Why cybersecurity is everyone’s job: Up close with Walmart CISO, Jerry Geisler III

October is Cybersecurity Awareness Month and while Walmart prioritizes cybersecurity around the year, this month serves as the perfect opportunity to discuss the ever-changing security landscape and what consumers should know to secure themselves. We sat down with our EVP and CISO, Jerry R. Geisler III, to learn more.

Q: Jerry, October is National Cybersecurity Awareness Month. Could you explain and expand on the importance of​ this month​ and what impact it has on raising awareness about online safety?

Jerry Geisler: I’m very proud of Walmart’s cyber-aware culture, one that’s always on and is fostered through a shared responsibility model. Teams across the organization, from front-of-house store operations to marketing, merchandising and more are trained on cybersecurity best practices. 

I believe strongly that Cybersecurity Awareness Month should be every month, but having one month per year serves as a great opportunity to educate folks on its importance without contributing to “cybersecurity fatigue.” At Walmart, we have both internal and external Cybersecurity Awareness Month initiatives, from weekly “focuses” for our associates, to blog posts and social media pushes for our customers and broader communities. 

Q: How has cybersecurity changed in the past five years? How about the past year?

Jerry: Every year, threat actors get more and more sophisticated and the cybercrime barrier for entry gets lower and lower. In the last five years, we’ve seen the proliferation of cybercrime kits where virtually anyone interested in cybercrime can find tools and solutions to try their hand at it. Fortunately, the teams responsible for combatting cybercrime are getting increasingly sophisticated as well. 

In the past year, we’ve also heard a lot about the effect of Generative AI (GenAI) on cybersecurity. While we have yet to see the full potential of GenAI, we’ve all seen the visual art and writing the technology can produce, so it’s not far off to imagine its application for both threat actors and cyber teams. 

Q: What are some of the best practices you would recommend to individuals (associates and customers) to help them stay safe in the digital world?

Jerry: Phishing/vishing/smishing

Remain skeptical. Don’t click every link that comes through. Quick things to check when you receive an email, text or call that you aren’t expecting is to check who it’s addressed to, pay attention to grammar and sentence structure, scrutinize images and logos and when in doubt, reach out to organizations directly to confirm authenticity. 

Passwords and authentication

It sounds simple, but it can’t be overstated how important password complexity and uniqueness is. Avoid words or phrases, especially those that relate to you, the user. Hackers are becoming increasingly sophisticated and are either able to guess simple passwords or run programs to try different passwords more quickly than humans can. When the option is there, enable two-factor and/or multi-factor authentication for an additional layer of security. 

See something, say something

When in doubt, even if just a little, reach out to your Information Security (InfoSec) or cybersecurity teams. These teams would much rather you check when you’re in doubt, than not reach out because of fear of burdening them. If you see something you’re skeptical about when not working, reach out to an organization directly to confirm the validity of a communication. 

Q: Can you elaborate on some common cybersecurity mistakes people make and how they can avoid them?

Jerry: Ignoring software updates

We’ve all gotten a software update notification at inopportune times. A software update that patches any vulnerabilities is more than worth the five-minute delay in whatever someone is doing. When possible, enable automatic software updates and if not an option, set regular reminders to check for and install updates or patches.

Simple passwords or reusing passwords

Simple passwords that are used across multiple platforms and channels are far too common. Always create complex passwords with a mix of uppercase and lowercase letters, numbers and special characters. If needed, use a password manager to generate and store strong passwords that vary by platform. 

Using public Wi-Fi without proper protection

When using unsecured and/or public Wi-Fi networks, don’t access sensitive information. For information you do access, use a Virtual Private Network (VPN) to encrypt your internet connection. 

Falling for phishing attacks

Don’t click on links or download attachments from unknown or suspicious emails. Verify the sender’s email address and “hover” over links to see the actual URL before clicking them. Many devices have URL verification capabilities that can be found in your user manual. 

Q: What are some resources or tools you'd suggest for someone wanting to learn more about personal cybersecurity?

Jerry: There’s a near-endless amount of resources and tools out there, but some of the ones that come to mind are:

Q: Jerry, can you explain why it is not safe to reuse the same password across multiple accounts?

Jerry: Think about a password as if it were a physical key. You wouldn’t want to use the same key for your front door, back door, car, storage, office and garage. If you did and you lost that key, securing everything that can be accessed with that key would be a tall order. Or, for example, if someone borrowed that key (think password sharing), they wouldn’t just have access to the garage like you intended but could go right in the front door. In a worst-case scenario, that key could be used to open all the doors, change all the locks and keep you from accessing what’s yours.

Ensuring cybersecurity for all

Cybersecurity is everyone’s job and we hope this conversation was an insightful reminder to what you can do to support you and your organization’s own security posture.