing integration-1

Essential reads:

Man making an email mistake

How to Secure Customer Emails

11 easy steps you should follow when looking to protect customer emails from cyber threats.

Man looking at secure email

Sending a Secure Email in Outlook

With 20,000 US organisations facing compromised Outlook accounts in March 2021 alone, how can you make sure your emails are safe?

man typing on laptop using secure email-1

Secure Email User Report 2021

We surveyed our users to gain insights on how they use secure email and the benefits they see from protecting their comms.

What data needs protecting?

Sending sensitive information via open-risk email, whether by negligence or accident, can be harmful. Regulators have the authority to impose heavy fines on businesses that violate their privacy policies, not to mention the impact on your reputation. If an email contains personal information, documents, or data that could harm your business if it was intercepted or tampered with in transit, it should be sent securely. In sectors such as the financial services, regulators also require confirmation of delivery, making identity authentication an important feature of secure email solutions when it comes to compliance.

IFA in meeting with client business about data

Industry focus: financial services

Our latest research on users of secure email indicates the types of document regularly protected with email encryption. The survey, conducted primarily with professionals working in the UK financial services, found:

  • 45% regularly protect anti-money-laundering documents
  • 61% regularly protect proposal and policy documents
  • 42% regularly protect investment valuations
  • 50% regularly protect banking details
What do people protect with Mailock?

Secure email best practices

An estimated 333.2 billion emails are sent every day. There are certain types of information that employees know should not be sent "in the clear" but whether by ignorance, accident, or negligence, cybersecurity best practices can fall by the wayside. How can you make sure the right emails are always encrypted with the appropriate security? Here are some secure email best practices.


Matching setup to needs

Depending on the volume of sensitive emails, there are different ways to initiate encryption. You can encrypt a single email using a button in your email client. This is a flexible option for one-to-one confidential email situations but is reliant on the sender. Rule-based encryption recognises particular triggers for when there are types of information that should be encrypted company-wide. This takes the security responsibility out of the hands of the individual. There are also situations where a business may need to secure documents in bulk, for example bank statements, by routing them through an encryption service.

  • It's important to ensure your email encryption solution covers all most the common scenarios in which sensitive information is sent over email.
Encryption initiation options

Outlook, Gmail, iOS, M365

The most common email clients including Outlook, Gmail, and iOS provide a level of basic encryption on delivery. They all offer optional S/MIME encryption as standard, and a Microsoft 365 E3 licence gives users additional functionality in the form of 365 Message Encryption. The key difference between the S/MIME encryption standard and the encryption available with 365 Message Encryption is compatibility. Whereas the encryption offered as standard by providers requires the recipient's email client to be S/MIME compatible, 365 Message Encryption keeps emails secure when delivered to recipients using any email provider.

  • The encryption provided by email clients can protect most emails on delivery, but they may not be protected when your recipient hits "reply".
Woman showing colleague how to use outlook

What email clients don't cover

It's important to ensure the level of encryption that you use suits your business' and your customers' needs. One key element in this is the level to which you will need to exchange sensitive documents. Are you sending documents to be filled in and returned? The optional encryption offered by most email clients (S/MIME) protects documents in transit on delivery. They will only be encrypted on the way from you to your recipient. On the way back, they'll be open to interception. Equally, if someone can gain access to your recipients' inbox, they will be able to download and access any sensitive attachments.

  • If you need to encrypt sensitive documents in transit on both delivery and return, you will need to install a third-party encryption service.

Adding authentication to the mix

A layer of encryption is important, but it doesn't protect against the #1 cause of data leaks - human error. If you send a sensitive email to the wrong person, encryption won't protect you. Secure email solutions combine identity authentication with email encryption, so even if you send an email to the wrong address, that person can't gain access. Authentication methods can include device checks, challenge questions, or third-party certificates. If sending sensitive data to the wrong person is a concern, choosing an email encryption solution with authentication capabilities is the answer.


  • Are misfired emails a concern to your business? Choose a secure email solution with authentication capabilities to protect against human error.
Professional introducing Mailock to clients

Key statistics

The latest email encryption statistics you need, from the most reliable sources.



Emails sent to the wrong person were the #1 cause of reported data breaches in the UK in Q3 21/22, according to the Information Commissioner's Office (ICO).


A 2017 study conducted by researchers from the University of Michigan and California found that between 4% and 10% of internet traffic is intercepted.


In 2021, an estimated 316 billion emails were sent and received each day according to research provided by Statista.


The average office worker sends 40 emails a day and receives 121 emails a day according to research vetted by The Guardian.


A survey conducted by Egress indicates that 52% of people have unintentionally sent an email containing sensitive information.


CSO Online reports that 46% of businesses who suffer from a data breach see negative repercussions affecting reputation and brand value.
Business Team Looking at tablet and smiling


Secure email for businesses of all shapes and sizes

Mailock secure email combines our award-winning encryption with identity authentication so your emails always reach the right person.