Compliance and best practice…

At present, legal requirements around cyber security derive from the – Data Protection Act (DPA), but this will change on 25 May 2018 when the General Data Protection Regulation (GDPR), comes into force. It will impact across the organisation in terms of how it stores and uses information.

Cyber security can often involve installing monitoring equipment. It is best practice to undertake an impact assessment especially given some types of surveillance will not only upset employees, but can be illegal.


Information Technology Solutions

GDPR | Impact Assessment


Ensure that everyone knows what their role is.

Information and process audit to identify gaps.

Measures to reduce issues and deal with breaches. Continuous improvement via review, design, training and communications.

Impact Assessment

Inline with the ICO code of practice we:

Identify the need
Describe the information flows
Identify the privacy and related risks
Identify and evaluate the privacy solutions
Sign off and record the outcomes
Integrate the outcomes into the project plan
Consult with internal and external stakeholders


Understanding triggers that drive behaviour…

MetrixCloud has devised its Cyber Security Behavioural Model to shed light on the interaction between malware/hacking and victims. We see this as a behavioural layer that impacts on cyber security vulnerabilities – People, IT and Processes/Physical.

Much of how we behave is unconscious. It is rooted in our biology, the way we think and our psychology. Our decisions are not always well thought out – we take risks. These risks and unconscious biases can be exploited via social engineering. Our behaviours can also result in more conscious acts such as insider threats (blackmail, fraud or cyber vandalism).

(c) MetrixCloud Ltd

PIP v2

Behavioural Solutions

Consultancy | Process Improvement | Coaching

Our Behavioural Consultancy looks at behaviours from three linked perspectives:

Biological: Automatic behaviours can be generated by our fight, flight, freeze and fawn responses. Reward seeking behaviour can lead to risk taking and poor decisions such as falling for baiting.
Cognitive: Memory & information processing can be flawed and biased. We have stereotyped views of what we think a hacker looks like – this cognitive bias is termed representative heuristic.
Psychological: Our experiences develop into scripts that determine how we behave at an individual and organisational level. These can be predictable and so exploitable.

By considering these dimensions within our Cyber-security Behavioural Model, we are able to highlight vulnerabilities by testing people/process/physical elements and advise business how to improve their structure and processes .


Process/Organisational Design
What we want to happen and what actually happens are not always the same thing. Cultural dimensions and informal processes can become ‘the way we do things around here’. These sub-optimal practices can be exploited by cyber-criminals. We need to rethink how we design the way we want the organisation to function. Simply providing instructions does not always work; we have to get to the behavioural reason why people aren’t following procedures.

Cyber Security as Default
It is important that process redesign recognises that much like water, people seek the easiest path. We simply don’t want to waste energy thinking about something. So, if we want employees to do the safest thing, then we should attempt to make it the default action.

Behavioural Learning and Coaching:
Coaching combined with learning accelerates the embedding of behavioural concepts. Theory and practice are considered together. A deeper understanding generated practical solutions.

Small Group Work (max 6 people):
In addition to individual coaching, we can work with small groups to enable people from across the organisation to come together. These interactive sessions accelerate behavioural understanding by allowing delegates to learn by doing and share with their peers.



Aligning to business strategy and understanding needs…

We can provide a learning solution that meets your ongoing cyber security needs.

We can undertake an analysis to establish business priorities and the skills & knowledge need. We can then match this to our existing online and workshop programmes. And, if there is a specific requirement we can develop a tailored solution for your organisation.

Needs Analysis & Programme Design

Business Strategy > Learning Need > Learning Solution

Establishing Outcomes

Business Case
Legal Requirements
HR / L&D view
IT Dept view

Need and Context

IT Records
Best Practice
Policies & Procedures
Learning Need

Data Collection

Focus Groups
Knowledge Checks


Findings & Recommendations
Learning Objectives
Programme Design and Delivery
Evaluation Strategy


MetrixCloud LTD
27 Old Gloucester Street
London, WC1N 3AX

020 3876 3644