Resource Centre

We understand the needs and challenges of local councils, so our resource centre features helpful advice and insight from our team. If there’s a feature you’d like us to include please email us at with your suggestions.

Resource Centre

We understand the needs and challenges of local councils, so our resource centre features helpful advice and insight from our team. We’ll be regularly adding new articles – if there’s a feature you’d like us to include please email us at with your suggestions.

Cyber Security Glossary

This glossary explains some common words and phrases relating to cyber security, based on content originally published by the National Cyber Security Centre – click here for their latest list.


Software that is designed to detect, stop and remove viruses and other kinds of malicious software.

Authentication using physical characteristics, such as fingerprint or iris scanning.

A network of infected devices, connected to the Internet, used to commit co-ordinated cyber attacks without their owners’ knowledge.

Bring your own device (BYOD)
An organisation’s strategy or policy that allows employees to use their own personal devices for work purposes.

A file which asks permission to be placed on your computer’s hard drive, and personalises your browsing experience by gathering and retaining information about your website browsing history.

Where shared computer and storage resources are accessed as a service (usually online), instead of hosted locally on physical services.

Cyber attack
Malicious attempts to damage, disrupt or gain unauthorised access to computer systems, networks or devices, via cyber means.

Cyber Security
The protection of devices, services and networks and the information on them from theft or damage.

Denial of Service (DoS)
When legitimate users are denied access to computer services (or resources), usually by overloading the service with requests.

Digital footprint
A ‘footprint’ of digital information that a user’s online activity leaves behind.

Easter Egg
Hidden feature built into a computer program by the developer that is added for entertainment or malicious intent.

A mathematical function that protects information by making it unreadable by everyone except those with the key to decode it.

End user device
Collective term to describe modern smart phones, laptops and tablets that connect to an organisation’s network.

Hardware or software which uses a defined rule set to constrain network traffic to prevent unauthorised access to (or from) a network.

General Data Protection Regulations designed to protect personal data (due to be introduced in the UK in May 2018).

Honey pot
A network security feature designed to detect hacking or lure them to a specific location to avoid obtaining genuine data.

Internet of things (IoT)
Refers to the ability of everyday objects (rather than computers and devices) to connect to the Internet. Examples include kettles, fridges and televisions.

A small program that can automate tasks in applications (such as Microsoft Office) which attackers can use to gain access to (or harm) a system.

Applying updates to firmware or software to improve security and/or enhance functionality.

This is where internet users are directed to a fraudulent website that mimics the appearance of a legitimate one.

Untargeted, mass emails sent to many people asking for sensitive information (such as bank details) or encouraging them to visit a fake website.

Malicious software that makes data or systems unusable until the victim makes a payment.

Software as a Service (SaaS)
Describes a business model where consumers access centrally-hosted software applications over the Internet.

Social engineering
Manipulating people into carrying out specific actions, or divulging information, that’s of use to an attacker.

A more targeted form of phishing, where the email is designed to look like it’s from a person the recipient knows and/or trusts.

Software that installs itself secretly on a computer’s hard drive, and transmits information about a user’s activity.

A type of malware or virus disguised as legitimate software, that is used to hack into the victim’s computer.

Two-factor authentication
The use of two different components to verify a user’s claimed identity. Also known as multi-factor authentication.

Attempting to obtain personal or financial information from a telephone call, in order to commit fraud or identity theft.

Watering hole attack
Setting up a fake website (or compromising a real one) in order to exploit visiting users.

Highly targeted phishing attacks (masquerading as legitimate emails) that are aimed at senior executives.

Authorising approved applications for use within organisations in order to protect systems from potentially harmful applications.

Software that installs itself secretly on a computer’s hard drive, and transmits.

Recently discovered vulnerabilities (or bugs), not yet known to vendors or antivirus companies, that hackers can exploit.

419 scam
Often originating from an email this is an advance fee fraud, where you are asked to help transfer money out of another country. 419 is the section of the Nigerian legal code that relates to the crime.


For more information about how we can help you assess and manage the cyber risks your business is exposed to, please get in touch.

Events guide

For events to be insured under the Councils’ insurance policy; the Council, a working party or a sub-committee of the Council must be the sole organiser of the event.

