Pelland Blog

Keep Your Passwords Secure

November 26th, 2017

If you attended my “10 Steps for Securing Your Digital Identity” seminar at the 2017 Outdoor Hospitality Conference & Expo, you learned that my lead segment involved the importance of keeping your passwords secure. Passwords have been around since ancient times, when the first sentry asked “Who goes there?”, becoming essential for admission to a speakeasy during Prohibition, and playing a vital role in military security during World War II.

When I was growing up in the 1960s, the doors to our house had old mortise locks and keys that gave our family a sense of security. I recall that the logic when the doors were locked at night was to keep the key turned 90 degrees in the keyhole on the inside of the lock, under the presumption that this would prevent a thief from inserting a key into the outside of the lock and gaining entry. Of course, if somebody got locked inside, we knew that it would only take a couple of minutes to jimmy the key out of the lock. When we were away from home, the key came with us, leaving the lock even more vulnerable.

If a key got lost or broken, we simply walked to the neighborhood hardware store (yes, they existed back then!) and bought a skeleton key for 50¢ that would probably open every lock in our house, including the outside entry doors, as well as the locks on most every other house in the neighborhood. It is no wonder that we relied on neighbors to keep an eye on our houses back then. Sadly, many people today do not even know the names of their neighbors.

Nowadays, passwords are almost exclusively associated with computers and Internet security, and a lame password is essentially the equivalent of a skeleton key. Like those families sleeping soundly behind the security of a mortise lock, a majority of computer users think that their passwords are securely protecting their accounts from getting hacked.

Before I go any further, I would like you to test one of your passwords. Go to this URL and enter your password: https://howsecureismypassword.net/. As an example, I just tested “JBDayton62”, which is exactly the type of password that many people use, so falsely confident in its security that they use it on every account that requires a password. According to the test, a computer could crack this 10-digit password in only 8 months; however, anybody who researched the Internet and social media and already knew that John Brown was born in Dayton, Ohio in 1962 could crack this password in no time flat. If a password is convenient to remember, it is easy to crack!

What Constitutes a Secure Password?

Quite simply, for a password to be secure it should consist of a minimum of 16 characters; never contain a word or a combination of words found in the dictionary; never contain the names of family members, friends, pets, sports teams, and the like; and be made up of a random combination of uppercase letters, lowercase letters, numbers, and special characters. You can also often use spaces in passwords, although it is unfortunate that many websites still prevent users from choosing truly secure passwords, by precluding the use of special characters, for example.

The next rule is to always use a unique password for each and every site, and then to change each password on a routine and frequent basis. Apply even stricter standards for sites that provide access to highly secure information, such as your online banking or the IRS’s Electronic Federal Tax Payment System (EFTPS) website. The time to change your old, reused, vulnerable, weak, or compromised passwords is now, not next week or “when you get around to it.”

Before you naively presume that nobody is out there trying to crack your password, consider the fact that password cracking software is readily available online for use by hackers (and occasionally by companies that are on the lookout for weak passwords being used by employees.) Those programs include L0phtCrack, Cain, and John the Ripper … all designed to crack passwords (and sometimes credit card numbers) using brute force, dictionary attacks, rainbow tables, and other means.

How to Create a Secure Password

Never trust yourself to generate your own secure password. Our brains are simply not programmed to think randomly, and any password that makes sense to you is easy to crack. Some people even think that including a foreign-language word in their password will make it secure, perhaps presuming that hackers only reference English language dictionaries (even though English may be far from their native languages.) My recommendation is to use a secure online password generator such as the Secure Password Generator: https://passwordsgenerator.net/

The Secure Password Generator will allow you to choose any length of characters (from 6 to 2,048) and choose the types of characters that will be allowed (or excluded, if a site does not permit certain characters), then generate it on your own computer.

How to Store Your Passwords

Once you generate a highly secure password, keeping it written down on a sheet of paper or in a Word document on your computer is like leaving the keys for Fort Knox at a lost and found counter. You need a way to store and access your passwords safely, relatively easily, and securely. I recommend the use of a password safe. Three of the best are LastPass, Dashlane, and Keeper.

LastPass – https://www.lastpass.com/
Dashlane – https://www.dashlane.com/
Keeper – https://keepersecurity.com/

All three work with Windows, Mac, iOS, and Android operating systems; have plugins for popular browsers; include two-factor authentication; include form-filling; offer fingerprint login on mobile devices; and have free versions.

The idea with a password safe is that you have only one highly secure master password to remember. Thanks to geolocation, if you login to your account from an unfamiliar IP address, the two-factor authentication will kick in, requiring you to confirm your identity before being allowed access. In my own instance, 12 attempts to login to my account over the last 6 months have been thwarted – 3 from Vietnam, 2 from China, 2 from Brazil, and one each from Argentina, Georgia, Ukraine, The Philippines, and the United States (North Carolina). Do not think for a moment that there are not people out there actively trying to hack into your accounts. They are out there and they are everywhere.

Access to our personal data is far too important to be left to chance, and I am hoping that this article might help to open the eyes of a few disbelievers. People who are ahead of the curve when it comes to planning are already taking measures to ensure the longevity of access to their data, even as new biometric methods such as fingerprint and iris recognition are coming into play. According to a survey taken by the University of London and cited in Wikipedia, one in ten people are now including password access or recovery information in their wills. My best advice is to think toward the future, but to start changing your way of thinking today.

This post was written by Peter Pelland

The Equifax Security Breach: Your Response

October 22nd, 2017

Every so often, a truly important news story breaks into the public consciousness through an information overload that seems more and more obsessed with partisan issues, celebrity news coverage, and YouTube videos gone viral. One of these recent stories involved the unfolding cybersecurity breach at Equifax, one of the three American companies that compile the personal information that determines your credit-worthiness, your ability to obtain a loan, and the interest rate that you will pay for that privilege.

Of course, a legitimate question could be asked regarding what gives Equifax, Transunion and Experian the right to gather hyper-sensitive personal and financial information on every American citizen alive today. We have certainly come a long way from the idealized days of George Bailey and the Bedford Falls Building and Loan, when financial decisions were local and finalized with a handshake. In our modern times, it would seem that the minimum responsibility on the part of credit reporting agencies would be to maintain iron-clad security standards to prevent our personal information from falling into the hands of malevolent third parties.

