Learning to be a Strategic Skeptic: Promoting Critical Thinking, Digital Literacy

Research from the National Skills coalition (NSC) suggests that 92% of today’s jobs require digital skills. It’s frankly hard to believe that figure isn’t at 100 percent. Businesses of all kinds are significantly impacted by applications that manage all sorts of transactions internally and externally. The capture, storage, and use of data is prolific across all industries—and subject to increased risk of unauthorized access and cybersecurity breaches.

Unfortunately, despite the unarguable need for critical thinking and digital literacy among today’s employees, research suggests that one-third of Americans lack basic digital skills. That statistic grows when considering more advanced skills that are required to protect company data and systems. When we say digital literacy, we mean skills for:

  • Data analytics and interpretation
  • Cybersecurity awareness
  • Digital communications
  • Technology management

Developing these talents has always been a challenge, particularly in an environment where misinformation and AI-generated content are proliferating. The ability to discern truth from mistruth (and misdirection) is more critical than ever, especially for business.

The Digital Disinformation Pandemic

Organizations today operate in an environment of digital disinformation that is blurring the line between fact and fiction. The rise of generative AI and sophisticated manipulation techniques applied by cybercriminals represent significant threats to brand reputation and revenues. As ongoing media reports attest, even the biggest and arguably most technology-savvy companies are not immune to these risks.

Strategic Skepticism: A New Core Competency

Strategic skepticism is the new core competency all organizations should be working to instill among employees. This isn’t just about fact-checking. It’s about developing a mindset that questions information received from all sources, that considers context, and that is alert to signs of mis- or disinformation.

Here are strategies to develop and implement critical thinking and digital literacy:

Integrate critical thinking into training programs:

Most organizations have data security and digital information training programs in place as part of their security initiatives. Hopefully, those efforts are ongoing and part of an overarching process to develop and sustain a healthy security culture. These programs should be evaluated to ensure that they include a focus on critical thinking skills, including:

  • Recognizing cognitive biases and understanding how they affect decision-making.
  • Understanding how misinformation is spread—what to look for and look out for.
  • Identifying emotional manipulation.

Create a culture of questioning:

“Believe nothing, question everything” may seem Machiavellian but, unfortunately, in this business environment, it’s a good foundational element of a skepticism strategy. Employees must even be skeptical of what may appear as internal communications.

In Hong Kong, for instance, a finance clerk was tricked into doling out $25 million after participating in a video call where the company CFO seemingly issued this directive. Unfortunately, the effort was a deepfake.

Making employees aware of these types of incidents can be a good way to illustrate the reality of these risks and to generate conversations in support of strategic skepticism. Some additional ways to encourage this type of skepticism include:

  • Rewarding and supporting thoughtful skepticism during meetings and discussions.
  • Instituting a formal “devil’s advocate” role in strategic discussions.
  • Sharing and celebrating examples of how strategic skepticism has paid off.

Develop protocols for verifying information:

Don’t leave the verification and vetting of critical information to chance. Create clear guidelines to help verify information before it’s used in business decisions or external communications. This might include:

  • Checklists for evaluating the credibility of sources.
  • Procedures for cross-referencing information through multiple sources.
  • Guidelines for using generative AI and AI-powered fact-checking tools.
The SIFT method (Stop, Investigate, Find better coverage, Trace claims to the original source) can also serve as a good framework for helping employees quickly evaluate the relevance and credibility of information. Incorporating this model into your organization’s information handling processes can be a great way to minimize the potential for risk.

Invest in AI literacy:

That old adage, “If you can’t beat them, join them,” could certainly apply to the proliferation of AI tools that represent both risk and potential. AI tools are not going away; in fact, many hold positive potential. Teaching employees how to use these tools appropriately and responsibly can be a great aid in building strategic skepticism among users. Develop guidelines and train employees on how to deploy these tools appropriately and share examples of how the use of these tools has aided in identifying and warding off risks.

Instill some fun:

Traditional methods of teaching IT and digital literacy are often fraught with jargon and approaches that have failed to engage participants. Cybersecurity education doesn’t have to be dry, boring, and off-putting. Consider ways to better engage employees by incorporating elements of gamification and competition into training events. For instance:

  • “Digital literacy challenges” that encourage employees and groups to compete against each other for prizes—or simply bragging rights.
  • “Spot the fake” contests using actual and AI-generated content to see if employees can discern differences.
  • Simulations of real-world misinformation examples.
  • Phishing challenges with debriefings to share successes and examples of how employees (and executives) may have been tripped up.

Learning from both successes and failures can be a great way to build an environment that supports trust and transparency. There are a variety of ways that you can support and develop strategic skepticism skills among employees in innovative and engaging ways. Making these efforts a part of your ongoing commitment to sustaining a strong security culture can help turn potential threats into a competitive advantage.

This article originally appeared in the September / October 2024 issue of Security Today.

Featured

  • Freedom of Choice

    In today's security landscape, we are witnessing a fundamental transformation in how organizations manage digital evidence. Law enforcement agencies, campus security teams, and large facility operators face increasingly complex challenges with expanding video data, tightening budget constraints and inflexible systems that limit innovation. Read Now

  • Accelerating a Pathway

    There is a new trend touting the transformational qualities of AI’s ability to deliver actionable data and predictive analysis that in many instances, seems to be a bit of an overpromise. The reality is that very few solutions in the cyber-physical security (CPS) space live up to this high expectation with the one exception being the new generation of Physical Identity and Access Management (PIAM) software – herein recategorized as PIAM+. Read Now

  • Protecting Your Zones

    It is game day. You can feel the crowd’s energy. In the parking lot. At the gate. In the stadium. On the concourse. Fans are eager to party. Food and merchandise vendors ready themselves for the rush. Read Now

  • Street Smarts

    The ongoing acceptance of AI and advanced data analytics has allowed surveillance camera technology to shift from being a tactical tool to a strategic business solution. Combining traditional surveillance technology with AI-based data-driven insights can streamline transportation systems, enhance traffic management, improve situational awareness, optimize resource allocation and streamline emergency response procedures. Read Now

  • Midtown Manhattan Shooting Kills 4, Including NYPD Officer

    Four people were killed, including a NYPD officer, in a midtown Manhattan shooting on Monday. That’s according to CNN. Read Now

New Products

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.