We should be advised of any event with more than 1,000 attendees at any one time and the following is a guide to the information we would require:

  • A full list of activities and who is responsible for them. All Third Parties must have their own Public Liability insurance, for example: catering vans, fair rides, pony rides, bands and stalls that aren’t organised by the Council. All Permits and Licenses must be in place and, if required, the Police and Fire Brigade should be notified.
  • A Risk Assessment should be carried out and documented prior to the event. The location should be suitable for the event.
  • There should be sufficient Marshalls for the number of people attending. Please note the risk assessment of the event will determine the marshalling.
  • A qualified first aider should be in attendance and they must have means to call the Emergency Services.
  • Start and finish time of the event: If the event is for more than one day; how many days, start and finish times, security overnight.
  • Will there be any music? If yes, what type i.e. local band, type of music. If the band is semi-professional/ professional they will need their own Public Liability insurance in place.
  • Will there be any electrics? If yes, how will it be generated i.e. if it is a generator, what is the security on the generator; if it is a plug into mains, will there be circuit breakers in place, will the cables be covered with matting and is there a contingency plan for wet weather.
  • If you need property cover; we will need to know sum insured, security and storage arrangements.
  • Upon referral to Came & Company, stalls run for no financial gain by local people or groups who do not have their own Public Liability insurance in place may be covered under the policy. The Council must take responsibility for the risk assessment and Health & Safety of the stall. The Council should be aware that if a claim occurs then it would be defended under the Council’s policy and this may affect the terms and conditions at the next renewal.
  • If the Council is responsible for a BBQ, then it must be sited in a position where people cannot walk into it, fire- fighting equipment must be in place (sand/water) and the food must be kept chilled until it is cooked.
  • If the Council is organising a Tug-of-War they must ensure that all competitors are wearing suitable clothing and footwear and use the correct type of rope.

For more information, please speak to a member of our team.

Cyber Security Checklist

The following is our top 20 checklist of key cyber security issues you should consider to help limit the risk and impact of a data breach.

  1. Never process a payment or amend existing bank details/frequent payees based on an email request, always follow up an email with a telephone call before making any payments or changing any details.
  2. Hover over the email address or check the nick-name to ensure that the sender is who they claim to be.
  3. Never click on any unsolicited email links that contain attachments such or .exe files.
  4. Remember – banks and HMRC will never use an email or text message to ask for personal information.
  5. Never click on a link in a text message irrespective of who this has been sent from.
  6. Keep your software, your operating system and your browser fully up-to-date on all devices, especially Smart Phones. Companies continuously add security updates with every software upgrade they release (also called a patch). Installing these patches immediately will help keep you from becoming infected with new strains of malicious software (“malware”).
  7. Always use Multi-Factor Authentication (MFA) to log in to any website or application that you use for banking or investment activity, or that has access to your personal data. MFA is essentially another way—beyond your username and password—to help verify your identity and further safeguard your information.
  8. Run a reputable, anti-virus product on your home PC or laptop and keep this up to date. This will also help prevent your device from becoming infected with malware.
  9. When processing transactions and/or sending correspondence, avoid using public Wi-Fi hotspots – like the ones at coffee shops, airports, hotels, etc. If you do use a public Wi-Fi hotspot, be sure to use a Virtual Private Network (VPN) so that others can’t intercept your communications. As an alternative, stick to the mobile network and create a personal Wi-Fi hotspot with your phone.
  10. Never click on links or open attachments in unsolicited emails or text messages. Doing so may install malware on your device.
  11. Avoid using publicly available charging cords to charge your phone. Publicly available outlets and USB ports are generally fine, but avoid using publicly available cords. These can be used to deliver malware.
  12. Don’t reuse the same username and password across multiple websites and applications. If you reuse the same username and password and a hacker gains access to one of your accounts, he/she may be able to access your other accounts as well.
  13. Create and save bookmarks for the important banking and brokerage websites that you visit often to avoid inadvertently entering your credentials on a fraudulent site.
  14. Consider using a password manager. These apps create unique, complex passwords for you and then store those passwords in a cryptographically sound way.
  15. Only download applications from Google Play™ or the App Store® and never from a third-party app store. Third-party app stores, or apps that pop up and encourage you to download them, are much more likely to contain malware.
  16. Only give applications the permissions they really need. Granting an application access to your photos, location, camera, contacts, etc. makes your data and information available to the application owner.
  17. Limit how much information you share on social media, and lock down the privacy settings on your social media accounts. The information you share online could be exploited to gather information for fraud schemes.
  18. Shred financial documents before discarding them, as these contain valuable information that could be used by fraudsters. You may wish to leverage online statements and paperless options, like eSign, eDelivery, eAuthorizations and Digital Vault, as these include important security features.
  19. Verify that you are using a current and reliable email provider that has basic, built-in security features. Using an older email account that has not incorporated security protections will greatly increase your likelihood of getting malware.
  20. If in doubt – DELETE!

