Cyber security is about protecting your computer hardware, software, personal data and networks from malicious attacks or from data being lost or acquired by third parties.
Protecting our customers
At Juniper, we know how important cyber security is to our customers and to our business. We also know that school websites can often be sources of attack for unscrupulous individuals and that, as your website provider, it is our duty to protect your information.
The security methods we use to protect our customers:
- Regular software updates
- Penetration testing and bug fixes
- Single Sign On (SSO)
- 2-Factor Authentication (2FA)
- SSL certificates
- Secure, robust network infrastructure
- Remote daily server backups
- Data protection officer role (DPO)
- User Manager permissions
- Full removal of personal data
- Form & data encryption
You can find out more information about each of these below:
Regular software updates, penetration testing and bug fixes
Our dedicated team of developers work daily to ensure the CMS is not vulnerable to attack. There are measures in place to constantly monitor the systems for any issues, weaknesses and external attacks, with processes in place to respond appropriately if and when required.
Single Sign On (SSO) & 2-Factor Authentication (2FA)
Our schools and trusts can choose to either link their CMS login to an existing in-school account (such as Microsoft) or request that users require an additional level of authentication (e.g. a code sent to their mobile phone) when logging in to confirm user identity. Find out about setting this up.
SSL certificates
Secure Socket Layer (SSL) certificates are used to authenticate the identity of your website and to create an encrypted, secure connection between your website server and the end user’s web browser. If a website URL starts with ‘https://’ then you know it is using an SSL certificate. All of our websites are provided with a free SSL certificate as standard.
Secure and robust network infrastructure
Our CMS has an average Annual Uptime Percentage of 99% thanks to our stringent measures to monitor uptime and minimise any impact to service availability. Our servers are hosted in a data centre which is monitored 24x7x365 by a team of certified security analysts.
Remote daily server backups
Daily server backups are included as part of our comprehensive disaster recovery plan. We also have in-built CMS recovery which is accessible by our customers, so that any page, form, or event deleted within the CMS can be restored for up to 30 days.
Data protection officer (DPO) user role
The DPO role is allocated to one administrator for each website. This role allows customers to view, amend and remove who has a user account within their website. They will receive specific notifications of inactive accounts or items for review.
User manager permissions
Multiple users can have access to maintain the school or trust website. However, we recognise that having too many users with full admin access can cause complications. That’s why we have 3 standard roles within the User Manager (Administrator, Publisher and Writer) as well as the ability to create additional roles which have a unique set of permissions for specific pages or areas of the website. Each user requires their own unique email address and password to access their account and can benefit from SSO or double authentication procedures.
Full removal of personal data
When a user is deleted from the Content Management System all their personal data is stripped from the account. Likewise, when a website contract is cancelled and a customer requests their website to be taken down, we will automatically delete all personal data associated with that website.
Form encryption
Our form functionality is fully encrypted in the database as default. When forms are deleted, all the associated form submissions are also removed. Form entries can be bulk deleted and anything marked as ‘removed’ will be deleted by an automated script.