Resource Centre

We understand the needs and challenges of local councils, so our resource centre features helpful advice and insight from our team. If there’s a feature you’d like us to include please email us at feedback@cameandcompany.co.uk with your suggestions.

Resource Centre

We understand the needs and challenges of local councils, so our resource centre features helpful advice and insight from our team. We’ll be regularly adding new articles – if there’s a feature you’d like us to include please email us at local.councils@cameandcompany.co.uk with your suggestions.

Cyber Security Glossary

This glossary explains some common words and phrases relating to cyber security, based on content originally published by the National Cyber Security Centre – click here for their latest list.

 

Antivirus
Software that is designed to detect, stop and remove viruses and other kinds of malicious software.

Biometric
Authentication using physical characteristics, such as fingerprint or iris scanning.

Botnet
A network of infected devices, connected to the Internet, used to commit co-ordinated cyber attacks without their owners’ knowledge.

Bring your own device (BYOD)
An organisation’s strategy or policy that allows employees to use their own personal devices for work purposes.

Cookie
A file which asks permission to be placed on your computer’s hard drive, and personalises your browsing experience by gathering and retaining information about your website browsing history.

Cloud
Where shared computer and storage resources are accessed as a service (usually online), instead of hosted locally on physical services.

Cyber attack
Malicious attempts to damage, disrupt or gain unauthorised access to computer systems, networks or devices, via cyber means.

Cyber Security
The protection of devices, services and networks and the information on them from theft or damage.

Denial of Service (DoS)
When legitimate users are denied access to computer services (or resources), usually by overloading the service with requests.

Digital footprint
A ‘footprint’ of digital information that a user’s online activity leaves behind.

Easter Egg
Hidden feature built into a computer program by the developer that is added for entertainment or malicious intent.

Encryption
A mathematical function that protects information by making it unreadable by everyone except those with the key to decode it.

End user device
Collective term to describe modern smart phones, laptops and tablets that connect to an organisation’s network.

Firewall
Hardware or software which uses a defined rule set to constrain network traffic to prevent unauthorised access to (or from) a network.

GDPR
General Data Protection Regulations designed to protect personal data (due to be introduced in the UK in May 2018).

Honey pot
A network security feature designed to detect hacking or lure them to a specific location to avoid obtaining genuine data.

Internet of things (IoT)
Refers to the ability of everyday objects (rather than computers and devices) to connect to the Internet. Examples include kettles, fridges and televisions.

Macro
A small program that can automate tasks in applications (such as Microsoft Office) which attackers can use to gain access to (or harm) a system.

Patching
Applying updates to firmware or software to improve security and/or enhance functionality.

Pharming
This is where internet users are directed to a fraudulent website that mimics the appearance of a legitimate one.

Phishing
Untargeted, mass emails sent to many people asking for sensitive information (such as bank details) or encouraging them to visit a fake website.

Ransomware
Malicious software that makes data or systems unusable until the victim makes a payment.

Software as a Service (SaaS)
Describes a business model where consumers access centrally-hosted software applications over the Internet.

Social engineering
Manipulating people into carrying out specific actions, or divulging information, that’s of use to an attacker.

Spear-phishing
A more targeted form of phishing, where the email is designed to look like it’s from a person the recipient knows and/or trusts.

Spyware
Software that installs itself secretly on a computer’s hard drive, and transmits information about a user’s activity.

Trojan
A type of malware or virus disguised as legitimate software, that is used to hack into the victim’s computer.

Two-factor authentication
The use of two different components to verify a user’s claimed identity. Also known as multi-factor authentication.

Vishing
Attempting to obtain personal or financial information from a telephone call, in order to commit fraud or identity theft.

Watering hole attack
Setting up a fake website (or compromising a real one) in order to exploit visiting users.

Whaling
Highly targeted phishing attacks (masquerading as legitimate emails) that are aimed at senior executives.

White-listing
Authorising approved applications for use within organisations in order to protect systems from potentially harmful applications.

Worm
Software that installs itself secretly on a computer’s hard drive, and transmits.

Zero-day
Recently discovered vulnerabilities (or bugs), not yet known to vendors or antivirus companies, that hackers can exploit.

419 scam
Often originating from an email this is an advance fee fraud, where you are asked to help transfer money out of another country. 419 is the section of the Nigerian legal code that relates to the crime.

 

For more information about how we can help you assess and manage the cyber risks your business is exposed to, please get in touch.

Events guide

For events to be insured under the Councils’ insurance policy; the Council, a working party or a sub-committee of the Council must be the sole organiser of the event.