For more information around Cyber please speak to a member of our team

The opinions and views expressed in the above articles are those of the author only and are for guidance purposes only. The authors disclaim any liability for reliance upon those opinions and would encourage readers to rely upon more than one source before making a decision based on the information.

Preventing burst pipes

Protecting buildings in winter

Read our top tips to help protect your buildings from the risks of burst pipes in the winter months.

To help prevent burst pipes:

  • Insulate the pipes in any unheated areas such as outbuildings, sheds etc.
  • Thermostatically-controlled heating systems should be left on permanently and set at a minimum temperature of four degrees centigrade.
    In the event of the building not being used over the winter months, water supplies should be turned off and pipes drained.
    Repair any dripping taps – it is usually just a new washer that is needed.
  • If the heating system fails or makes a loud banging noise, this could indicate that a pipe is freezing. Turn off the system and call a plumber immediately.

If you experience a burst pipe:

  • Turn off the water supply at the main stop valve.
  • Contact an approved plumbing and heating engineer.
  • If your pipes freeze, never use a naked flame to thaw them out.

It can be very easy to forget about the pavilions, changing rooms and buildings that are not used during autumn and winter months. This can make them especially vulnerable to weather damage and vandalism. We recommend that these buildings are checked on a regular (weekly) basis.

For more information, please speak to a member of our team.


The opinions and views expressed in the above articles are those of the author only and are for guidance purposes only. The authors disclaim any liability for reliance upon those opinions and would encourage readers to rely upon more than one source before making a decision based on the information.

Ice and snow - advice for local councils

Ice and snow

To minimise risk from ice and snow in the winter months, we recommend that councils should consider the following:

  • A written risk assessment should be carried out and kept on council files.
  • The council should take reasonable care to ensure the safety of the public, employees and volunteers.
  • All employees and volunteers should be made aware that the clearance of snow and ice could be a seven-days-a-week task (including bank holidays), receive adequate training, and wear the appropriate protective clothing.
  • We recommend that the council communicates its plans to the community. This can be via a website, newsletter, noticeboard or published minutes of a meeting. If plans change this should also be communicated effectively.
  • Once a clearance programme is implemented, it should be maintained for the whole period of adverse weather and plans to manage the process communicated.
  • Where a council takes on the responsibility for clearing snow or ice from paths, it should exercise reasonable care in doing so. Care should be taken in deciding
    where to move the snow – making sure entrances, side roads or drains are not blocked. Clear the middle of the path first so that there is a safe surface on which to walk.
  • After the snow and ice has been cleared do not use water as this may cause black ice. Use salt or grit on the treated areas.
  • Also, if the building is to be used over the winter months the council needs to ensure that ‘users’ can enter and leave the building safely which means that if they are not gritting the paths or car park the building should be closed for that period.

For more information, please speak to a member of our team.


The opinions and views expressed in the above articles are those of the author only and are for guidance purposes only. The authors disclaim any liability for reliance upon those opinions and would encourage readers to rely upon more than one source before making a decision based on the information.

Flood wardens - local councils

Flood wardens and resilience plans

Flood Wardens

Traditionally, flood wardens have been called upon once a flood warning has been issued. If an evacuation is necessary their responsibility is to ensure a suitable place (e.g. village hall) is available for local residents.

The warden may assist members of the public to the place of safety and remain with them until it is safe for them to return to their homes/businesses. The Council’s Employers’ and Public Liability policy should provide cover for the flood warden scheme and any volunteers they call upon.

Any activity that involves deep or fast-moving water remains the responsibility of the emergency services and/or the resilience team. Concern may arise over flood wardens who could be out in adverse weather conditions monitoring waterways, which means they are walking in potentially wet, uneven or slippery areas.

The Council should ensure this potential hazard is assessed and included in their risk assessment and safety guidelines provided to the flood wardens.



Due to the varied activities that can be undertaken in providing resilience, normally in extreme weather conditions or events such as power cuts or terrorism , if your Council has or is considering implementing a resilience plan please contact us to ensure your current policy will provide appropriate cover.

For more information, please speak to a member of our team.


The opinions and views expressed in the above articles are those of the author only and are for guidance purposes only. The authors disclaim any liability for reliance upon those opinions and would encourage readers to rely upon more than one source before making a decision based on the information.

A message from Came & Company

In accordance with the latest UK government guidelines, all Came & Company colleagues are now working from home until further notice.

Despite not being able to meet with you in person, we are very much open for business and you can reach all our teams by phone, email or social media as we continue our mission to deliver the best service possible for you and all of our clients.

Thank you for your understanding and support as we do our bit to help mitigate the risks associated with COVID-19 in these extraordinary times.

Take care and stay safe from all at Came & Company.