In the recent Equifax incident, the personal security information of 143,000,000 Americans was compromised. According to the Federal Reserve Bank, there are only about 125,000,000 households in the United States. Without question, you were personally impacted. Essentially, the names, addresses, dates of birth, social security numbers and more for virtually every adult citizen in the United States were compromised. In addition, investigations have disclosed that credit card numbers of 209,000 individuals were hacked, along with personal identification numbers (PINs) for another 182,000 consumers.

According to testimony prepared for a House Energy and Commerce Committee hearing, Equifax CEO Richard Smith admitted that the breach was the result of a failure to apply a software update, despite warnings from the Department of Homeland Security, followed a day later by a warning from the company’s own security team. The company’s policy was to apply such patches within 48 hours, but this failed to happen. The patch was designed to repair the vulnerability in the open source Apache Struts software that the company was using in one of its systems. Even following the company’s internal software policies, hackers would have had three days to exploit that vulnerability – a virtual lifetime in the world of hackers. The Apache Software Foundation had issued a patch for the flaw in March, two months before hackers began accessing sensitive information on Equifax’s servers on May 13. Clearly, Equifax had no excuse for its failure to have taken immediate corrective measures.

This all occurred two years after a similar, but smaller, security breach occurred at Experian, compromising “only” 15,000,000 Americans. What did the credit reporting industry learn over that time? Apparently how to wait months before reporting the incident, while providing an opportunity for three top Equifax executives to unload $1.8 million worth of company stock, after the breach was discovered but prior to its announcement. It also forced Smith to resign, albeit with an over $90 million golden parachute, according to Fortune Magazine.

The impacts of the Equifax security breach upon individuals have been well-documented, including advisories to subscribe to free credit monitoring services, change all of your passwords to unique strings of characters that are more difficult to crack, to pay to freeze reports on your credit (only unfreezing the reports in specific instances, such as when applying for a loan), and to join into one or more of the class action lawsuits against the company. As a small business owner, on the other hand, what measures should you take to ensure that you are safeguarding the information of your customers to the best of your ability? There is no question that international cybercriminals tend to pursue the larger and more lucrative targets; however, every business that conducts business online (not necessarily through its website, but through any Internet-based transactional application) is vulnerable and bears a responsibility for protecting its customers.

The Federal Trade Commission offers a series of five areas of recommendation for how businesses should handle their customers’ personal information.

  • The first is an assessment of how your company handles personal information that is gathered from a variety of sources, including credit reports, employment applications, and customer-provided data. How is it delivered to your business, how broadly is it accessed within your company, and how and where is it stored? A particular area of concern is the processing of credit cards. Above all else, cybercriminals are looking for credit card information, social security numbers, and banking information. There is no reason for most businesses to maintain records of that information in any form.
  • Stop gathering information that you do not need. With the exception of very specific matters including employee tax accounting, there is no reason to ever ask for anybody’s social security number. Do not maintain records of credit card numbers. Those should only be gathered through a secure point of sale terminal or via a secure online payment gateway, where you do not actually see the number, its expiration date, or the security code. Never ask people to provide that information via email, and discourage the common practice of taking that information over the phone. Because “we’ve always done things this way” is no longer an excuse.
  • Keep all physical and electronic records secure. Paper records and backup files should be stored in locked rooms or file cabinets, with limited employee access to a limited number of keys. Electronic files should be encrypted and password-protected. Individual computers should be password protected, put into password-protected sleep or screen saver mode when left unattended, and shut down at the end of each business day. Scan the computers on your network for vulnerable open network services. For example, if a computer is not intended to be used for the sending or receipt of email, the ports for those services should be closed on that computer. Every computer should also be running real-time anti-malware and anti-virus software that includes scans of incoming email messages for malicious content that might be disguised as routine file attachments. Never allow an employee who is untrained in basic security precautions to access and open email messages.
    A highly secure password is almost worthless if an employee is allowed to write it down on a Post-It Note, typically attached to his computer monitor. Educate employees (and yourself!) on the importance of password security, use a “password safe” application with a highly secure master password, and lock out users after a limited number of incorrect login attempts on any computer and any online application. Laptops and mobile devices are particularly vulnerable due to their portable nature. They should never be left where they would be even momentarily visible to thieves, and their access to secure information should be carefully limited. Using unsecured Wi-Fi access at airports and other public places is an extremely risky practice.
  • Always maintain proper disposal practices. We have all heard the old adage about one man’s trash being another person’s treasure. That was never as true as it is today. Paper records and disposable electronic media containing sensitive data should never go into the trash. These need to be run through cross-cut shredders or incinerated. When disposing of old computers and storage devices, all data must first be removed with a data wiping utility. Simply deleting files leaves them recoverable by a thief. Did you realize that your office copier or fax machine contains a hard drive that stores its data? That data probably includes copies of your tax returns, and that data also needs to be wiped prior to the disposal of any such device.
  • Finally, maintain a response plan in the event of a security breach. If a computer is compromised, immediately disconnect it from Internet access, remove it from your network, and then shut it down. Bring in an expert to identify and correct the vulnerability and assess any threats to personal information. If there have been compromises, immediately notify your customers and anyone else who may have been impacted by the breach of security. Do not repeat the Equifax mistake of hiding disclosure for months.

This is a brief summary of what occurred in the recent Equifax security breach, how you should react to that breach, and some of the measures that you should implement to tighten the security standards at your own business. If you would like to learn more, be sure to attend the “10 Steps for Securing Your Digital Identity” seminar that I will be presenting at the Outdoor Hospitality Conference & Expo, in Raleigh, on November 8, 2017.

This post was written by Peter Pelland

A Fresh Look at Pets and Rentals

September 6th, 2017

There is no question that Americans love their pets. In most instances, they would not think of taking a road trip or weekend vacation where their furry “family members” were left behind. Most campground owners have capitalized nicely upon this trend, making their parks more pet-friendly than ever. Campground dog parks have become very popular (in many instances with two parks, one for smaller and one for larger breeds), waste stations and litter bags are commonplace, and many parks are installing dog-wash stations. Entire businesses, such as Dogipot, have been built around the combination of pets and parks, while other suppliers have added pet-related items to their product lines.

