Implementation
Plan of action
On our support website there are all kinds of instruction pages on how to do the technical implementation independently. We are happy to share our expertise by helping with this and giving tips along the way. As standard, we ensure that the platform is fully set up and ready to go:
- Roles, access for the administrator
- Corporate identity, logo and colors
- Select Languages
- Add course activities
- Gamification? Rewards/Badges
- Certificates?
Technical implementation
Lead time max. 45 minutes
- Give (System) administrator access to the 2LRN4 platform
- SSO Link: (System )administrator creates the link based on Saml2
- Acceptance criteria: User does not have to log in a second time on the platform or does not get a login screen
- Azure AD link: (System)Admin creates the link based on Azure Graph
- Accept Criteria: Users (or test group) are synced from Azure AD to 2LRN4. Optional (Standard with Flexible package)
- Prepare phishing campaigns.
Program implementation
Lead time: 1 - 2 days
- Proposal for an online privacy and security awareness program. You get a ready-made platform with 12 courses per year consisting of 2 introduction videos, an e-learning and a test. Here you can add specific documents, videos, test questions, etc. to
- Acceptance criteria: change order (timing) and who gets which courses.
- Acceptance criteria: You can create additional categories such as onboarding for new employees or a category for temporary or external workers. And make a number of existing or customized courses available.
- Groups/departments and or individuals linking to the categories and courses.
- Acceptance criteria: Employees of a department are automatically assigned the courses to which the department is linked.
Communication implementation
Lead time: 2 - 3 days
- Determine when employees receive an email from the platform, when a notification on the platform or when no message is needed.
- Text of the Email templates change.
- Use blog module on platform
- Acceptance criteria: Does a customer want to write messages on the platform or not? These messages can be added to a course.
- Customize Gamification: Badges and Rewards customize
- Accept Criteria: Pictures, parameters and triggers can be customized
- Leaderboard with or without names.
- Certificates: Yes or No certificate by category or per course.
- Edit text per certificate
- Change certificate (appearance)
Management implementation
Turnaround time: 0.5 - 1 hour
- Who needs access to the reporting module and who gets the reports
- Reports: Which reports are needed by whom at what time
- Acceptance criteria: Reports can be scheduled and sent by email
Identified risk analysis and associated control measures
We anticipate unforeseen circumstances by going through the program with a test account. We do this at the beginning, but also a few weeks before a course is released. Although setting up the environment is automated, the specific customer adjustments such as the house style, but also whether the right departments are linked to the courses, are manual work. That is why the 4 eyes principle is applied here, by having this checked by someone else. We then ask you to do the same from an office environment and home workplace. There may be internal settings that block certain things, which can then be resolved. The following risks can occur per implementation phase:
Technical implementation
- Some system administrators will not make links every day, so we have made a step-by-step plan. In addition, we also offer to go through these steps together. We always test the link with 1 user first, usually the system administrator himself.
- If there are multiple Azure AD tenants, multiple links will also be created.
Program implementation
- You can determine the order of the courses yourself. However, for some courses, another course has already been completed, and there are also courses that offer a deepening or broadening of an earlier course. Cyber Inc. let us know in advance which these are, so that they can be taken into account in the planning and help to link the departments/teams to the courses.
Communication implementation
- Cyber Inc. gives advice on which e-mail templates are most important, so that not all templates need to be adjusted. We have also included examples that are used by others in the template.
- Cyber Inc. also advises when an email is better and when a notification (only on the platform).
Management implementation
- Users with the manager role can only see their own employees on the platform.
However, the greatest risk moments are not in the above implementation phases. The right resources, the best training or the most beautiful security awareness platform are worth nothing if nobody uses them. When we look at customers where more than 80% of the employees voluntarily participate in the training courses after the first year, they have three similarities: Management involvement, communication and attention. Cyber Inc. is therefore happy to help by sharing our experience on these topics.
Complaints and improving the service?
We always take suggestions for improvement seriously and when submitted by users we reward this with extra points. Even if, for example, it is an improvement of a text that you have made yourself. The idea behind this is that we care about quality and we want to motivate users to improve the service. Complaints and suggestions for improvements can also be discussed during the meetings with the client. Complaints are always resolved immediately and discussed with the client whether the complaint has been resolved. When the client makes a suggestion for improving the service or a new functionality, this starts a process with us. A ticket is created so that you can always see the status and we can discuss the tickets during the consultations.
In addition, we carry out planned maintenance on our platform. This will be announced well in advance on our platform and our support page, where you can see the technical status of the platform. When there are (or have been) incidents, this can also be seen there.
Service plan of approach
Everything, including e-mail texts for reminders, activities, sequences, etc., can be adapted to your wishes. Of course, the standard texts can also be used. By default, the schedule is as follows. A course is released every month. The employee will receive an e-mail message about this. In addition to the title of the course, this message also contains a description of the course, learning objectives, activities and duration per activity. This ensures that the employee can better plan the course. There are no complicated registration procedures for employees. If a course is linked to a department, the employee will automatically receive the correct course. In consultation, we propose not to activate reminders, because they already receive an e-mail every month. We do advise sending 2 reports to the department managers every month. The progress per department and the progress per employee of that department. Restricting reminders prevents the automatic, unread, deletion of all email from the platform. If a frequency of 3 courses per quarter is chosen, it is advisable to activate reminders.
Planning campaign (spread and distribution)
The global timeline below is indicative. This aims to reduce privacy and security risks through knowledge, in which the human factor plays a role. The progress of the employees on these subjects will be measurably recorded for demonstrability in the context of the relevant standards.
Quarter 1
- Online course passwords
- Phishing Online Course
- Social engineering online course
- Reporting/analysis/consultation
- Phishing Campaign
Quarter 2
- GDPR Online Course
- Online course Flexible working
- Online Data Processing Course
- Reporting/analysis/consultation
- Phishing Campaign
Quarter 3
- Online social media course
- Physical security online course
- CEO Fraud Online Course
- Reporting/analysis/consultation
- Phishing Campaign
Quarter 4
- Online course on the safe use of mobile devices
- Safe Surfing Online Course
- Online course GDPR in practice
- Reporting/analysis/consultation
- Phishing Campaign