Implementation

Plan of action

On our support website there are all kinds of instruction pages on how to do the technical implementation independently. We are happy to share our expertise by helping with this and giving tips along the way. As standard, we ensure that the platform is fully set up and ready to go:

• Roles, access for the administrator
• Corporate identity, logo and colors
• Select Languages
• Add course activities
• Gamification? Rewards/Badges
• Certificates?

Technical implementation

Lead time max. 45 minutes

• Give (System) administrator access to the 2LRN4 platform
• SSO Link: (System )administrator creates the link based on Saml2
• Acceptance criteria: User does not have to log in a second time on the platform or does not get a login screen
• Azure AD link: (System)Admin creates the link based on Azure Graph
• Accept Criteria: Users (or test group) are synced from Azure AD to 2LRN4. Optional (Standard with Flexible package)
• Prepare phishing campaigns.

Program implementation

Lead time: 1 - 2 days

• Proposal for an online privacy and security awareness program. You get a ready-made platform with 12 courses per year consisting of 2 introduction videos, an e-learning and a test. Here you can add specific documents, videos, test questions, etc. to
• Acceptance criteria: change order (timing) and who gets which courses.
• Acceptance criteria: You can create additional categories such as onboarding for new employees or a category for temporary or external workers. And make a number of existing or customized courses available.
• Groups/departments and or individuals linking to the categories and courses.
• Acceptance criteria: Employees of a department are automatically assigned the courses to which the department is linked.

Together with the client, we determine which employees/groups/departments are offered which courses and when. Although the client can change and adapt everything himself, Cyber Inc. advice and help with adjustments. To make the standard content of the courses relevant to everyone, we show that all these privacy and security risks also play a role in your private life. The idea behind this is that if you are aware of the risks in your private life, you will also take this behavior to work.

Communication implementation

Lead time: 2 - 3 days

• Determine when employees receive an email from the platform, when a notification on the platform or when no message is needed.
• Text of the Email templates change.
• Use blog module on platform
• Acceptance criteria: Does a customer want to write messages on the platform or not? These messages can be added to a course.
• Customize Gamification: Badges and Rewards customize
• Accept Criteria: Pictures, parameters and triggers can be customized
• Leaderboard with or without names.
• Certificates: Yes or No certificate by category or per course.
• Edit text per certificate
• Change certificate (appearance)

Management implementation

Turnaround time: 0.5 - 1 hour

• Who needs access to the reporting module and who gets the reports
• Reports: Which reports are needed by whom at what time
• Acceptance criteria: Reports can be scheduled and sent by email

Identified risk analysis and associated control measures

We anticipate unforeseen circumstances by going through the program with a test account. We do this at the beginning, but also a few weeks before a course is released. Although setting up the environment is automated, the specific customer adjustments such as the house style, but also whether the right departments are linked to the courses, are manual work. That is why the 4 eyes principle is applied here, by having this checked by someone else. We then ask you to do the same from an office environment and home workplace. There may be internal settings that block certain things, which can then be resolved. The following risks can occur per implementation phase:

However, the greatest risk moments are not in the above implementation phases. The right resources, the best training or the most beautiful security awareness platform are worth nothing if nobody uses them. When we look at customers where more than 80% of the employees voluntarily participate in the training courses after the first year, they have three similarities: Management involvement, communication and attention. Cyber Inc. is therefore happy to help by sharing our experience on these topics.

Complaints and improving the service?

We always take suggestions for improvement seriously and when submitted by users we reward this with extra points. Even if, for example, it is an improvement of a text that you have made yourself. The idea behind this is that we care about quality and we want to motivate users to improve the service. Complaints and suggestions for improvements can also be discussed during the meetings with the client. Complaints are always resolved immediately and discussed with the client whether the complaint has been resolved. When the client makes a suggestion for improving the service or a new functionality, this starts a process with us. A ticket is created so that you can always see the status and we can discuss the tickets during the consultations.

In addition, we carry out planned maintenance on our platform. This will be announced well in advance on our platform and our support page, where you can see the technical status of the platform. When there are (or have been) incidents, this can also be seen there.

Service plan of approach

Everything, including e-mail texts for reminders, activities, sequences, etc., can be adapted to your wishes. Of course, the standard texts can also be used. By default, the schedule is as follows. A course is released every month. The employee will receive an e-mail message about this. In addition to the title of the course, this message also contains a description of the course, learning objectives, activities and duration per activity. This ensures that the employee can better plan the course. There are no complicated registration procedures for employees. If a course is linked to a department, the employee will automatically receive the correct course. In consultation, we propose not to activate reminders, because they already receive an e-mail every month. We do advise sending 2 reports to the department managers every month. The progress per department and the progress per employee of that department. Restricting reminders prevents the automatic, unread, deletion of all email from the platform. If a frequency of 3 courses per quarter is chosen, it is advisable to activate reminders.

Planning campaign (spread and distribution)

The global timeline below is indicative. This aims to reduce privacy and security risks through knowledge, in which the human factor plays a role. The progress of the employees on these subjects will be measurably recorded for demonstrability in the context of the relevant standards.