Learning to be a Strategic Skeptic: Promoting Critical Thinking, Digital Literacy
Research from the National Skills coalition (NSC) suggests that 92% of today’s jobs require digital skills. It’s frankly hard to believe that figure isn’t at 100 percent. Businesses of all kinds are significantly impacted by applications that manage all sorts of transactions internally and externally. The capture, storage, and use of data is prolific across all industries—and subject to increased risk of unauthorized access and cybersecurity breaches.
Unfortunately, despite the unarguable need for critical thinking and digital literacy among today’s employees, research suggests that one-third of Americans lack basic digital skills. That statistic grows when considering more advanced skills that are required to protect company data and systems. When we say digital literacy, we mean skills for:
- Data analytics and interpretation
- Cybersecurity awareness
- Digital communications
- Technology management
Developing these talents has always been a challenge, particularly in an environment where misinformation and AI-generated content are proliferating. The ability to discern truth from mistruth (and misdirection) is more critical than ever, especially for business.
The Digital Disinformation Pandemic
Organizations today operate in an environment of digital disinformation that is blurring the line between fact and fiction. The rise of generative AI and sophisticated manipulation techniques applied by cybercriminals represent significant threats to brand reputation and revenues. As ongoing media reports attest, even the biggest and arguably most technology-savvy companies are not immune to these risks.
Strategic Skepticism: A New Core Competency
Strategic skepticism is the new core competency all organizations should be working to instill among employees. This isn’t just about fact-checking. It’s about developing a mindset that questions information received from all sources, that considers context, and that is alert to signs of mis- or disinformation.
Here are strategies to develop and implement critical thinking and digital literacy:
Integrate critical thinking into training programs:
Most organizations have data security and digital information training programs in place as part of their security initiatives. Hopefully, those efforts are ongoing and part of an overarching process to develop and sustain a healthy security culture. These programs should be evaluated to ensure that they include a focus on critical thinking skills, including:
- Recognizing cognitive biases and understanding how they affect decision-making.
- Understanding how misinformation is spread—what to look for and look out for.
- Identifying emotional manipulation.
Create a culture of questioning:
“Believe nothing, question everything” may seem Machiavellian but, unfortunately, in this business environment, it’s a good foundational element of a skepticism strategy. Employees must even be skeptical of what may appear as internal communications.
In Hong Kong, for instance, a finance clerk was tricked into doling out $25 million after participating in a video call where the company CFO seemingly issued this directive. Unfortunately, the effort was a deepfake.
Making employees aware of these types of incidents can be a good way to illustrate the reality of these risks and to generate conversations in support of strategic skepticism. Some additional ways to encourage this type of skepticism include:
- Rewarding and supporting thoughtful skepticism during meetings and discussions.
- Instituting a formal “devil’s advocate” role in strategic discussions.
- Sharing and celebrating examples of how strategic skepticism has paid off.
Develop protocols for verifying information:
Don’t leave the verification and vetting of critical information to chance. Create clear guidelines to help verify information before it’s used in business decisions or external communications. This might include:
- Checklists for evaluating the credibility of sources.
- Procedures for cross-referencing information through multiple sources.
- Guidelines for using generative AI and AI-powered fact-checking tools.
The SIFT method (Stop, Investigate, Find better coverage, Trace claims to the original source) can also serve as a good framework for helping employees quickly evaluate the relevance and credibility of information. Incorporating this model into your organization’s information handling processes can be a great way to minimize the potential for risk.
Invest in AI literacy:
That old adage, “If you can’t beat them, join them,” could certainly apply to the proliferation of AI tools that represent both risk and potential. AI tools are not going away; in fact, many hold positive potential. Teaching employees how to use these tools appropriately and responsibly can be a great aid in building strategic skepticism among users. Develop guidelines and train employees on how to deploy these tools appropriately and share examples of how the use of these tools has aided in identifying and warding off risks.
Instill some fun:
Traditional methods of teaching IT and digital literacy are often fraught with jargon and approaches that have failed to engage participants. Cybersecurity education doesn’t have to be dry, boring, and off-putting. Consider ways to better engage employees by incorporating elements of gamification and competition into training events. For instance:
- “Digital literacy challenges” that encourage employees and groups to compete against each other for prizes—or simply bragging rights.
- “Spot the fake” contests using actual and AI-generated content to see if employees can discern differences.
- Simulations of real-world misinformation examples.
- Phishing challenges with debriefings to share successes and examples of how employees (and executives) may have been tripped up.
Learning from both successes and failures can be a great way to build an environment that supports trust and transparency. There are a variety of ways that you can support and develop strategic skepticism skills among employees in innovative and engaging ways. Making these efforts a part of your ongoing commitment to sustaining a strong security culture can help turn potential threats into a competitive advantage.
This article originally appeared in the September / October 2024 issue of Security Today.