Pelland Blog

Beware the “Sextortion” Scam: A New Form of Cybercrime Making the Rounds

October 28th, 2018

Most people realize that the ultimate in cyberwarfare would be for one country to take down the power grid, telecommunications network, financial industry, or military and defense networks of a foe country. There is no doubt that the United States, Russia, China and other countries maintain this capability but wisely withhold use of this “nuclear option” in cyberwarfare, although there have been instances where the waters have clearly been tested. As has been recently demonstrated, cyberwarfare tends to take a much more subtle and individualized approach, exploiting weaknesses in things like social networks and ballot tabulations. The same sort of approach, where individuals are targeted, is generally practiced in cybercrime, the aggressive bully that is the awkward little stepbrother of cyberwarfare.

Cybercrime takes a variety of forms but generally targets either individuals or individual companies. Small businesses, where there is often only a subtle distinction between a business and its owners, can be particularly vulnerable. In most instances, the criminal activity exploits vulnerabilities in the security practices of the target. These vulnerabilities include the failure to apply software patches and updates, unsecure office practices, and the use of weak, old, and/or repetitive passwords. The results include the easy entry of computer viruses and malware that can turn a computer into a bot on a criminal network or install ransomware that will hold a computer and its files hostage. The same vulnerabilities lead to the proliferation of phishing attempts and other email and telephone scams where the senders or callers impersonate trusted companies in an attempt to obtain passwords, secure information like social security numbers, your credit card numbers, or remote access to your computer.

One of the latest trends in cybercrime exploits a combination of known hacks and personal fears and anxieties. As most of us know, there have been a number of major websites that have been hacked in recent years, some instances more widely publicized than others. The ultimate victims are the individuals whose personal data has been breached and compromised. The term “pwned” originated in early online gaming as a typographical error in the word “owned”. If you have been “pwned”, it means that your personal information is now “owned” by others. To see if your personal data has been “pwned”, visit the “Have I Been Pwned?” website and enter your email address. At the time of this writing, there are 296 websites that have been “pwned” with over 5 billion accounts compromised. Some of the websites that have been hacked include Adobe, Ancestry, Avast, Comcast, Dropbox, Exactis, Experian, Forbes, Kickstarter, LinkedIn, MySpace, River City Media, Snapchat, Ticketfly, tumblr, and Yahoo. This list includes websites that you have probably used, and in all likelihood, your personal information has almost certainly been hacked. In my own instance, my email address has been compromised in 10 of these major hacks, most recently the Exactis hack in June 2018. That recent hack disclosed credit status information, dates of birth, email addresses, income levels, marital statuses, names, phone numbers, physical addresses, and much more from 340 million personal data records.

Stolen passwords are then readily exchanged, sold, or even made freely available on a number of forums and so-called “pastes”, utilized by cybercriminals who are well aware of the human tendency to reuse usernames (many simply the users’ email addresses themselves) and passwords across a variety of websites. Security breaches like the Yahoo and Dropbox hacks go back to 2012. Although savvy Internet users will have changed their passwords on those sites long since then, if those same passwords were used on other websites, the vulnerability remains. More recent hacks will expose passwords that are currently in use, demonstrating a strong argument in favor of changing passwords on a regular basis.

With this combined background information in mind, you will understand how I felt both alarmed and violated when I received an email one evening back in July that made it past the Gmail spam filter. The subject line included a username and password combination that I frequently used 10 or 15 years ago, indicating that somebody had gained access to my personal information, even though it no longer represented valid credentials. The email had successfully caught my attention and, at first glance, seemed like there could be cause for concern. It went on to allege that a visit to pornographic websites led to the installation of remote access and keyboard logging software on my computer that gave the hacker complete access to my email and social media address lists, as well as my computer’s microphone and camera. Cutting to the chase, the sender was threatening to send a compiled split-screen video of the sites I had visited, along with my “interactions” with those sites, to my friends and family members as allegedly compiled from access to my computer. The only way to prevent this from happening was to pay $3,200.00 in Bitcoin (a cryptocurrency that is popular with online thieves) using a key that was provided.

The facts that I do not spend my time visiting pornographic websites, do not have either a camera or microphone installed on my computer, would immediately know if somebody had remote access to my computer, my passwords are highly secure, and Trend Micro Maximum Security software shows that my computer is free of any malware, spyware or viruses, still left me feeling personally violated. The following morning, I spoke with an agent at the Federal Bureau of Investigation’s Boston field office who told me that this extortion scam had been circulating quite widely throughout the month of July 2018. (In fact, I found a variation in my spam folder a couple days later, with this second thief only seeking $250.00 in Bitcoin.) The agent also told me that there were people who reported receiving variations that were sent through the mail. I also have friends and clients who told me that they have received the same sort of email during the same time period and as recently as last week. I went on to file an online complaint with the FBI’s Internet Crime Complaint Center, commonly referred to as the IC3. There is also a page on the Krebs on Security website that outlines the “Sextortion” scam and currently includes nearly 1,000 comments from people like me who have received the emails and are trying to warn others from falling victim.

