Build a Culture of Critical Thinking for Learning Breakthroughs – Tip #176

Share this article

Just a few months ago, news broke out about reports of cyber attacks during the 2018 Winter Olympics. Internet and wifi service also went offline during the opening ceremony because of these cyber attacks. How do they do that? Let me count the ways, but the most common scam is through phishing.

Phishing is a form of cyber attack that involves malicious links in emails or fake websites to gain a user’s personal information, which a hacker uses to infiltrate a network, commit financial crimes, or threaten the user. From individuals to organizations, no one is safe from phishing scams.

An Organization’s ‘Weakest Link’

The 2018 Wombat Security State of the Phish report states that 76% of businesses reported being a victim of a phishing attack in 2017. And, in a separate study, Intel found that 97% of people worldwide are unable to identify a sophisticated phishing email.

Aside from ensuring that strict security systems are in place, one major factor in the prevention of phishing in organizations is developing the critical thinking skills of its people. Less experienced employees are more likely to include emotion and instinct in their decision making compared with their more experienced counterparts, according to one publication from the National Bureau of Economic Research.

According to Harold Jarche, “Critical thinking must be practiced. It should be encouraged in the workplace by freely sharing what I call ‘half-baked ideas’.” In this way, professionals can engage in problem-solving activities at the edge of their expertise, where they should be in order to deal with complex issues.

Interestingly, when employees are trained well about recognizing and understanding phishing emails — along with correctly executed and reported phishing tests — susceptibility rates (or how susceptible a business is to a phishing attack) fell as low as 5%, according to PhishMe’s 2017 Enterprise Phishing Resiliency and Defense Report.

“Phishing attacks have the ability to skirt technology and target human emotion, making it imperative that organizations empower their employees to be part of the solution,” said Aaron Higbee, co-founder and chief technology officer at PhishMe.

Cultivating Critical Thinking in the Organization

Fortunately, critical thinking is a skill that can be developed and nurtured. With proper training and more experience, employees will be able to have a well-organized thought process and be able to validate information and ideas based on sound logic and verifiable evidence. Here are some ideas:

Interaction and sharing – Asking questions and encouraging employees to offer solutions to problems provokes and helps them use their critical thinking skills.
What Would You Do? (WWYD) – Allow employees to reflect because reflection helps them connect the dots.
Interactive stories – Aside from building empathy and teaching lessons, an interactive story also challenges employees’ critical thinking.


Doug Olenick. 2018 Winter Olympics being used as phishing attack bait
Wombat Security Technologies. 2018 State of the Phish
Intel Security. 97% of People Globally Unable to Correctly Identify Phishing Emails
Harold Jarche. Thinking Critically
Chen, D., Moskowitz, T. J., & Shue, K. (2016). Decision-Making Under The Gambler’s Fallacy. Cambridge, MA: NBER Working Paper Series
PhishMe. Enterprise Phishing Resiliency and Defense Report
Tip #41 – How to Weave Hard Facts and Emotions into your eLearning Lessons
Tip #51 – How to Mold Smarter Learners by Using Patterns
Tip #69 – Reflections Impact Performance
Tip #118 – Content That Lives Within a Story Lasts Forever

Ray Jimenez, PhD
Vignettes Learning
“Helping Learners Learn Their Way”