Unoccupied buildings: top tips

Leaving local council buildings unoccupied may result in increased risks, and can mean that unexpected incidents can potentially do more damage as they are not identified as quickly. We have put together some tips to help you minimise some potential issues.

  • Review your risk assessment of the property to identify and minimise potential risks.
  • Water damage can be an issue for unoccupied buildings so consider whether it’s appropriate to turn off the water supply at the mains or drain down systems.
  • Review your existing fire prevention plan to ensure that fire risk is minimised as much as possible.
  • Fire and burglar alarms should be activated and all internal doors should be closed.
  • Activate sprinklers and other fire suppression systems you may have in place.
  • Non-essential electrical equipment should be unplugged.
  • Unoccupied premises may be more at a risk of theft, criminal damage or arson so try and ensure premises are as secure as possible.
  • Remove IT equipment or other valuable assets from view if you can, and lock away machinery and tools.
  • Avoid leaving vehicles parked next to the property if possible.
  • Don’t leave any bins or other combustible materials against your property – they should be at least 10m from any building and 2m away from any boundary if possible.
  • Make sure gates are locked securely to prevent access and reduce the risk of potential fly tipping in the grounds.
  • If you are able to inspect the property on a regular basis, then include the perimeter fence and any out-buildings in the inspection.

For more information on how to minimise risks to unoccupied buildings please get in touch.



The opinions and views expressed in the above articles are those of the author only and are for guidance purposes only. The authors disclaim any liability for reliance upon those opinions and would encourage readers to rely upon more than one source before making a decision based on the information.

Claims team on the phone

Our Claims service proposition

Came & Company Local Council Insurance Claims Technician’s, Josh and Jo, explain our Claims service proposition:

In the event of a claim, clients of Came & Company Local Council Insurance have access to our dedicated Claims Technicians who are on hand to guide you through the process and assist with any queries or concerns you may have.

Josh has been working within the insurance claims industry since 1998, with a wealth of experience specifically dealing with commercial insurance claims and the Community niche. Josh genuinely believes in the positive impact great assistance/handling can have on the outcome of each claim and in ensuring you receive the most from your insurer when you need it.

Working at Came & Company, and alongside our broking team, gives Josh the opportunity to do just that. Josh continually seeks to improve our service, maintaining and developing strong relationships with our insurers to get the best results. Having handled an extensive variety of claims from the smallest broken windows to major property fires, Josh enjoys the challenge of any new circumstance and will happily be on hand to assist whenever needed and whatever the circumstance!

Jo entered the Insurance industry in 1998 working for Global Broking groups before moving into Fraud investigation and later returning to the world of Broking Claims management. The Claims Technician role continues to be a job Jo enjoys, principally, helping our clients to submit their claims to insurers with every day representing a learning experience.
During her career Jo has gained a vast amount of experience across all types of claims, with a particular leaning toward strong negotiation skills to influence successful claims conclusions.

Our Commitment:

  • Upon notification of a claim, you’ll receive an acknowledgement from the handler assigned to your claim advising of their contact details and the next steps to progress your claim.
  • From here-on, your handler with liaise with you & your insurer to progress your claim, all the way through to settlement or completion.
  • We appreciate each claim is unique and varying circumstances arise, which at times can result in a very complex claim. Thanks to our continually developing relationship with insurers and wealth of experience, should any queries arise, your handler will be available to help resolve your concerns and if necessary, escalate matters with the insurers.

Claims – Insurers’ Expectations

  • For property damage, insurers will expect to be notified of the claim promptly, generally within 30 days. If you feel you may wish to claim for damaged property, please notify us as soon as you are aware of the matter – even if you are unsure whether you will ultimately be pursuing the claim. This enables us to notify your insurer immediately and avoid the risk of prejudicing your cover by late notification of the claim, which could prevent an otherwise legitimate claim being paid.
  • If emergency repairs are required, such as boarding a door to make the property secure or making water damaged electrics safe, insurers will not penalise you for proceeding with these essentials. However, before any further non-emergency work proceeds, they will expect to receive a quotation for the proposed work, for them to review & agree. In most cases a single, well itemised, quotation (i.e. splitting labour and materials) is sufficient, but for more significant works a second comparative quotation may be requested.
  • For liability or legal advice claims, insurers expect to be advised of the matter immediately or as soon as you are aware of the circumstances – whether it’s a formal claim that you receive or that you are made aware of an event/incident which may lead to a claim. Any matter that could reasonably lead to a claim against you should be notified. Due to the nature of liability claims, which can develop very quickly if not carefully managed with insurer’s guidance, additional costs can escalate – both in damages claimed and legal costs attached to the claim.

