Knowledge base for security awareness, phishing and NIS2
The 2LRN4 knowledge base is built for topical authority. It includes 149 in-depth articles on phishing, employee behavior, NIS2, security awareness strategy and incidents or data breaches.
Incidents and data breaches
Accidental data sharing: how to prevent it
Practical guidance on accidental data sharing for organizations that want to improve secure behavior structurally.
Business email compromise explained
Practical guidance on business email compromise for organizations that want to improve secure behavior structurally.
Common data breach scenarios in organizations
Practical guidance on common data breach scenarios for organizations that want to improve secure behavior structurally.
Employee incident response explained
Practical guidance on employee incident response for organizations that want to improve secure behavior structurally.
Epe municipality: why a national ID number and an ID copy are gold for criminals
In the hack on the Dutch municipality of Epe (March 2026), data on nearly all residents was stolen, including national ID numbers and copies of identity documents. The lesson: not all personal data is equal, and in government everything hinges on reporting culture.
How to recognize MFA fatigue attacks
Practical guidance on MFA fatigue attacks for organizations that want to improve secure behavior structurally.
Incident lessons from remote work
Practical guidance on remote work incident lessons for organizations that want to improve secure behavior structurally.
Lost devices and reporting duties
Practical guidance on lost devices reporting for organizations that want to improve secure behavior structurally.
Marks & Spencer and Scattered Spider: the help desk as front door
In 2025 the group Scattered Spider crippled Marks & Spencer — not through an exploit, but by calling the IT help desk and asking for a password reset. The textbook case of help-desk social engineering, and what it means for your awareness programme.
Ransomware and employee behavior
Practical guidance on ransomware employee behavior for organizations that want to improve secure behavior structurally.
Recognizing insider risk signals early
Practical guidance on insider risk signals for organizations that want to improve secure behavior structurally.
Shadow IT risks for awareness and governance
Practical guidance on shadow IT risks for organizations that want to improve secure behavior structurally.
The Canvas/Instructure breach: supplier risk and cloud dependency in education
In May 2026 an attack on the Canvas learning platform (Instructure) hit hundreds of millions of users worldwide, including seven Dutch universities. The lesson: one central platform means one central risk, and your preparation starts with a CIA-triad risk analysis.
The ChipSoft attack: what a supplier hack means for your awareness programme
In April 2026 a ransomware attack hit ChipSoft, the supplier of the electronic patient record used by around 70% of Dutch hospitals. The lesson: you are only as secure as your weakest supplier — and awareness does not stop at your own front door.
The Odido breach: how one phone call to customer service exposed 6 million people
In February 2026, attackers combined a phishing email with a fake IT phone call to break into Dutch telecom provider Odido. The awareness lesson: customer service is a target, MFA can be bypassed, and the real damage comes from follow-up phishing.