General

Where is 2LRN4 hosted?

2LRN4 is hosted at AWS in Ireland.

What does 2LRN4 mean?

2LRN4 is pronounced as "To learn for", learning for...

Do 2LRN4 employees also have to do awareness training?

Our employees are continuously trained on security and privacy risks. They regularly have to do phishing simulations and use unique strong passwords and store them in a digital vault (password manager). Multi-factor authentication (MFA) is enforced and access to the systems is immediately denied upon termination of employment.

What can 2LRN4 security awareness do?

The 2LRN4 security awareness platform can serve as the knowledge part of your security awareness program. It provides employees with ongoing knowledge of privacy and security risks.

What is your approach?

The 2LRN4 platform delivers 12 courses per year, so after two years you have had 24 courses and after three years 36 courses. This gives you the option to give employees a monthly course. This is an important strategy, because employees spend a lot of time on the subject with little effort. In the course we show the privacy and security risks in a business and private environment. As a result, employees recognize these risks much faster, and at the same time we show that they must always remain alert.

How does 2LRN4 differ from other suppliers?

We distinguish ourselves because you can adapt our platform to your security awareness program. You can

Security Awareness as a Service (SAaaS)

Do the security awareness courses have themes about common security and privacy risks, such as phishing, ransomware, social engineering, sending confidential information to the wrong recipient, etc?

Our online courses are risk-based and contain all common security and privacy risks, without being too technical .

Is there enough content to train different and current risks?

With a three-year contract, we provide a platform with 36 courses on current security and privacy risks. More than 150 modules in total. You can make these courses even more relevant for employees and organization by adding your own content.

Is the content varied?

The content consists of videos, e-learning modules, documents, tests, surveys and everything you can add yourself. The courses consist of at least videos, e-learning and a test.

Are custom modules for certain departments/functions possible, such as HR, Financial Administration, System Developers, Managers?

We can create custom content according to your wishes and budget for different target groups. In addition, you can select different courses for different departments on our platform.

Is it possible to add your own content, such as videos, documents, presentations?

It is very easy to add your own content such as videos, documents, presentations, webinars, tests and surveys. With a link to Microsoft Sharepoint or Google Drive you can also ensure that the version on 2LRN4 is always the latest version. For example, if you add the policy to the course.

What languages is 2LRN4 available in?

On the 2LRN4 platform, you will receive the content spoken, written, and subtitled in the same language. We offer all European languages on our platform: Dutch, English, German, French, Spanish, Portuguese, Italian, Greek, Danish, Swedish, Norwegian, Finnish, Romanian, Bulgarian, Hungarian, Polish, Croatian, Czech, Estonian, Irish, Latvian, Lithuanian, Maltese, Slovenian, Slovak, Turkish, and Ukrainian. Upon request, we can add other languages for your organization.

Does 2LRN4 facilitate that new users have completed beginner training first?

We can put together a beginners training as a kind of baseline measurement, because the level of the beginner is different in every organization, we put this together with the customer.

Is the knowledge of the training modules followed being tested?

The tests we provide as standard are based on the content of the course. When you add content yourself, you have the option to supplement the test or to create an extra test. You can also change the existing questions and answers to make it relevant to your organization. If an answer says: "Call the helpdesk" and it is called the ICT servicedesk, you can change this.

Is there a dashboard for users that provides minimal insight into which training modules need to be done and have been done?

We have different dashboards. This depends on the role you have on the platform. As a user you can see what you have done and what you still need to do. As a user, you will find on the dashboard how many courses you are registered for and how many activities you still have to do. You can go directly to the course via your dashboard. Here you will also find your points and rewards that you have earned with the keys and the badges that you have collected. This is also the place where you can download certificates. As an administrator, you have an extra dashboard that provides direct insight into the status of the awareness program. You can download the graphs for your presentation to the management.

Which reports are available as standard?

We offer many standard reports with different data that you can also filter to meet your specific needs. Think of reports per user, course, department and, if the manager field is filled in in the Active Directory, also per manager.

Can we send phishing tests and see reports on the results?

Once you have purchased the Flexible package, you can schedule and send various phishing campaigns to users, departments or the entire organization. When you have purchased the Freedom package, you can also create phishing campaigns yourself.

Does the system automatically send an email to users when they need to follow a module?

