Learning to be a Strategic Skeptic: Promoting Critical Thinking, Digital Literacy

Research from the National Skills coalition (NSC) suggests that 92% of today’s jobs require digital skills. It’s frankly hard to believe that figure isn’t at 100 percent. Businesses of all kinds are significantly impacted by applications that manage all sorts of transactions internally and externally. The capture, storage, and use of data is prolific across all industries—and subject to increased risk of unauthorized access and cybersecurity breaches.

Unfortunately, despite the unarguable need for critical thinking and digital literacy among today’s employees, research suggests that one-third of Americans lack basic digital skills. That statistic grows when considering more advanced skills that are required to protect company data and systems. When we say digital literacy, we mean skills for:

  • Data analytics and interpretation
  • Cybersecurity awareness
  • Digital communications
  • Technology management

Developing these talents has always been a challenge, particularly in an environment where misinformation and AI-generated content are proliferating. The ability to discern truth from mistruth (and misdirection) is more critical than ever, especially for business.

The Digital Disinformation Pandemic

Organizations today operate in an environment of digital disinformation that is blurring the line between fact and fiction. The rise of generative AI and sophisticated manipulation techniques applied by cybercriminals represent significant threats to brand reputation and revenues. As ongoing media reports attest, even the biggest and arguably most technology-savvy companies are not immune to these risks.

Strategic Skepticism: A New Core Competency

Strategic skepticism is the new core competency all organizations should be working to instill among employees. This isn’t just about fact-checking. It’s about developing a mindset that questions information received from all sources, that considers context, and that is alert to signs of mis- or disinformation.

Here are strategies to develop and implement critical thinking and digital literacy:

Integrate critical thinking into training programs:

Most organizations have data security and digital information training programs in place as part of their security initiatives. Hopefully, those efforts are ongoing and part of an overarching process to develop and sustain a healthy security culture. These programs should be evaluated to ensure that they include a focus on critical thinking skills, including:

  • Recognizing cognitive biases and understanding how they affect decision-making.
  • Understanding how misinformation is spread—what to look for and look out for.
  • Identifying emotional manipulation.

Create a culture of questioning:

“Believe nothing, question everything” may seem Machiavellian but, unfortunately, in this business environment, it’s a good foundational element of a skepticism strategy. Employees must even be skeptical of what may appear as internal communications.

In Hong Kong, for instance, a finance clerk was tricked into doling out $25 million after participating in a video call where the company CFO seemingly issued this directive. Unfortunately, the effort was a deepfake.

Making employees aware of these types of incidents can be a good way to illustrate the reality of these risks and to generate conversations in support of strategic skepticism. Some additional ways to encourage this type of skepticism include:

  • Rewarding and supporting thoughtful skepticism during meetings and discussions.
  • Instituting a formal “devil’s advocate” role in strategic discussions.
  • Sharing and celebrating examples of how strategic skepticism has paid off.

Develop protocols for verifying information:

Don’t leave the verification and vetting of critical information to chance. Create clear guidelines to help verify information before it’s used in business decisions or external communications. This might include:

  • Checklists for evaluating the credibility of sources.
  • Procedures for cross-referencing information through multiple sources.
  • Guidelines for using generative AI and AI-powered fact-checking tools.
The SIFT method (Stop, Investigate, Find better coverage, Trace claims to the original source) can also serve as a good framework for helping employees quickly evaluate the relevance and credibility of information. Incorporating this model into your organization’s information handling processes can be a great way to minimize the potential for risk.

Invest in AI literacy:

That old adage, “If you can’t beat them, join them,” could certainly apply to the proliferation of AI tools that represent both risk and potential. AI tools are not going away; in fact, many hold positive potential. Teaching employees how to use these tools appropriately and responsibly can be a great aid in building strategic skepticism among users. Develop guidelines and train employees on how to deploy these tools appropriately and share examples of how the use of these tools has aided in identifying and warding off risks.

Instill some fun:

Traditional methods of teaching IT and digital literacy are often fraught with jargon and approaches that have failed to engage participants. Cybersecurity education doesn’t have to be dry, boring, and off-putting. Consider ways to better engage employees by incorporating elements of gamification and competition into training events. For instance:

  • “Digital literacy challenges” that encourage employees and groups to compete against each other for prizes—or simply bragging rights.
  • “Spot the fake” contests using actual and AI-generated content to see if employees can discern differences.
  • Simulations of real-world misinformation examples.
  • Phishing challenges with debriefings to share successes and examples of how employees (and executives) may have been tripped up.

Learning from both successes and failures can be a great way to build an environment that supports trust and transparency. There are a variety of ways that you can support and develop strategic skepticism skills among employees in innovative and engaging ways. Making these efforts a part of your ongoing commitment to sustaining a strong security culture can help turn potential threats into a competitive advantage.

This article originally appeared in the September / October 2024 issue of Security Today.

Featured

  • Report: 47 Percent of Security Service Providers Are Not Yet Using AI or Automation Tools

    Trackforce, a provider of security workforce management platforms, today announced the launch of its 2025 Physical Security Operations Benchmark Report, an industry-first study that benchmarks both private security service providers and corporate security teams side by side. Based on a survey of over 300 security professionals across the globe, the report provides a comprehensive look at the state of physical security operations. Read Now

    • Guard Services
  • Identity Governance at the Crossroads of Complexity and Scale

    Modern enterprises are grappling with an increasing number of identities, both human and machine, across an ever-growing number of systems. They must also deal with increased operational demands, including faster onboarding, more scalable models, and tighter security enforcement. Navigating these ever-growing challenges with speed and accuracy requires a new approach to identity governance that is built for the future enterprise. Read Now

  • Eagle Eye Networks Launches AI Camera Gun Detection

    Eagle Eye Networks, a provider of cloud video surveillance, recently introduced Eagle Eye Gun Detection, a new layer of protection for schools and businesses that works with existing security cameras and infrastructure. Eagle Eye Networks is the first to build gun detection into its platform. Read Now

  • Report: AI is Supercharging Old-School Cybercriminal Tactics

    AI isn’t just transforming how we work. It’s reshaping how cybercriminals attack, with threat actors exploiting AI to mass produce malicious code loaders, steal browser credentials and accelerate cloud attacks, according to a new report from Elastic. Read Now

  • Pragmatism, Productivity, and the Push for Accountability in 2025-2026

    Every year, the security industry debates whether artificial intelligence is a disruption, an enabler, or a distraction. By 2025, that conversation matured, where AI became a working dimension in physical identity and access management (PIAM) programs. Observations from 2025 highlight this turning point in AI’s role in access control and define how security leaders are being distinguished based on how they apply it. Read Now

New Products

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.