According to the American Pet Products Association, U.S. pet owners spent over $66 billion on their pets in 2016, with those same expenditures expected to approach $70 billion in 2017. Not only do they want to take their pets with them just about everywhere, they are not hesitant to pay for that privilege. Campgrounds, resorts, bed and breakfasts, and even luxury hotels are attempting to find ways to increase their share of this lucrative market.

With luxury hotels embracing the demands of the market, most campgrounds remain somewhat more cautious and hesitant to allow pets in their cabins, cottages, yurts, park models, and other rental units. Just this past week, one of my campground clients asked for my thoughts on whether or not she should allow pets in her new glamping tents and, if so, she was wondering about a waiver and how to handle security deposits. I suggested that she touch bases with her insurance provider, but it became clear to me that some guidelines might be needed.

One of the first things to bear in mind is that it is important that you avoid alienating guests who do not own pets in your efforts to reach out to pet owners. When I booked a reservation for several nights at a luxury hotel in Colorado ski country this past winter, the property’s website indicated that it was pet-friendly and included a prominent photo of a St. Bernard lying on the bed in a guest room. I almost booked my stay elsewhere, prior to being assured that I would be staying in a pet-free room.

Back to my client with the new glamping tents, how can a park owner make these decisions in a deliberate and informed manner? First of all, decide whether potential damage is a risk that you are willing to incur, keeping in mind that those instances are likely to be fairly infrequent. In those instances where damage might occur, both the repair costs and the lost revenue during the time of the repair must both be taken into consideration. What if a unit has been reserved by a subsequent guest during the repair timeframe? What if that unit is unique or it is a time of year when a suitable substitute is unavailable? It is probably due to questions like these that most parks tend to limit their pet-friendly accommodations to older units or rentals that would not otherwise realize full occupancy.

According to the Irons Family, owners of Ole Mink Farm in Maryland, a park with a long history offering pet-friendly accommodations, “For several years, guests at Ole Mink Farm Recreation Resort had been requesting Pet-Friendly lodging, and with some hesitation, we began accepting ‘fur babies’ in 2002. Initially, we allowed pets in our basic cabins, but as demand increased, we slowly included a few luxury cabins as well; choosing ones with wood or tile floors to allow for easier clean up due to shedding and potential accidents. Pets are required to be on leash, and we charge a nightly pet fee as well as a refundable security deposit to cover any damage that may occur; however, our experience has been largely positive! Becoming pet friendly has increased revenue for our cabins and increased our target guests with minimal overhead and upkeep.”

One way or another, you must be covered against even the remote potentiality of losses due to damage. Usually these risks are covered by either deposits or fees that are outlined in a signed agreement. Have your attorney check to see if your state allows you to collect pet deposits or fees, whether or not there is a limitation on those fees, and whether or not you are allowed to restrict animals according to breed or size. Keep in mind that you will NEVER be allowed to apply any charges to designated service or companion animals. This latter issue is an entirely separate problem. My Google search for “how to make your pet a companion animal” just returned 17,600,000 results, including explanations of how any pet can be fraudulently designated as a service dog for a $50.00 fee.

Subject to any limitations in your state, a “pet fee” is simply an added charge for a pet. Similar to charging fees for extra persons or visitors, these pet fees may be higher for rental units than for conventional campsites. Such fees do not cover damages, and the fees are not refundable. You might think of them as a type of self-insurance. On the other hand, a “pet deposit” must be refunded upon inspection and confirmation that no damage has occurred. If damage is found, you will be responsible for providing an itemization that will justify keeping all of part of the deposit. Since it might be impractical to perform immediate and thorough inspections at the time of check-out, your agreement should outline the timeframe and manner for return of the deposit. Also keep in mind when setting your deposit that it will be very difficult to collect damages that exceed the amount of the deposit itself. Unless you are prohibited from doing so by your state laws, there is no reason why you cannot collect BOTH a non-refundable pet fee and a refundable pet deposit.

Whatever you charge, a signed agreement between your park and the pet owner(s) is essential. At minimum, that agreement will:

  • Clearly identify the pet(s) that are covered by the agreement.
  • Clearly – and in great detail – list your applicable rules and regulations. (Just because a fee has been paid does NOT mean that an animal cannot be evicted for just cause.)
  • Clearly outline the liability for damages. These will include damage to your property, damage to the property of other guests, personal injuries, and the costs of cleaning and repairs both inside and outside of the rental unit.
  • A clearly delineated outline of the associated fees.

A series of pet agreements, some of which are designed for landlords and tenants but easily modified for campgrounds and related properties, may be downloaded on the Sample Forms website. I would suggest finding one of these that appears to be a good fit for your business, customizing it to your specific needs, and then doing your best to capitalize upon this growing market.

This post was written by Peter Pelland

The Family Farm, Reinvented

August 3rd, 2017

Years ago, farming was a much less complicated way to earn a living. Concepts like agribusiness, patented GMO seeds with resistance to herbicides, and acres planted in soybeans and inedible corn were futuristic nightmare scenarios. With the exception of tropical fruits such as bananas and pineapples, most of our food was locally grown, field ripened, and harvested in season. As economies of scale, shifting consumer preferences, and the influences of the chemical, pharmaceutical, and transportation industries came into play, more and more small farms turned fallow or were parceled off to real estate developers. It had become a pretty depressing time for family farming.

More recently, times have changed, thanks to a further evolution in consumer preferences and some innovative thinking on the part of a new generation of farmers. Gone are the days when farmers could literally put all of their eggs in one basket. When those eggs would otherwise cost more to produce than the price that they command in the marketplace, there is a significant market for people who are willing to pay a premium for colorful eggs that come from free-range hens that are raised without cages, antibiotics, or GMO-based feeds. If they are purchased in a farm share, farmers’ market, or at a farm stand, consumers are often willing to pay even more because they feel good about the farm-to-plate concept. Most importantly, if that farmer has more than eggs to offer, sales and profits will multiply. The secret ingredient has become creative diversification.

Expand the Experience

Farming today is about much more than crops, livestock and harvests. Particularly for a business that is subject to the vagaries of the weather, it is mission-critical to have more than a single product. Just think of the long list of words that can make a farmer shudder in fear: drought, flooding, hail, frost, disease, insect pests … the list goes on. Other types of businesses long ago caught on to the concept of diversifying the experience that they offer. In the beginning, cruise ships simply provided a means of trans-oceanic transportation, ski resorts had a brief winter season, and concerts and festivals were nothing more than music venues. Even movie theaters, which were once decimated by the advent of television (which has since been devastated by the Internet and live content streaming), are reinventing themselves with luxury seating and food and drink selections that are served by an on-demand wait staff.