Several e-mail templates are available on the platform where you as an organization have total control over which e-mail is sent out when and with which text. To prevent users from being inundated with e-mail, we advise you to do so on the support page that deals with this topic.

Is there support for users?

You can ask your question via the web form or email, but most users will find their answers in the support drop-down menu. If the answer is not listed, they will automatically be directed to a web form.

Do you use gamification?

To stimulate and motivate employees, the 2LRN4 platform has the option to assign badges and rewards. Whether and when a user receives this depends on the organization. As an organization you decide for which parameter / trigger something is given. For example, a badge can be given if someone does a first activity or participates in a webinar, etc. A reward can be given, for example, if someone has achieved a certain number of points. These points form the basis of the leaderboard. All badges and rewards can be changed to match your own corporate identity. You can also switch off all gamification if this is not your thing.

Can (digital) certificates be issued?

Certificates can be awarded to encourage employees. Whether and when a user receives this depends on the organization. As an organization you determine whether the certificate is given for a single course, for a number of courses, for a category of courses or for an entire year. What the certificate looks like, what text is on it and where it is on the certificate, is of course also up to you. We have already uploaded some examples that you can use or adapt. But of course you can also use your own certificate.

Is it possible to customize colors and logos?

When the colors and logos match the house style, this ensures a good user experience. You can of course also adjust this yourself as an administrator. House style at 2LRN4 goes further than just adding a logo and house style colours. On the 2LRN4 platform you can adjust all texts yourself, change the e-mail templates and make the password policy the same as that of the organization. By default, the platform is already delivered in the house style, so that you can get started quickly.

Is Single Sign On (SSO) possible, so that the user logs in immediately when he/she goes to the platform? (Without steps)

Every second counts when it comes to user acceptance of an online platform. Even small delays affect user motivation and have a negative impact on your security awareness program. Single Sign On (SSO) helps to reduce these negative influences. Because users are already logged in with their company account on their computer, SSO prevents them from having to log in again. Research shows that a large proportion of users drop out when they have to log in (again) and have forgotten their password. Employees don't have the time or patience to log into each platform individually. They appreciate not having to remember a different password for each system. It also improves security. Since the authentication does not take place on the platform. As an administrator, you can configure the link yourself on the 2LRN4 platform. Check the support page for the manual.

Is there an integration for synchronizing users with Azure Active Directory?

For the most seamless integration, we recommend providing your 2LRN4 environment with Active Directory synchronization. As a result, you have no extra management effort. Accounts are automatically created on the 2LRN4 platform if they do not already exist. And they get direct access to the courses that are linked to the department they fall under. They will be notified by e-mail for which courses they are registered. The synchronization works in one direction only from Azure AD to 2LRN4 and not the other way around. When you make a user inactive on the Active Directory, it will be inactive on the 2LRN4 platform after synchronization.

Is 2LRN4 multiplatform?

2LRN4 is designed for any size screen (computer, laptop, tablet and phone) as long as there is an internet browser available such as Chrome, Edge, Safari and Firefox.

Are there different roles available?

The system is role-based and has a user, manager, communication, help desk, phishing administrator and administrator role for customers. These roles can be assigned by the customer himself.

Can different courses be assigned to different people?

Courses can be assigned to different departments and also to different people. This way you can create individual learning paths. Assigning to departments is preferred in large organizations because you can automate this. Assigning to individuals takes more time.

Are email messages editable by us (for example, by someone with the manager role)?

Email templates can be modified by someone with the communication role or the administrator role.

How is support arranged?

All possible answers are described on our support pages. Our partners will of course help you with the implementation and you can always rely on us. Especially if you are going to link courses to departments for the first time, then we can do that very well together. You can also let us do other (also not common) activities. You can do everything yourself (using the support pages), but you don't have to.

Purchase

How do I purchase the 2LRN4 platform?

There are two ways to purchase a subscription to the platform: Search our partner page for a reseller and request a quote. Request a demo from us. If you then want to proceed to purchase, we will look for the right partner together, who will provide the quotation.

Can we change the terms and conditions of 2LRN4 or provide our terms of purchase?

Both is possible, but we prefer to use your purchasing conditions. We would like to include a paragraph that we remain the owner of the content (media) that we provide. You retain ownership of the content you add.

Which packages can we buy?