We should be advised of any event with more than 1,000 attendees at any one time and the following is a guide to the information we would require:

  • A full list of activities and who is responsible for them. All Third Parties must have their own Public Liability insurance, for example: catering vans, fair rides, pony rides, bands and stalls that aren’t organised by the Council. All Permits and Licenses must be in place and, if required, the Police and Fire Brigade should be notified.
  • A Risk Assessment should be carried out and documented prior to the event. The location should be suitable for the event.
  • There should be sufficient Marshalls for the number of people attending. Please note the risk assessment of the event will determine the marshalling.
  • A qualified first aider should be in attendance and they must have means to call the Emergency Services.
  • Start and finish time of the event: If the event is for more than one day; how many days, start and finish times, security overnight.
  • Will there be any music? If yes, what type i.e. local band, type of music. If the band is semi-professional/ professional they will need their own Public Liability insurance in place.
  • Will there be any electrics? If yes, how will it be generated i.e. if it is a generator, what is the security on the generator; if it is a plug into mains, will there be circuit breakers in place, will the cables be covered with matting and is there a contingency plan for wet weather.
  • If you need property cover; we will need to know sum insured, security and storage arrangements.
  • Upon referral to Came & Company, stalls run for no financial gain by local people or groups who do not have their own Public Liability insurance in place may be covered under the policy. The Council must take responsibility for the risk assessment and Health & Safety of the stall. The Council should be aware that if a claim occurs then it would be defended under the Council’s policy and this may affect the terms and conditions at the next renewal.
  • If the Council is responsible for a BBQ, then it must be sited in a position where people cannot walk into it, fire- fighting equipment must be in place (sand/water) and the food must be kept chilled until it is cooked.
  • If the Council is organising a Tug-of-War they must ensure that all competitors are wearing suitable clothing and footwear and use the correct type of rope.

For more information, please speak to a member of our team.

Cyber Security Checklist

The following is our top 20 checklist of key cyber security issues you should consider to help limit the risk and impact of a data breach.

  1. Never process a payment or amend existing bank details/frequent payees based on an email request, always follow up an email with a telephone call before making any payments or changing any details.
  2. Hover over the email address or check the nick-name to ensure that the sender is who they claim to be.
  3. Never click on any unsolicited email links that contain attachments such as.zip or .exe files.
  4. Remember – banks and HMRC will never use an email or text message to ask for personal information.
  5. Never click on a link in a text message irrespective of who this has been sent from.
  6. Keep your software, your operating system and your browser fully up-to-date on all devices, especially Smart Phones. Companies continuously add security updates with every software upgrade they release (also called a patch). Installing these patches immediately will help keep you from becoming infected with new strains of malicious software (“malware”).
  7. Always use Multi-Factor Authentication (MFA) to log in to any website or application that you use for banking or investment activity, or that has access to your personal data. MFA is essentially another way—beyond your username and password—to help verify your identity and further safeguard your information.
  8. Run a reputable, anti-virus product on your home PC or laptop and keep this up to date. This will also help prevent your device from becoming infected with malware.
  9. When processing transactions and/or sending correspondence, avoid using public Wi-Fi hotspots – like the ones at coffee shops, airports, hotels, etc. If you do use a public Wi-Fi hotspot, be sure to use a Virtual Private Network (VPN) so that others can’t intercept your communications. As an alternative, stick to the mobile network and create a personal Wi-Fi hotspot with your phone.
  10. Never click on links or open attachments in unsolicited emails or text messages. Doing so may install malware on your device.
  11. Avoid using publicly available charging cords to charge your phone. Publicly available outlets and USB ports are generally fine, but avoid using publicly available cords. These can be used to deliver malware.
  12. Don’t reuse the same username and password across multiple websites and applications. If you reuse the same username and password and a hacker gains access to one of your accounts, he/she may be able to access your other accounts as well.
  13. Create and save bookmarks for the important banking and brokerage websites that you visit often to avoid inadvertently entering your credentials on a fraudulent site.
  14. Consider using a password manager. These apps create unique, complex passwords for you and then store those passwords in a cryptographically sound way.
  15. Only download applications from Google Play™ or the App Store® and never from a third-party app store. Third-party app stores, or apps that pop up and encourage you to download them, are much more likely to contain malware.
  16. Only give applications the permissions they really need. Granting an application access to your photos, location, camera, contacts, etc. makes your data and information available to the application owner.
  17. Limit how much information you share on social media, and lock down the privacy settings on your social media accounts. The information you share online could be exploited to gather information for fraud schemes.
  18. Shred financial documents before discarding them, as these contain valuable information that could be used by fraudsters. You may wish to leverage online statements and paperless options, like eSign, eDelivery, eAuthorizations and Digital Vault, as these include important security features.
  19. Verify that you are using a current and reliable email provider that has basic, built-in security features. Using an older email account that has not incorporated security protections will greatly increase your likelihood of getting malware.
  20. If in doubt – DELETE!

For more information around Cyber please speak to a member of our team

The opinions and views expressed in the above articles are those of the author only and are for guidance purposes only. The authors disclaim any liability for reliance upon those opinions and would encourage readers to rely upon more than one source before making a decision based on the information.

Preventing burst pipes

Protecting buildings in winter

Read our top tips to help protect your buildings from the risks of burst pipes in the winter months.