Reinvented business concepts share one thing in common: They increase income and profits by getting consumers to stay longer, return more frequently, and buy more. There are few things that consumers today value more highly than their leisure time. We have even invented new terms like “quality time.” According to the Collins Dictionary, this term did not exist prior to 1985 but is now one of the 30,000 most commonly used phrases in the English language, with equivalents in French, German, Spanish, Portuguese, Italian, Chinese, Japanese and Korean. The importance and value of quality time should not be underestimated.

Back on the Farm

That expanded, quality time experience can take many forms on a small farm operation. Anything that can turn a farm visit into an “event” will work, while a multitude of events can turn a farm into a destination. The possibilities are nearly endless and include:

  • Pick-your-own – from berries to tree fruits, your customers will pay you to bring in part of your harvest.
  • Petting zoos – ever-popular with toddlers (and their grandparents), you can even sell small bags of feed.
  • Prepared food concessions – from bakeries to restaurants to ice cream stands, people will pay a premium for freshly-prepared foods with natural ingredients.
  • Hayrides and walking trails – give visitors a chance to get to know your property better, perhaps learning of crops that they did not know you produced.
  • Music events – a singer-songwriter or acoustic duo will extend the stay of your guests throughout their sets of music, especially if you have outdoor seating with a view or an indoor seating (and dining) space.
  • Off-season offerings – from Christmas trees and accessories (where tag-your-own or cut-your-own become variations of the pick-your-own concept) to maple sugaring to scarecrow making, corn mazes and pumpkin decorating, there are a variety of ways to extend your season.
  • Breweries and wineries – expanding like wildfire, craft breweries and small wineries have the potential to draw tremendous crowds, especially when combined with other on-location activities.
  • Wedding receptions – sometimes a unique location with a terrific view can be in high demand.
  • Farm stays – if you have guest rooms available, this is another way to expand your income, whether simply a bed & breakfast (with fresh-from-the-farm products for breakfast, of course) or a work and stay opportunity. Over the years, my wife and I have enjoyed stays everywhere from an orange grove in California to a winery and vineyard in Tuscany.

Regardless of which of these options – or others – that your farm chooses to pursue, there are a few basics that will make your endeavor more consumer-friendly and successful.

Successful Marketing Basics

First of all, stop thinking that you are competing against other nearby farm operations. Your competition for consumers’ attention will now be major events and attractions, and your reach will extend far beyond the home base of your farm stand customers, most of whom are drivers who stop on impulse. If you are planning one or more events, choose your dates far in advance, allowing time for promotion and avoiding conflicts with other, more established events. Then promote your events as extensively as possible, most heavily in the 7 to 10 days beforehand.

Here are a few additional tips:

  1. Negotiate trades with local media, particularly newspapers with weekly event schedules and local TV and radio stations. Ask a local TV station to cover your event. They are often eager to cover a local human interest story, particularly on a weekend, which is an otherwise slow news period.
  2. Avoid the temptation to save money by doing it yourself. It seems that every farm family has a relative who attended art school, but leave your website and print advertising to professionals who can provide a cohesive branding.
  3. Maximize your use of social media. Promote your event on a Facebook page that is dedicated to your business. Respond to questions and reviews, and don’t neglect other social media apps.
  4. Always give something away for free. Whether a free petting zoo (again, you can sell the feed!), free parking (of course!), free hayrides, or free samples, “free” is an incentive to attend and an incentive to stay longer and spend more.
  5. Accept credit cards. There is never a rational excuse for limiting the amount of money that visitors can spend to whatever cash may be on hand in their wallets.
  6. Use every event as an opportunity to promote subsequent events. Have a calendar or other handout so that people can “save the date” and return to the venue that they are enjoying today.
  7. Partner with other businesses in the area that are marketing to the same clientele. A “tour” of businesses along a 20 or 25 mile stretch of highway helps to extend your efforts into an all-day destination event. Develop incentives for visitors to one participant to stop at the other businesses as well.
  8. Capitalize upon signage. It worked for Burma Shave and it works for Wall Drug. For a one-day event, post signs along the route to encourage travelers (who may have been otherwise unaware of your event) to stop by. Be sure to incorporate the word “free”.
  9. Have plenty of parking, along with ushers to flag drivers into available spaces.
  10. Make your event photo-friendly, encouraging guests to share photos on the social media, and be sure to take plenty of your own photos to promote the “second annual” event next year.

This post was written by Peter Pelland

Free Websites vs. Free Websites

June 28th, 2017

No, that is not a typo in the title, but it did catch your attention, didn’t it? In the campground industry, most park owners choose a website design and hosting services provider with a track record and industry presence. Others choose to affiliate with a franchise, where they can benefit from corporate branding and marketing expertise that has been proven effective. Yet others choose to go it alone, taking the D-I-Y route with so-called “free websites” from companies like Wix, Weebly, Homestead, and Vistaprint.

Sometimes the do-it-yourself people are simply “hands on” business owners who feel uncomfortable with delegating responsibility. I often wonder if they also build the washers and dryers in their laundry, make the ice cream that is sold in their store, and provide each weekend’s entertainment, performing as a one-man-band every Saturday night. Other folks seem to resentfully think that professional services are overpriced, failing to acknowledge the legitimate costs and years of education, training and experience that are the foundations of those services. Finally, there are park owners who truly cannot afford to hire outside services for something that they would admittedly prefer not to do themselves.

This post is intended for the people in that last category, park owners who recognize that they need assistance in marketing their parks but believe that help is out of reach.

One of my company’s clients, based in New Hampshire, had wanted to replace the old website that we had built for them back in 2009, but a new mobile-friendly site was just not in their budget regardless of how creatively they juggled their finances. That changed about a month ago, when they received funding through a Micro Enterprise Community Development Block Grant that paid for most of the project. Funds were awarded by the New Hampshire Community Development Finance Authority to Grafton County, which then sub-awarded funds to the Northern Community Investment Corporation. Yes, it can be a complex process! The new website is already live, generating positive customer reviews and new business for our client’s park. Your park might also qualify as a beneficiary from this type of funding.