We have three different packages: With First you get the 12 security awareness courses consisting of 50 modules with basic platform functionality. With Flexible you get the same as with the First package, plus phishing simulation. The Freedom package is the most comprehensive package, where you can do all kinds of integrations with other packages.

Can we buy a license with a credit card?

No, we only accept bank transfer.

Can 2LRN4 register in our supplier portal?

If your purchasing department has a simple form with one of the following questions, we can help you: Company information (address, name, chamber of commerce number, etc.) and bank details

How can I book a demo?

You can book a demonstration through our partners/resellers or directly with us at book a demo. We prefer to talk about our platform all day long, but we also manage to show the highlights in 30 minutes. If you want to see more, book 45 minutes to 60 minutes.

Data and Privacy

Has 2LRN4 established a Privacy Policy?

2LRN4 is a product of Cyber Inc. who has established a privacy policy, which specifies the scope of personal information collected, the obligations of the company, the rights of the individual to access, update or delete their personal information, and an up-to-date point of information is documented and clearly communicated to individuals. contact where individuals can direct their questions, requests or concerns.

Can we change 2LRN4's Processor Agreement or provide our Processor Agreement?

Both are possible, but we prefer to use your processing agreement, because it has often already been approved by the DPO and lawyers.

When will customer data be deleted?

We remove customer data containing confidential information from the application environment, in accordance with best practices, when customers leave the service. All data is automatically destroyed immediately after termination of the service. Individual user data is automatically destroyed when the users are deleted.

Have data retention procedures been established?

We have formal retention and deletion procedures in place to guide the safe retention and deletion of company and customer data.

Are privacy-compliant procedures established?

Cyber Inc. has put in place documented processes and procedures for 2LRN4 to ensure that all privacy-related complaints are addressed, and the resolution is documented in the company's designated system and communicated to the individual.

How long is customer data retained?

Keeps customer data for the lifetime of a customer account. No historical data is deleted until the customer account and/or individual is deleted.

Is there a privacy policy available?

A privacy policy is available to customers who require it before and/or at the time that information from the individual is collected. Employees receive the privacy policy upon joining

When will the privacy policy be revised?

The Privacy Policy will be reviewed as needed or when changes occur and updated accordingly to ensure compliance with applicable laws, regulations and applicable standards.

Has a data classification policy been established?

The data classification policy to ensure that confidential data is properly secured and restricted to authorized personnel.

Infrastructure security

What do you do to maintain the 2LRN4 infrastructure?

The infrastructure supporting the 2LRN4 platform is regularly patched as part of routine maintenance. We have set up patch management for this and new relevant CVEs are addressed by the developers.

Is production data backed up?

Backups are made of the entire platform on a daily basis to enable rapid recovery in the event of a disaster. The backup is not suitable for honoring individual requests.

Is remote access MFA enforced?

The company's production systems are only remotely accessible to authorized employees. The use of multi-factor authentication (MFA) is enforced for all employees.

Is production network access restricted?

Privileged access to the production network is limited to a small number of authorized users. 2LRN4 uses segregation of duties. Roles are defined in the application based on tasks, responsibilities and authorities. Special attention is paid to accounts with high privileges. Access to the production environment is extra secured with a hadware token.

Is all data encrypted?

The data is encrypted with AWS Key Management Service (AWS KMS)

Is the 2LRN4 infrastructure monitored?

Anomalous events are identified that could potentially impact security objectives. In addition, we use infrastructure monitoring tools to monitor systems, infrastructure and performance and respond to alerts when specific predefined thresholds are reached.

Product Security

Is the platform scanned for vulnerabilities?

Vulnerability scans are performed monthly on the platform. Critical, high and medium vulnerabilities are fixed as soon as possible. When these are fixed we will publish them with the software releases as bug fixes.

Are penetration tests performed?

The penetration tests are performed at least annually or after major changes by an external party. When these are fixed we will publish them with the software releases as bug fixes. Customer contacts can request access to the latest penetration test.

Is all data encrypted?

The data is encrypted with AWS Key Management Service (AWS KMS)

Is all data transported encrypted?

Data transport is encrypted according to up-to-date encryption standards and standard transport protocols. TLS 1.3: lower versions are blocked.

Is the platform protected against DDOS attacks?

The 2LRN4 platform is protected against ddos attacks by AWS Shield.