The requirement for immediate notification is designed to help you respond correctly and minimise the cost to you and insurers, by allowing them to guide you from day one and manage the situation. Should you fail to notify insurers of a legal or liability matter immediately, there is a danger that the insurer may decline cover for your claim. Action taken without their prior authorisation can prejudice their position, both in terms of costs and their ability to defend your liability.


Josh Britcher Dip CII, Claims Technician

DD: 01483 407481        M: 07523 920699

Joanna Anderson Cert CII, Claims Technician

DD: 01483 407483        M: 07523920696

A playground run by a local council

Risk management of play areas and open spaces

Councils need to consistently demonstrate that open spaces and play areas are safe for use. We strongly recommend weekly visual checks of such facilities are carried out and are recorded in writing as part of the Council’s records. The policy we arrange requires reasonable steps to be taken to prevent or protect against injury, illness, loss or damage arising. Provided such steps are in place and subject to all other policy terms and conditions being met the policy will respond should a claim arise and the Council/Organisation is found legally liable.

The insurers have not issued any specific guidance on managing the risk of COVID-19. Whilst a revised risk assessment should be undertaken to take into account COVID-19, for further advice or guidance we recommend that you contact the consultants who undertake the annual inspection of the play/outdoor gym equipment. Visit the Government portal or the Health and Safety Executive website.

We expect that playgrounds will be very heavily used, especially with the warm weather that we are currently experiencing and the eagerness of the public to start using them again, so it is vital that playgrounds are thoroughly inspected to ensure a satisfactory level of safety is in place. You also have a responsibility to remove any temporary barriers that may have been put up during lockdown which may also be hazardous. You may find the following article from the RPII a useful reference point for further guidance – please click here to read the article.

The inspection programme should be in line with your overall risk assessment.  If lockdown, or social distancing has in impact on the facility, the risk assessment should reflect and be updated accordingly.  All inspections should be written with a copy kept on your organisation’s files. Councils need to consistently demonstrate that open spaces and play areas are safe for use. We strongly recommend weekly visual checks of such facilities are carried out and are recorded in writing as part of the Council’s records.

Visual inspections are vital in order to consistently demonstrate that the site remains fit for purpose, with any fault and/or issue being reported to the clerk with immediacy.

The checks should be recorded in writing and kept on the Council’s records. Reasons for regular recorded inspections include:

  • To help protect members of your community from injury due to faulty play equipment or defective land
  • To assist insurers in defending an injury claim
  • To ensure equipment and areas remain fit for use
  • In addition if trees form part of the Council’s responsibilities we strongly recommend an arborist report is carried out by a suitably qualified person. Any action points arising from the report should be attended to within the recommended timescales. Regular, routine visual checks should also be undertaken, especially after incidences of extreme weather.

During 2019, we saw frequent claims reported for third party injury arising as a result of Council owned equipment/land that had fallen into disrepair or deteriorated over a prolonged period of time. Insurer’s took a consistent approach in these circumstances and accepted liability. This was based solely on the fact that no remedial or planned programme of maintenance could be evidenced. In the event of a claim being paid the Council may see their future premiums increase to reflect this.

For this reason, we recommend that Councils review their assets regularly to ensure that all deteriorating equipment/ land is recorded and a plan is in place to repair and/or manage the equipment/land effectively.


This note is not intended to give legal or financial advice, and, accordingly, it should not be relied upon for such. It should not be regarded as a comprehensive statement of the law and/or market practice in this area. In preparing this note we have relied on information sourced from third parties and we make no claims as to the completeness or accuracy of the information contained herein. It reflects our understanding as at 30.06.2020, but you will recognise that matters concerning COVID-19 are fast changing across the world. You should not act upon information in this bulletin nor determine not to act, without first seeking specific legal and/or specialist advice. Our advice to our clients is as an insurance broker and is provided subject to specific terms and conditions, the terms of which take precedence over any representations in this document. No third party to whom this is passed can rely on it. We and our officers, employees or agents shall not be responsible for any loss whatsoever arising from the recipient’s reliance upon any information we provide herein and exclude liability for the content to fullest extent permitted by law. Should you require advice about your specific insurance arrangements or specific claim circumstances, please get in touch with your usual contact at Came & Company.

Our Partners

Remember that when buying insurance, it is cover and service that count

01483 462860

Blenheim House, 1-2 Bridge Street
Guildford, Surrey GU1 4RY

01483 462860

Blenheim House, 1-2 Bridge Street
Guildford, Surrey GU1 4RY

01483 462860

Blenheim House, 1-2 Bridge Street
Guildford, Surrey GU1 4RY