Recently, I had the pleasure of speaking with Inda Sahota, the dynamic and deeply empathetic force behind cybersecurity awareness at Fresenius Group. What struck me most wasn’t just her deep understanding of human-centric security, it was how naturally she bridges the gap between personal values and professional practice.
Inda brings her whole self into her work: her empathy, intuition, and a grounding in values passed down from her parents, progressive thinkers and first generation Punjabi Indian immigrants to the UK. They instilled in her and her sisters a quiet but powerful sense of agency. When cultural voices around them suggested that girls were somehow less capable than boys, her father would respond with a deceptively simple challenge:
“But you can eat, can’t you?”
His way of creating initial confusion sparked critical thinking, and a gentle dismantling of limiting beliefs that, if left unchecked, could have developed into lifelong insecurities.
Our conversation got us thinking about the intersection of critical thinking, values-based education, self-efficacy, and digital mindfulness, especially in a world where we are exposed to online manipulation on a daily basis.
From Awareness to Agency
In security awareness design, we often focus on rules: don’t click this, don’t trust that, don’t reuse your password. But what if we focused instead on values? On presence. And on the cultivation of agency and critical thinking, the kind that Inda’s father nurtured in her from a young age? Psychologist Albert Bandura’s concept of self-efficacy, the belief in one’s capacity to act in the face of challenges, is central here (Bandura, xx). Research shows that self-efficacy is a strong predictor of behaviour change, and it has been linked to improving cybersecurity awareness attitude, knowledge, and behaviour (Arachchilage & Love, 2014; Zainal et al., 2021).
As Inda put it:
“Resilience is like water. You need to be able to flow.
In other words, we need to prepare, not just protect, our people. Whether we’re speaking to employees, children, or our broader communities, we need to teach them how to adapt fluidly, not just obey. How to stay present, not just paranoid. “This is about more than cybersecurity,” Inda notes. “It’s about helping people reclaim their agency in a world designed to exploit their attention and emotions. This fluid resilience allows individuals to:
- Recognise when they’re being emotionally manipulated
- Pause before responding to urgent digital demands
- Stay centred when algorithms try to steal their attention
- Respond with intention, rather than react impulsively
Presence vs. Performance: The Cost of Multitasking
One of the biggest threats to cybersecurity by the way, isn’t malware. It’s human error, often linked to distraction, overwhelm and media multitasking. And attention is one of our most compromised assets. Studies show that frequent multitasking reduces cognitive control, impairs memory, and increases difficulty in impulse control (Ophir, 2009; Baumgartner, 2014). And people who engage in high media multitasking engage in riskier cybersecurity behaviours compared to the low multitaskers (Hadlington & Murphy, 2018).
This fragmentation of attention doesn’t just make us less productive, it makes us more vulnerable. Scammers, phishers, and social engineers exploit us best when we’re rushed, distracted, over-stimulated or overwhelmed without realising. As a result, mindfulness becomes a cybersecurity imperative, not just a wellness buzzword.
Habits that Shape the Mind
Digital hygiene, like brushing your teeth, only becomes effective when it’s habitual. But forming habits, particularly in high-distraction environments, requires deliberate design. If we want people to pause before clicking a link or question a seemingly friendly DM, we need to design cues and rewards that reinforce critical thinking. This is where digital mindfulness practices can play a critical role in training the brain.
What Inda’s father modeled for her was a form of cognitive scaffolding. He didn’t control her environment or scare her into obedience. Instead, he provided intuitive frameworks for situational self-awareness, such as: “Have eyes at the back of your head.”
This is a powerful metaphor for living with conscious awareness and for being both vigilant and empowered. And those are precisely the qualities we need to foster in our digital citizens. So how can we apply this to our digital spaces?
Here are 5 practical ways to build digital resilience starting today
- Question, Don’t Lecture
Instead of explaining all the dangers of the internet, ask questions that help think critically:
- “What do you notice about how you feel after scrolling for an hour?”
- “What is the intent behind this narrative, article or social media post?”
- “What emotions are triggered by the narrative?”
- Build Self-Efficacy Through Practice
Research by Dr. BJ Fogg at Stanford’s Behavior Design Lab shows that lasting behavioral change happens through tiny habits that feel easy to do. In the digital realm, this might mean:
- Pause for three seconds before clicking on links
- Creating simple rituals around device usage – i.e. no screens at meals, or in bedroom
- Play critical thinking games, illusions and logic riddles
- Phishing tests and “spot the phish” or “spot the deepfake” games
The key is making these practices feel natural rather than imposed. Creating safe opportunities for people to practice digital decision-making and learning from mistakes also helps building self-efficacy.
- Model Mindful Technology Use
We learn more from what we observe than what we’re told. You can model mindful technology use by:
- Putting devices away during conversations
- Thinking out loud when you encounter suspicious emails
- Demonstrating how you fact-check information before sharing
- Try the 5-minute rule. Tell yourself: “If I still need to check this in 5 minutes, I will.” This pattern interrupt helps break unhealthy autopilot impulses.
- Develop Emotional Regulation Skills
Social media platforms and cybercriminals alike exploit our emotional responses to drive behaviour. They create artificial urgency, leverage fear of missing out, and use variable reward schedules that mirror addictive behaviours. Training should show how to recognise when one is being emotionally manipulated by technology. Simple practices like taking three deep breaths before responding can activate the prefrontal cortex and reduce reactive behaviour.
5, Create an emotionally safe environment
People need to feel psychologically safe to slow down. Create environments where questioning is welcomed, where “Let me verify this first” is praised, not criticised. When it’s okay to ask “Does this seem right to you?” without fear of looking incompetent, people actually become more vigilant, not less.
Bringing the Being into the Human
One of Inda’s most poetic expressions stayed with me:
“We need to bring the human back into the being, and the being into the human.”
What if we saw our intuition and self-awareness as cybersecurity superpowers? What if we cultivated presence alongside password hygiene? We might just build a digital culture where security isn’t only about understanding the risks, but about knowing ourselves.
