Combined_NEO & Training

Holidays

• Eleven paid holidays each year

– Seven remain consistent
– Three floaters are designated by m

• Annual holiday calendar can be fo
homepage

Murphy USA Inc. 2

management each year

ound on the Murphy USA intranet

28

Cyber Secur

Informatio

New Employe

Murphy USA, Inc. 1

rity and You

on Security

ee Orientation

1

Why is Cyber Security Importa

• Murphy USA is a big TARGET

– Stores either on Walmart property
– Credit and debit transactions in 20

• 284 million transactions
• $7.1 billion
• That’s 778,000 and $20 million ea

• We have DEPOT of other valuable

– Customer data – PII, accounts, em
– Employee data – PII, HR data, pay
– Business data – Business process

• We must protect credit card inform

Murphy USA, Inc. 2

ant?

or close by
015

ach day!

e information

mails
yroll, emails
ses, strategies, pricing

mation for PCI compliance

2

What is PCI?

• Payment Card Industry Data Secu
requirements designed to ensure t
store, or transmit credit card inform
environment.

• Compliance requirements based o

Murphy USA, Inc. 3

urity Standard (PCI DSS) is a set of
that all companies that process,
mation maintain a secure
on transaction volume

Murphy USA reaches
Level 1 in one week

3

Who are the Adversaries?

Category Description

External Threats from sources outside the
organization and its partners.
This includes criminal groups,
lone hackers, former employees,
and government entities as well
as “Mother Nature” and chance.

Internal Threats that arise from within
the organization. This includes
full-time employees, contractors,
interns, and other staff.

Partner Any third-party that has a

Murphy USA, Inc. business relationship with the

organization. These business

partners usually have some level

of trust or privilege. 4

Actor

• Acquaintance • Former employee
• Activist • Nation state
• Auditor • Organized crime
• Competitor • State affiliated
• Customer • Terrorist
• Force majeure • Other

• Auditor • HR
• Cashier • Pump tech
• Developer • Security guard
• End user • Store manager
• Executive • Support Center
• Finance • System admin
• Help desk • Other

• Supplier
• Vendor
• Hosting provider
• Outsourced IT
4 • Other

Why Do Adversaries Care Abo

• People are the weakest link in the
• Adversaries can learn all about yo

– What does Facebook, LinkedIn, et

• Social engineering is the art of ma
confidential information

– Includes phone calls, emails, face-

• Cost of data breach increases eve

– Increased by 15 percent to $3.5 M

1 Poneman Institute, “Cost of a Data Breach Study:

Murphy USA, Inc. 5

out Me?

security chain
ou on the Internet

tc. say about YOU?

anipulating people to give up

-to-face interaction

ery year

MM in 20151

Global Analysis”

5

What is Phishing?

• Phishing is the attempt to
acquire sensitive information by
masquerading as a trustworthy
entity in an electronic
communication

• If you get a suspicious email,

– DO NOT open the email
attachment

– DO NOT click on any links

• Look out for our monthly test
phishing emails

Murphy USA, Inc. 6

Tips for Spotting a Phishing Email
1. The message contains a

mismatched URL.
2. URLs contain a misleading domain

name.
3. The message contains poor

spelling and grammar.
4. The message asks for personal

information.
5. The offer seems too good to be

true.
6. You didn’t initiate the action.
7. You are asked to send money to

cover expenses.
8. The message makes unrealistic

threats.
9. The message appears to be from a

government agency.
10. Something just doesn’t look

right.

6

Why Passwords?

• Passwords are the key to most tec
• Longer passwords make stronger
• All devices should require passwo
• Password rules

– Must be minimum of 8 characters a

• Upper case
• Lower case
• Number
• Symbol

– Change every 90 days

• Do not write it down
• Do not share it

Murphy USA, Inc. 7

chnologies – keep them safe
passwords
ord or passcode to use

and have 3 of the 4 complexity rules

7

What Can I Do to Stay Safe at

• Lock computer when you step awa
• Keep sensitive or confidential infor
• Erase sensitive or confidential info
• Only install authorized software
• Do not disable any security softwa

Murphy USA, Inc. 8

Work?

ay from your computer
rmation secure at your desk
ormation from whiteboards
are

8

What About When I Work in Pu

• Be aware of your surroundings
• Choose Ethernet cable over perso
• Use VPN when using company eq
• Keep your devices secure – it only
• Lock up devices in the car or keep
• Keep data on the network drives

Murphy USA, Inc. 9

ublic Places?

onal hot spot over public wifi
quipment
y takes seconds to steal
p them with you

9

What Can I Do?

Murphy USA, Inc. 1

10

Do You Need More Information

• Contact the Information Security te
ask any question

• How to reach us:

– [email protected]

Murphy USA, Inc. 1

n?

eam to report suspicious activity or

11

HUMAN RE
POLICIES & P

Murphy USA Inc. 1

ESOURCES
PROCEDURES

1

Code of Business Conduct

A company is more than w
peo

The Code addresses comp

Compliance means following laws,

Ethical behavior means performin
conducting yourself prope

Murphy USA Inc. 2

words on a charter – it is
ople.

pliance and ethical conduct.
regulations and Company Policies.
ng your job in a responsible way,
erly and doing what is right.

2