In our client’s instance, they were located adjacent to what has been identified as a REAP Zone. That acronym stands for Rural Economic Area Partnership Program, an area that the United States Department of Agriculture has identified as facing economic and community development issues. Many, if not most, campgrounds are located in rural areas. By definition, many of these locations are geographically isolated and face population loss and economic distress often due to declines in agriculture. According to the USDA, the REAP Initiative was intended to address such issues as stagnant or declining employment, constraints in economic activity and growth, and disconnection from markets, information and finance. Pilot zones were designated in parts of North Dakota, upstate New York, and the Northeast Kingdom of Vermont (which can also benefit parts of New Hampshire.) Despite the current political climate, agencies continue to develop similar programs for other disadvantaged regions across the country, including the more recent Promise Zone Initiative.

The key to qualification for the CBDG Micro Program is generally to be located in an economically challenged area, to have a number of employees within a specified range, and for your household to fall within specified income requirements. Not every small business qualifies, but many might be surprised to find that they do. With goals that include the expansion of employment opportunities, a variety of projects that help to strengthen or grow a business might be funded, including marketing assistance and even social media training.

To determine if grants are available in your area, you will need to do a bit of research, with the understanding that small businesses do not directly apply for such funding. You must identify the local non-profit economic development agency that will apply for funding on behalf of the local businesses in your area. Start by performing an online search for “(name of your county and state) economic development agencies” or “(name of your county and state) small business development center”. Then call that agency to find someone who will assist you in determining what programs might be available in your local area at this particular time. Depending upon the organization that will be administering the program, you may be required to complete a brief application form to determine eligibility, with the agency assisting you every step of the way, approving an outside vendor, and authorizing the commencement of work.

In addition to Community Development Block Grant resources, you may also contact the Cooperative Extension Service office at your local land grant college or university or even ask your local banker to put you in touch with an organization that can provide the financial assistance that you need. Without taking the initiative, you will have no idea what resources might be available, and there are literally staff members who are waiting to be of assistance in helping you to grow your business. To paraphrase a famous newspaper editorial, “Yes, Virginia, there is a free website.”

This post was written by Peter Pelland

There Is a Test for That!

June 14th, 2017

Here in my home state of Massachusetts, a problem in recent years involved elementary schools (already considered to be among the best in the country) that were concentrating too much effort on teaching students to pass the Massachusetts Comprehensive Assessment Test, commonly known as MCAS. More recently replaced by newer testing that is in line with the national Common Core Standards that have been adopted by most states, the problem with MCAS was that teachers had to devote far too much classroom time teaching students to score highly on tests rather than actually learning. I am not a teacher, but is seems to me that it is more important for students to learn effectively than to be taught to pass tests with the highest possible scores.

A similar issue takes place when companies that market their website services run bot-based tests that present audits of potential website errors, warnings and load speeds. There is no question that it is important to have a site that renders properly and loads quickly across a full range of browsers and devices; however, all speed tests have their limitations. To run an automated test that purports to present the final word on the quality of a website and the experience that it offers to visitors is a flawed concept at best and a competitive potshot at worst.

No bot can effectively measure the quality of the end-user experience because that is an inherently subjective process. There is a tradeoff between a site that is visually exciting and a site that loads instantly, and many of the “errors” that bots identify account for mere milliseconds in the scope of initial overall page load times. A site that consists of nothing but text will usually run a perfect score, but how many reservations do you think such a site might generate for a campground or outdoor resort? My advice is to avoid falling for the bait, particularly when it is offered by companies that fall short themselves when it comes to overall quality and integrity of design – factors that directly influence human-based decisions rather than bot-based tests.

Let me offer an analogy that relates to the family camping industry. Many parks have begun offering one of the many “wine and paint” sessions that have become popular in recent years. They all follow a similar formula, where an artist whose career has never caught fire leads a session where attendees drink just enough wine to encourage their creativity but not so much wine that they can’t find the end of the paintbrush with the bristles. The idea is for everybody to copy the painting that the session leader paints. The order of the day is uniformity, a lack of originality, and the building of self-esteem. If Pablo Picasso was still alive and attended one of these sessions, his work would be the laugh of the evening.

When it comes to websites, the single most important consideration is whether or not a site is mobile-friendly. A site that is not optimized for display on mobile devices – particularly smartphones – presents an impediment to the end-user experience. What is most important is how long it takes before a user is able to read and navigate your site. Whether some images might take a few seconds to load is not an impediment to that experience.

If you are wondering whether your website is up to par, ask for a human, personalized evaluation of its strengths and weaknesses. That will take some time and effort to prepare, but it will offer results that are based upon the actual experiences of human end-users, not the bots that will never contact you to make a reservation for Site 127 for the second week of August.

Times change, along with the ways that websites are viewed and the algorithms that determine how they are ranked in search results. The one thing that is consistent is the importance of working with a knowledgeable and reliable company with a trusted track record to stay on top of things and to represent the best interests of your company.

This post was written by Peter Pelland

Browser Wars: Why You Should Care

May 29th, 2017

Browser-Logos

It is human nature that we all tend to resist change. From brand loyalty to daily routines, we tend to be pretty predictable as individuals. When it comes to the browsers that we use to surf the Internet, we tend to be quite settled in our ways, with very few of us whimsically switching from Safari to Edge to Opera. Part of the reason has to do with the way we each like to stay within our own comfort zone, and another part of the reason involves convenience. Switching to a new browser can be a somewhat daunting task, with bookmarks, history, remembered passwords and other settings to be either imported or rebuilt.

In my own instance, I had been loyal to the Firefox browser for several years now, ever since Internet Explorer’s difficulties pushed me over the edge. More recently, I had been reluctantly tolerating the fact that Firefox was either locking up or crashing on my relatively new Windows 10 computer for several weeks. It got to the point where its misbehavior became predictable, with a day when Firefox did not crash being about as rare as a three dollar bill. I continued to wait for the next Firefox update to resolve my problem – after all, I had auto-submitted probably 100 error reports to Mozilla over this time – but to no avail. When it locked up, I would often check Windows 10 Task Manager, and I would find that Firefox was using 15% of my CPU capacity and taking up way too much memory.

