CSR – Various Measures
Information Security Education
Mitsubishi Electric provides the following education programs to foster a corporate culture that enforces the proper handling of confidential corporate information and personal information.
Education for all employees
An e-learning program on information security is offered once a year to all 40,000-some employees, to disseminate thorough knowledge of various issues on information security, including Mitsubishi Electric's policies, the status of information leakage incidents, a review of the previous year's activities, the Act on the Protection of Personal Information and the Unfair Competition Prevention Act in Japan, and security measures (human, physical, technological, and organizational) to be taken by all employees.
Education corresponding to each career stage
Education on confidential corporate information management and personal information protection is provided to new employees, employees in their twenties, thirties and forties, and newly appointed section managers, so that they may fulfill the roles that are expected of them at each career stage.
Other specific education
Employees posted overseas are provided with a preliminary education program which includes the status of Mitsubishi Electric's activities for confidential corporate information management and personal information protection, "Trade secret management guidelines" of the Ministry of Economy, Trade and Industry in Japan, and examples of information leakage incidents that have occurred overseas.
Confidential corporate information and personal information are entrusted to a contractor only after a proper non-disclosure agreement is concluded between Mitsubishi Electric and the contractor. The agreement stipulates all the security matters that we require. Before entrusting the information to the contractor, we confirm that the contractor will maintain the proper level of protection. After submitting the information, we supervise the contractor by regularly examining a status report on the use and management of the information that we have submitted. Moreover, we make a special agreement that provides for the protection of the personal information that we have submitted.
Responses to cyber-attacks
Prompt response is also taken in regard to today's increasing threat of cyber-attacks, by establishing a CSIRT (computer security incident response team) and strengthening surveillance. Based on this premise, Mitsubishi Electric and affiliated companies in Japan also conduct exercises where they practice handling suspicious e-mails, so that all employees can act properly in the event that they receive such an e-mail.
VOICE (In charge of information security)
Mitsubishi Electric Europe's recent initiatives for information security
We are enhancing our employee's Information Security Awareness using e-learning. As a way to visualize the pervading of our education we are sending all employees Dummy Phishing Mails. We receive the number of accesses to the suspicious link and how many people go through the expected procedure after clicking the link. And the result is utilized our future employee education. Additionally though Security Software product was different among Branch Offices and Affiliate Companies, we have determined the standardized product since last year not to cause security level gaps among them.