Why Styx For Your Security Awareness Training?

Experience

We have extensive experience in training in high consequence and pressure environments. Our training lead has taught clinically in the NHS for around 15 years. This training includes anyone from the greenest trainee to consultants. He was handed the most challenging training situations, including both struggling trainees under intense pressure to succeed in a short time frame or those with an aptitude who needed overconfidence tempering. He has taught at post-graduate level at a university and written a technical theory training book. Mostly he was delivering practical training and experiential learning. His background in psychology allows him to apply trait psychology to understand where specific people might be open to social engineering and address these issues. In the health service, this tends to be people who are hyper-agreeable and therefore find it hard to say no or challenge others.

He has had to rapidly learn and apply several complex topics (from niche algorithms used in medical devices to electronics to nuclear physics) to build new frameworks and operating procedures. He has had to then present that to multiple different groups who are specialists in one area but laypeople in the others. Getting this understanding and communication right was essential to patient safety in a fluid, technically complex and fast-paced environment.

Application

This bedrock of experience forms the basis of Styx Security’s training offering, where we ascertain the requirements of the customer and their business and develop a training plan around their specific needs and concerns. We understand there’s a difference between theoretical and experiential learning. We create real world scenarios and combine the need to test processes and train employees. A typical example is the “IT guy” who is trying to plug a USB drive into everyone’s PC – do your staff challenge this person? Do they understand the hazards? We intend to get caught, but after there has been the breach. This way we give people a victory, which reduces their defensiveness and resistance to training and improvement. It also creates a story to spread.

The experience we bring from an environment where failure and harm to the patient was not acceptable helps us plan for contingencies and consider problems before they are encountered. We recognise the importance of theoretical data protection training, but we rarely see this solidified in practice until an event happens. We help create the links between the theoretical and practical, as well as giving people the opportunity to see how they will react to a real world situation.

This kind of training and testing can really help businesses seeking ISO 27001 certification as well as those with a need to demonstrate data protection to customers, investors or authorities. By bringing your employees, who handle data and requests every day, into your security solution, you can end up with a highly sensitive detection system where potential breaches are reported up the chain.

Other Examples

Schools – demonstrating school staff have an effective and robust response to unauthorised people on site. This provides evidence for OFSTED safeguarding, parents, Governors, etc.

Hospitals – a challenging environment as the building is public with new faces all the time. Protection of patients, assets, pharmaceuticals and even radioactive materials is a challenge in this setting. We can help test controls, improve security awareness and provide evidence for CQC visits.

Stadiums – another challenging environment with a high volume of people, large transitional spaces and many different suppliers providing security to different standards.

Common Questions and Concerns

Relevance: How relevant is this training to my industry?

We will always be forthright with you, and we won’t take contracts where we feel our training model can not be adequately adapted. Our training is flexible and the principles can be applied to a range of businesses.

Cost: Isn’t this kind of thing very expensive?

The cost of our services depends on your specific needs and the amount of back-end work required. At Styx Security, we do not engage in the highly technical attacks often required by specialist clients. This hugely reduces our operating costs. As a result, our services are more affordable and accessible to customers who may be priced out of other options.

Time: Training = time = money.

The cost of legal compliance is a problem for every business and many e-learning courses can fulfil the basic legal requirements. Most of the time, these are box ticking exercises and, worse, help shift the blame onto the individual. Styx Security aims to create effective training on the job with our real world exercises. There’s absolutely a time requirement if you want the most out of the training, but there’s no substitute for the practical experience we provide. If you want to improve a flagging security culture to avoid a costly data breach or demonstrate audit, testing and training, our security awareness training is an excellent solution.

Technical: Will this be technical or difficult to understand?

We work in the inverse way to many trainers. Most people can not hold all the relevant laws and processes in their heads. Having people keep in mind all the different signs of a phishing email whilst trying to do their job is impossible. We work on the “baseline”. What is normal for the office? What is normal for requests? What is normal for emails? If it’s above the baseline, we help ensure the employee knows what immediate action to take and help you ensure they know what follow-up actions should happen. Our real world exercises help spread the word around your company and are effective when combined with an information campaign and demonstrations of management buy-in.