Enough was enough. I decided that I had run out of patience, and it was time to leave Firefox behind as my default browser. Although most of us are familiar with only a handful of options, there is actually quite a collection of available options. I was gravitating toward Vivaldi, but neither the LastPass password manager nor the Disconnect ad blocker that I rely upon support the Vivaldi browser. Based upon plug-in support, I decided to move to Chrome, and I am seeing a remarkable improvement in the speed of my browsing experience, with Chrome using about 0.1% of CPU capacity and barely more than 0.001% of my system’s RAM.

For a variety of reasons, it is difficult to compile really accurate statistics regarding browser usage, even in only the United States, let alone globally. If you check your own website’s statistics in Google Analytics, you will notice that a very high percentage will be identified as “unknown”. Probably the most reliable data is presented by Net Market Share, where it is clear that on desktop computers and tablets, Chrome is the leader of the pack and gaining ground, Internet Explorer is rapidly losing market share (with few users embracing Microsoft Edge as its replacement), and Firefox, Safari, and everything else is pretty much just holding its own with far lower percentages of users. These trends are also tracked in the ongoing browser statistics compiled by W3Schools.com.

Of course, smartphones are accounting for an ever-greater share of Web browsing, and they present an entirely different set of statistics, where most users tend not to switch away from the default Android or iOS browser that comes installed on their devices.

You may be wondering why this might be important to you. First of all, go ahead and embrace change in your own browsing habits. Almost incomprehensibly, the (fortunately dwindling) numbers of Internet Explorer users include people who are still using IE10, IE9, IE8, and even older versions, seemingly oblivious to the fact that IE 11 was replaced by Microsoft Edge, where the current version at the time of this writing is Edge15. Running older versions of browser software represents a severe security risk, particularly when that browser is no longer supported by its developer (Microsoft, in the instance of Internet Explorer.) There is a big difference between being loyally running the latest version of Safari on your Mac and blindly running Internet Explorer 8 because it came installed on your old Windows 7 computer.

From a business perspective, it is important that you (or your webmaster) check how your website renders and performs on all browsers, operating systems, and devices that are commonly in use today. Some sites look fine on some browsers but less than perfect on others, whereas many older sites are essentially useless on mobile devices.

Not that long ago, I checked the new website of a campground using the Firefox browser that was still my default at the time. The site, which looked very nice with its embedded YouTube video, embedded widgets and more WordPress plug-ins than you could shake a stick at, would barely load in Firefox and who knows how it works in all those versions of Internet Explorer that people are still using. (Yes, it works much better in Chrome!) Well, according to Net Market Share, Firefox holds 11.79% of the current market share, Internet Explorer’s various versions still occupy 18.95% of market share, and I do not know of a single campground that can afford to risk driving away over 30% of its potential customers.

Going back to that content-heavy website, another very interesting and eye-opening test measures the actual cost of viewing a site on a mobile device using the most popular mobile service providers in various countries (those providers being Verizon and AT&T in the United States.) Calculating the best case scenario using the least expensive data plans, the actual cost of visiting that website is $0.86 in the United States and a whopping $1.65 in Canada (based upon U.S. dollars.) If your potential guest is on a limited data usage plan, a site like this with 9MB of total loaded content is not making a favorable first impression. Chances are those people are not going to wait for the site to load and run up their bills. To run a test of your site, visit What Does My Site Cost?

Are you in the mood for another test? Although any website (unless it uses Flash) will render on a mobile device, it may or may not present optimized content on either Android devices or iPhones. To test your site’s appearance on mobile devices, use the Google Mobile-Friendly Test, where the results might present a rude awakening of how your site appears to perhaps 50% or more of its visitors (many of whom will then abandon your site even faster than they found it!)

As you can see, choices in Web browsers can have far greater implications than first meet the eye. Although Firefox is no longer my default browser, it is still running on my computer for testing purposes, along with Safari, Edge, Opera and, of course, Chrome. If your site’s testing is not up to par, particularly in terms of its overall mobile-friendliness, it may be time to consider its overall cost to your park in potentially lost business.

This post was written by Peter Pelland

It’s Never Too Late to Start Guarding Your Privacy

May 10th, 2017

I logged onto Facebook this morning, and I was immediately presented with a sponsored display ad hawking a t-shirt design that read, “Never underestimate an Old Man who listens to Neil Young and was born in September.” If I was naïve, I would see that ad and think, “Wow! This is my perfect t-shirt”, then order one. In the short time in which this ad has been displayed, it has been “liked” by 480 people, shared by 182 people (multiplying its reach at no charge to the advertiser), and has received 61 comments. Every one of those comments is from a man who confirms that he was born in September (usually adding a year from the 1950’s or 1960’s) and wants one of the shirts.


Man-NeilYoung-September-FacebookAd

Is the fact that I was shown this advertising a coincidence? No way! It is custom-tailored to my identity. If I went to the order page and modified the URL, I could display any of a number of t-shirt designs based upon:

  • The name of the performer.
  • The birth month.
  • Whether I was a man or a woman.

Here is an example:

Woman-Bob-Dylan-August-FacebookAd

To make the ad even more effective, the ordering page includes a countdown clock to create a false sense of urgency:

Ordering-Urgency-FacebookAd

Depending upon how you view it, being presented these ads is either a brilliant use of Facebook’s marketing potential or an egregious violation of the personal privacy of Facebook users. In this case, I was being shown advertising that was based upon the disclosure of my gender, age, month of birth, and taste in music … all information that I had either voluntarily or unwittingly published on Facebook for either my friends or the world to see.

Yesterday, I was presented with another variation of the ad, based upon the fact that I drive a Jaguar … another fact that I had disclosed on Facebook. Now, I can also order a coffee mug! I am sure that I could modify the URL on the ordering page to change the design to show the name and logo of just about any car company. (On a side note, I have to wonder if these performers and companies are being paid royalties by the t-shirt company for use of their trademarks.)

Man-Jaguar-September-FacebookAd

You may think that this is all innocent, fun, and the price we pay for the otherwise free use of social media apps like Facebook, but there is more involved. I don’t know how many times I have seen friends on Facebook post a complete set of answers to 50 personal questions such as the name of their elementary school, their first phone number, name of their eldest sibling, and so forth. Whenever I see this being treated as a harmless and fun exercise, I cannot help but ask myself, “Are you insane?” If any of these questions and answers seems familiar, it is because they are among the same ones that are used as security tests on your online banking or an e-commerce site when you reset a password. Yes, the name of your first pet can lead to the theft of your identity!

