Holidays
• Eleven paid holidays each year
– Seven remain consistent
– Three floaters are designated by m
• Annual holiday calendar can be fo
homepage
Murphy USA Inc. 2
management each year
ound on the Murphy USA intranet
28
Cyber Secur
Informatio
New Employe
Murphy USA, Inc. 1
rity and You
on Security
ee Orientation
1
Why is Cyber Security Importa
• Murphy USA is a big TARGET
– Stores either on Walmart property
– Credit and debit transactions in 20
• 284 million transactions
• $7.1 billion
• That’s 778,000 and $20 million ea
• We have DEPOT of other valuable
– Customer data – PII, accounts, em
– Employee data – PII, HR data, pay
– Business data – Business process
• We must protect credit card inform
Murphy USA, Inc. 2
ant?
or close by
015
ach day!
e information
mails
yroll, emails
ses, strategies, pricing
mation for PCI compliance
2
What is PCI?
• Payment Card Industry Data Secu
requirements designed to ensure t
store, or transmit credit card inform
environment.
• Compliance requirements based o
Murphy USA, Inc. 3
urity Standard (PCI DSS) is a set of
that all companies that process,
mation maintain a secure
on transaction volume
Murphy USA reaches
Level 1 in one week
3
Who are the Adversaries?
Category Description
External Threats from sources outside the
organization and its partners.
This includes criminal groups,
lone hackers, former employees,
and government entities as well
as “Mother Nature” and chance.
Internal Threats that arise from within
the organization. This includes
full-time employees, contractors,
interns, and other staff.
Partner Any third-party that has a
Murphy USA, Inc. business relationship with the
organization. These business
partners usually have some level
of trust or privilege. 4
Actor
• Acquaintance • Former employee
• Activist • Nation state
• Auditor • Organized crime
• Competitor • State affiliated
• Customer • Terrorist
• Force majeure • Other
• Auditor • HR
• Cashier • Pump tech
• Developer • Security guard
• End user • Store manager
• Executive • Support Center
• Finance • System admin
• Help desk • Other
• Supplier
• Vendor
• Hosting provider
• Outsourced IT
4 • Other
Why Do Adversaries Care Abo
• People are the weakest link in the
• Adversaries can learn all about yo
– What does Facebook, LinkedIn, et
• Social engineering is the art of ma
confidential information
– Includes phone calls, emails, face-
• Cost of data breach increases eve
– Increased by 15 percent to $3.5 M
1 Poneman Institute, “Cost of a Data Breach Study:
Murphy USA, Inc. 5
out Me?
security chain
ou on the Internet
tc. say about YOU?
anipulating people to give up
-to-face interaction
ery year
MM in 20151
Global Analysis”
5
What is Phishing?
• Phishing is the attempt to
acquire sensitive information by
masquerading as a trustworthy
entity in an electronic
communication
• If you get a suspicious email,
– DO NOT open the email
attachment
– DO NOT click on any links
• Look out for our monthly test
phishing emails
Murphy USA, Inc. 6
Tips for Spotting a Phishing Email
1. The message contains a
mismatched URL.
2. URLs contain a misleading domain
name.
3. The message contains poor
spelling and grammar.
4. The message asks for personal
information.
5. The offer seems too good to be
true.
6. You didn’t initiate the action.
7. You are asked to send money to
cover expenses.
8. The message makes unrealistic
threats.
9. The message appears to be from a
government agency.
10. Something just doesn’t look
right.
6
Why Passwords?
• Passwords are the key to most tec
• Longer passwords make stronger
• All devices should require passwo
• Password rules
– Must be minimum of 8 characters a
• Upper case
• Lower case
• Number
• Symbol
– Change every 90 days
• Do not write it down
• Do not share it
Murphy USA, Inc. 7
chnologies – keep them safe
passwords
ord or passcode to use
and have 3 of the 4 complexity rules
7
What Can I Do to Stay Safe at
• Lock computer when you step awa
• Keep sensitive or confidential infor
• Erase sensitive or confidential info
• Only install authorized software
• Do not disable any security softwa
Murphy USA, Inc. 8
Work?
ay from your computer
rmation secure at your desk
ormation from whiteboards
are
8
What About When I Work in Pu
• Be aware of your surroundings
• Choose Ethernet cable over perso
• Use VPN when using company eq
• Keep your devices secure – it only
• Lock up devices in the car or keep
• Keep data on the network drives
Murphy USA, Inc. 9
ublic Places?
onal hot spot over public wifi
quipment
y takes seconds to steal
p them with you
9
What Can I Do?
Murphy USA, Inc. 1
10
Do You Need More Information
• Contact the Information Security te
ask any question
• How to reach us:
– [email protected]
Murphy USA, Inc. 1
n?
eam to report suspicious activity or
11
HUMAN RE
POLICIES & P
Murphy USA Inc. 1
ESOURCES
PROCEDURES
1
Code of Business Conduct
A company is more than w
peo
The Code addresses comp
Compliance means following laws,
Ethical behavior means performin
conducting yourself prope
Murphy USA Inc. 2
words on a charter – it is
ople.
pliance and ethical conduct.
regulations and Company Policies.
ng your job in a responsible way,
erly and doing what is right.
2