To help prevent burst pipes:

  • Insulate the pipes in any unheated areas such as outbuildings, sheds etc.
  • Thermostatically-controlled heating systems should be left on permanently and set at a minimum temperature of four degrees centigrade.
    In the event of the building not being used over the winter months, water supplies should be turned off and pipes drained.
    Repair any dripping taps – it is usually just a new washer that is needed.
  • If the heating system fails or makes a loud banging noise, this could indicate that a pipe is freezing. Turn off the system and call a plumber immediately.

If you experience a burst pipe:

  • Turn off the water supply at the main stop valve.
  • Contact an approved plumbing and heating engineer.
  • If your pipes freeze, never use a naked flame to thaw them out.

It can be very easy to forget about the pavilions, changing rooms and buildings that are not used during autumn and winter months. This can make them especially vulnerable to weather damage and vandalism. We recommend that these buildings are checked on a regular (weekly) basis.

For more information, please speak to a member of our team.

 

The opinions and views expressed in the above articles are those of the author only and are for guidance purposes only. The authors disclaim any liability for reliance upon those opinions and would encourage readers to rely upon more than one source before making a decision based on the information.

Ice and snow - advice for local councils

Ice and snow

To minimise risk from ice and snow in the winter months, we recommend that councils should consider the following:

  • A written risk assessment should be carried out and kept on council files.
  • The council should take reasonable care to ensure the safety of the public, employees and volunteers.
  • All employees and volunteers should be made aware that the clearance of snow and ice could be a seven-days-a-week task (including bank holidays), receive adequate training, and wear the appropriate protective clothing.
  • We recommend that the council communicates its plans to the community. This can be via a website, newsletter, noticeboard or published minutes of a meeting. If plans change this should also be communicated effectively.
  • Once a clearance programme is implemented, it should be maintained for the whole period of adverse weather and plans to manage the process communicated.
  • Where a council takes on the responsibility for clearing snow or ice from paths, it should exercise reasonable care in doing so. Care should be taken in deciding
    where to move the snow – making sure entrances, side roads or drains are not blocked. Clear the middle of the path first so that there is a safe surface on which to walk.
  • After the snow and ice has been cleared do not use water as this may cause black ice. Use salt or grit on the treated areas.
  • Also, if the building is to be used over the winter months the council needs to ensure that ‘users’ can enter and leave the building safely which means that if they are not gritting the paths or car park the building should be closed for that period.

For more information, please speak to a member of our team.

 

The opinions and views expressed in the above articles are those of the author only and are for guidance purposes only. The authors disclaim any liability for reliance upon those opinions and would encourage readers to rely upon more than one source before making a decision based on the information.

Flood wardens - local councils

Flood wardens and resilience plans

Flood Wardens

Traditionally, flood wardens have been called upon once a flood warning has been issued. If an evacuation is necessary their responsibility is to ensure a suitable place (e.g. village hall) is available for local residents.

The warden may assist members of the public to the place of safety and remain with them until it is safe for them to return to their homes/businesses. The Council’s Employers’ and Public Liability policy should provide cover for the flood warden scheme and any volunteers they call upon.

Any activity that involves deep or fast-moving water remains the responsibility of the emergency services and/or the resilience team. Concern may arise over flood wardens who could be out in adverse weather conditions monitoring waterways, which means they are walking in potentially wet, uneven or slippery areas.

The Council should ensure this potential hazard is assessed and included in their risk assessment and safety guidelines provided to the flood wardens.

 

Resilience

Due to the varied activities that can be undertaken in providing resilience, normally in extreme weather conditions or events such as power cuts or terrorism , if your Council has or is considering implementing a resilience plan please contact us to ensure your current policy will provide appropriate cover.

For more information, please speak to a member of our team.

 

The opinions and views expressed in the above articles are those of the author only and are for guidance purposes only. The authors disclaim any liability for reliance upon those opinions and would encourage readers to rely upon more than one source before making a decision based on the information.

A message from Came & Company

In accordance with the latest UK government guidelines, all Came & Company colleagues are now working from home until further notice.

Despite not being able to meet with you in person, we are very much open for business and you can reach all our teams by phone, email or social media as we continue our mission to deliver the best service possible for you and all of our clients.

Thank you for your understanding and support as we do our bit to help mitigate the risks associated with COVID-19 in these extraordinary times.

Take care and stay safe from all at Came & Company.

Our Partners

Remember that when buying insurance, it is cover and service that count

01483 462860

local.councils@cameandcompany.co.uk

Blenheim House, 1-2 Bridge Street
Guildford, Surrey GU1 4RY

01483 462860

local.councils@cameandcompany.co.uk

Blenheim House, 1-2 Bridge Street
Guildford, Surrey GU1 4RY

01483 462860

local.councils@cameandcompany.co.uk

Blenheim House, 1-2 Bridge Street
Guildford, Surrey GU1 4RY

Top