You may have seen the recent news about the “Google Docs” phishing scam that proliferated in e-mails on May 4, 2017, said to be the most effective e-mail worm since the “I Love You” virus that caused havoc back in 2000. The scam was effective because it looked legitimate (it is so easy to copy the appearance of a legitimate website!), came from somebody you knew (rather than some random name chosen by a hacker in Belarus), and was spread through the type of shared online document that we have come to accept as routine. Even cautious recipients who would never open an e-mail attachment from a stranger thought that it was safe to download the same sort of document that appeared to have been shared via a cloud service by a known sender. All of these scams, whether relatively harmless or downright nefarious, play upon the human willingness to trust those with access to our personal information.

At the moment, leading into Mother’s Day 2017, there are several gift card scams that are proliferating on Facebook almost faster than they can be identified and taken down. One purports to offer a $50.00 coupon for use at Lowe’s home improvement stores in exchange for taking a short survey, in which you will be disclosing a wealth of personal information. Another purports to offer a $75.00 coupon to Bed Bath & Beyond, the same sort of scam that attempts to gather your personal information for exploitation later.

As I have said in the title of this article, it is never too late to start guarding your privacy. In fact, today is the best day to begin!

This post was written by Peter Pelland

Promote Your Local Cultural and Heritage Tourism

March 7th, 2017

Most people are unfamiliar with the term “heritage tourism,” even though many have already personally engaged with this, the single highest growth segment of the overall tourism industry. Often based upon archeological, cultural or religious sites, heritage tourism is far from limited to world class destinations like Machu Picchu, in Peru or the Vatican, in Rome. Despite our more recent history in the United States, the National Trust for Historic Preservation has defined cultural tourism as the exploration of cultural, historic and natural resources through a process of “traveling to experience the places, artifacts and activities that authentically represent the stories and people of the past.”

Cultural and heritage tourism is so important that a Position Paper on Cultural & Heritage Tourism was developed by the U.S. Department of Commerce and the President’s Committee on the Arts and the Humanities for the 2005 U.S. Cultural & Heritage Tourism Summit. The conclusion was that “America’s rich heritage and  culture,  rooted in our history, our creativity and our diverse population, provides visitors to our communities with a wide variety of cultural opportunities, including museums, historic sites, dance, music, theater, book and other festivals, historic buildings, arts and crafts fairs, neighborhoods, and landscapes.”

According to the report, cultural and heritage tourists spend more, and represent a significant international component (where the top 5 markets at the time were the United Kingdom, Japan, Germany, France and Australia) of guests who stay longer than others, in their quest for uniquely American experiences. The report also outlined how “Every place in America — rural area, small town, Native American reservation, urban neighborhood and suburban center — has distinctive cultural and heritage assets that can potentially attract visitors and their spending.”

The report continued, “Communities throughout the U.S. have developed successful programs linking the arts, humanities, history and tourism. Cultural and heritage organizations — such as museums, performing arts organizations, festivals, humanities, and historic preservation groups — have formed partnerships with tour operators, state travel offices, convention and visitors bureaus (CVBs), hotels, and air carriers to create initiatives that serve as models for similar efforts across the U.S.” It is time to take the initiative to add campgrounds to this list!

We often tend to be unaware of the historical treasures in our own backyards. For example, I was born and raised in metropolitan Springfield, Massachusetts; however, it was probably not until I was in my forties that I visited the Springfield Armory National Historic Site, when we had guests coming to visit from another region of the country. Founded as “The Arsenal at Springfield” under orders of George Washington, the Springfield Armory became famous for its innovative manufacturing techniques, the use of interchangeable components that simplified maintenance and repairs in the battlefield, and the development of the M1903 Springfield and the M1 Garand rifles that were manufactured in tremendous numbers and saw decades of legendary service. Now under the jurisdiction of the National Park Service, a visit to the Springfield Armory National Historic Site (more locally, still referred to as the Springfield Armory Museum) is an essential stop for anyone with an interest in American history in general or its manufacturing or military components. This is the essence of local heritage tourism and its ability to draw in vast numbers of visitors from near and far alike.

According to an article published in the Springfield Republican newspaper on July 28, 2014, the Springfield Armory National Historic Site hosted 17,783 visitors, comprised of both individuals and groups, in 2013. Admission to the park is free, but these visitors directly contributed $980,200.00 to the local economy, on a per capita basis outspending visitors to any other National Park in the northeastern United States, including the Statue of Liberty and the Liberty Bell. Some of that spending should have gone to campgrounds in the local area, and it should certainly be a goal for local RV parks to promote this type of heritage destination. The things to do in the local area form the essence of why many people will choose to stay – or extend their stays – at the local campgrounds that make an effort to capitalize upon their proximity. Some of the major attractions in the Springfield area are Six Flags New England (open about half the year) and The Big E (open for 17 days in September.) The Springfield Armory National Historic Site is open 7 days a week from Memorial Day through October 31st, then 5 days a week throughout the rest of the year.

Continuing with heritage tourism in the City of Springfield, Massachusetts as my example, a visit to the Springfield Armory National Historic Site goes hand-in-hand with a visit to the relatively new Museum of Springfield History, located in the Quadrangle museum complex about a mile down the road. This museum offers superb collections and exhibitions that highlight the city’s important role in the American industrial revolution. In its Automobile Gallery alone, transportation buffs will see examples of vehicles built by Stevens-Duryea (locally argued to be the first automobile built in America), Knox, Atlas, and Rolls-Royce of America – which built nearly 3,000 luxury vehicles in Springfield between the years of 1920 and 1931, when this only manufacturing facility outside of England fell victim to the Great Depression. The fact that the site of the Rolls-Royce manufacturing plant was demolished in 2011 makes the preservation of what remains all that much more important.

In other wings of the museum, visitors will marvel at over two dozen rare Indian Motocycles, built in Springfield from 1901 to 1953, and the largest collection of Smith & Wesson firearms (still in Springfield and now employing 1,200 workers) anywhere in the world. Other displays showcase Milton Bradley Company board games, Granville Brothers aircraft, and dozens of small manufacturers who once called Springfield home.

What I have described here is precisely what the Position Paper on Cultural & Heritage Tourism explained in the following words, “Linking similar assets together as a linear ‘strings of pearls’ allows consumers to travel by motivation and interests — such as military history, ethnic settlements, music, commerce and industry, architecture or landscapes — to expand opportunities for these visitors to stay longer and spend more.”

I have concentrated on only one component (manufacturing) within one city (Springfield) in Western Massachusetts. Wherever your park is located, there is an equally fascinating history that is waiting to be discovered by heritage tourism enthusiasts from around the country and around the world. The first step is for you to become aware of what is in your backyard, then to actively promote those unique resources to your guests. Consider arranging possibilities such as field trips, discount admission passes, and special presentations at your park.

In order for your business to grow and prosper, it is important to continually add to its customer base. Look toward the old to find a new component of business in local cultural and heritage tourism.

This post was written by Peter Pelland

Passwords: First Line of Defense against Identity Theft

February 14th, 2017

Passwords have come a long way since the days of Prohibition, when a knock on the door of a speakeasy required the necessary password for entry and the consumption of illegal liquor. Today, we use passwords and personal identification numbers for just about everything online, in an effort to protect the privacy of our personal information.

Identity theft has grown rampant, proliferating at a time when almost every personal or business transaction passes through one or more computer network. According to the Federal Trade Commission’s latest annual report (covering the 2015 calendar year, with the 2016 report due out in February 2017), there were 480,000 identity theft complaints filed during that time period. Of these, 45% involved tax- or wage-related fraud, 16% involved credit card fraud, 10% involved phone or utilities fraud, 6% involved bank fraud, and 4% involved loan fraud.

One recent report surmised that 15 million Americans have become the victims of identity theft in 2016. That means that 7% of all adults have been victimized in this year alone, with an approximate per-instance loss of $3,500.00. On average, these people spend an additional $500.00 and 30 hours of time trying to recover their identities and make their private information less vulnerable.

Start with Your E-Mail Passwords

My company provides e-mail hosting services through Google and Rackspace for our website hosting clients, and it is rare for a few days to pass without being contacted by a client who has purchased a new computer or mobile device but has misplaced an e-mail account password. For obvious reasons, we do not store those passwords, and we strongly advise our clients to keep records of their passwords in a secure location. Our only option is to assist with changing the lost password, which will then require that passwords be updated on any other actively used devices.

When setting up those e-mail accounts (or updating a password), clients are often annoyed that we will not agree to use a weak password like 123456, abc123, password, passw0rd, qwerty, steelers, yankees, football, baseball, camaro or firebird. (Yes, those are actual passwords that consistently show up on compiled lists of weak passwords.) In fact, Google’s Gmail will not allow an admin to use a password that is made up of fewer than 8 characters (although there are no further password security requirements beyond this minimum length.)

Some people make an attempt at generating a secure password that they can still remember. For example, they might concoct “AIwfCim2ft” from “All I want for Christmas is my 2 front teeth.” The rule of thumb is to use something that is both easy to remember and difficult to guess. This is definitely a step in the right direction, but something totally random that also uses special characters and spaces would be even better, although far less memorable.

Secure passwords will provide a layer of protection against some bad character obtaining your password and hacking into one of your accounts, but they are of far less value in protecting your identity should your account be one of thousands (or millions) compromised in a major data breach.

Hacks Happen

You do not need to be Sony Pictures getting under the skin of Kim Jong Un. Big companies are routinely targeted by hackers from around the globe, putting the security of their subscribers at risk when a breach occurs. In general, big businesses take extraordinary measures to attempt to maintain the utmost security standards, but it is an ongoing game of cat and mouse. For example, Facebook alone has paid out over $5 million to date in its not-highly-publicized Bug Bounty program, where it pays independent “white hat” hackers to identify and repair security vulnerabilities.

That is an example of what one big online business is doing; however your own personal security is to a great degree your own responsibility. You will want to check (and often disable) routinely loose security settings when you buy a new computer or mobile device or when you upgrade one of those to a new operating system. Keep in mind that settings that benefit convenience and ease of use are very often directly at odds with the safeguarding of your personal security.

There are many ways that passwords can be hacked online. The most common technique is the use of dictionary attacks, where commonly used words are highly vulnerable and easily uncovered. Another technique consists of using the brute force of computing power and sophisticated software to run through every possible combination of characters. The more bits of data involved (directly proportional to the number and random nature of characters), the longer it will take to hack a password. Complex character combinations and the use of encryption slow down, but will not prevent, the disclosure of a password to a determined intruder.

There are actually times when a company or individual needs to recover a lost password, and there are other instances where law enforcement needs to crack a password in order to uncover criminal activity. We are all familiar with the FBI vs. Apple Computer encryption debate, involving a cell phone owned one of the shooters in the December 2015 San Bernardino, California terrorist attack. Whether used for good or bad, there are dozens of free, open-source brute force hacking tools that can be easily found and downloaded online. Their existence and ease of access should provide a wake-up call to any computer or mobile device user.

Just in case you think that one of your own passwords is “secure enough”, enter it into this online tool for what will probably be a rude awakening:
https://howsecureismypassword.net/

HowSecureIsMyPassword_600x205_100
Minimum Standards

The minimum standards for password security that are generally considered acceptable today involve the use of at least 12 (preferably 16) entirely random characters (a mix of upper and lower case letters, numbers, spaces and special characters), never including a dictionary word or a repeated sequence, and with no password used in more than one application.

An online tool that will assist you in generating secure random passwords is the aptly-named Secure Password Generator. Using this tool, I just generated a random 16-character password that I then entered into the secure password test site (shown above.) According to that site, the password that I entered would take 41 trillion years to crack. Give it a try:
http://passwordsgenerator.net/

Storing Passwords

The best advice for keeping track of your cryptic passwords is to always maintain a written paper record in a very secure location. To simplify your life, you can also use one of several password managers that will allow you to encrypt and store all of your passwords in one secure location. You will only have to remember one password to access your files. (If you have been following along and learning from what I have written, that password will meet the standards that I have outlined above.)

The following are some of the best free password managers. They all work across multiple devices. Compare their features and choose one:

LastPassDashlaneKeePass

Bear in mind that even these password managers are vulnerable to hackers; however, in one documented security breach, only users with weak passwords were impacted. We are over a month into a New Year. Resolve to at least take a step in a positive direction when it comes to your online security.

This post was written by Peter Pelland