The lessons to be learned are to:

  • Be aware that your personal information has been stolen, probably on multiple occasions.
  • Your personal information can be used in extortion attempts.
  • Minimize vulnerabilities on your computer and run up-to-date security software.
  • Never trust any email that sets a deadline or seeks payment in cryptocurrency.
  • Never make an extortion or ransom payment.
  • Notify legal authorities if you are a victim.

It is challenging enough running a small business these days. Nobody needs to waste time, worries, or money with the perpetrators of online scams, who are going to continue to evolve into using more creative and credible formats.

This post was written by Peter Pelland

Red Flag Emails

October 15th, 2018

An email that recently made the rounds among campground owners encouraged them to “renew” their advertising on the Go RV Park website. In instances that were called to my attention, Maryland campground owners were provided a link to a page where they could see their advertising located, along with a $49.00 renewal price. The email also stated that the website had “acquired the Maryland Campground and RV Park Directory Inc. and SW Publications Nationwide.” At first glance, $49.00 sounds like a good deal, and the fact that your park (and every other park whose data has been harvested) is already listed makes the “renewal” make sense.

Take a second glance before reaching for your wallet. The “Maryland Campground and RV Park Directory Inc.” does not exist to my knowledge, although it sounds both legitimate and oddly similar to the directory of the Maryland Association of Campgrounds. Then, “SW Publications Nationwide” is another company that appears to be both nonexistent but very similar to “Southeast Publications”, a well-recognized vendor within the campground industry. Many of us tend to miss the little details, and many people who read “SW Publications” mistakenly interpreted that as “Southeast Publications”. Finally, the GoRVPark.com website sounds confusingly similar to the GoRVing.com website that is a partnership of the RVIA, the RVDA, and National ARVC.

In addition to your own listing and compiled listings of every other campground, the website features banner ads for industry giants that include KOA, ELS, Good Sam, Bass Pro Shops, and Walt Disney World’s Fort Wilderness Campground. This certainly suggests legitimacy, but who says that any of those businesses paid for, authorized, or might even be aware of their ad space (at least until now)?

Back to the $49.00 “renewal” price, that would truly appear to be a bargain. The company’s website offers a $149.00 advertising fee and says that “This $149.00 yearly price is for a LIMITED time only. RV Parks, Campgrounds & RV Resorts who sign up NOW will NEVER be subject to the regular annual cost of $499.00 per year.” Interestingly enough, this exact wording appears on the earliest appearance of the website on the Internet Archive, when it was apparently launched in 2010. How can this possibly be a “LIMITED time” offer? To further suggest its authenticity, the website claims that “Go RV Park is the #1 Google ranked portal and intuitive network of websites for RV information.” Beyond the fact that this gobbledygook is total nonsense, a Google search for “RV information” shows the website totally missing in action, at least on the first 10 pages of search results.

Fortunately, the assessment that I provided to the Maryland Association of Campgrounds was shared with its membership as well as National ARVC, which issued a press release warning members to read their emails carefully before responding to this type of offer.

Another type of email that is not specific to the campground industry but seems to continually make the rounds are the ones that scare recipients into believing that their domain names are ready to expire and need to be renewed immediately. Only the fine print (which many people either skim or do not read) explains that the senders are not domain name registrars but are selling highly suspect “traffic generator software tools”, implying that failure to pay for the “search engine optimization service by the expiration date, may result in the cancellation of this search engine optimization domain name notification notice.” (Don’t think for a minute that anything you do will stop these email notices!) Along with a number of payment links and the recommendation to “Act immediately”, the recipient will typically misread the words “Failure to complete your SEO domain name registration search engine optimization service process may make it difficult for customers to find you on the web.” This statement means absolutely nothing, but many people think that their domain name registration is ready to expire, or that their listing on Google is ready to suddenly disappear, and pay the fee (typically $84.00 or $86.00) before they realize their mistake. Fortunately, most reputable email service providers (such as Gmail) send these solicitations into spam folders.

Another email scam is the one that sells compiled email lists. They usually state that the lists are “opt-in verified, 100% permission based and can be used for unlimited multi-channel marketing.” One that I recently received began with the words, “Greetings of the day! Would you be interested in acquiring an email list of ‘RV Owners List’ from USA? (sic)” Another that came in within the last 48 hours offered “100K Email Marketing only for $160 USD, regular price $360 USD” or “900+ Million World Wide Email List only for $75 USD, Regular Price is $450 USD (sic).” Unless you like receiving spam yourself, want to get your email account closed, want to have an email marketing account terminated, and want to be reviled by most recipients, do not even think of buying or using a compiled list. Again, most of these solicitations end up on spam folders themselves.

Confusion over email scams like these is quite valid, as evidenced by the dozens of emails that clients have forwarded to me, wondering whether or not the emails are legitimate. Scammers like these profit tremendously if only a small percentage of recipients fall for the bait, and knowledge like this is your best defense against becoming victimized.

This post was written by Peter Pelland

Put Directory Advertising to Work!

September 19th, 2018

This is the time of year when ads are due for next year’s print advertising in state campground association directories, local tourism agency guides, and big national directories like the Good Sam Directory. Unfortunately, most of us have too much on our plates, too many hats to wear, and too many balls to juggle. Pick your excuse, but then pause before you simply renew your ad from last year, and the year before that, and the year before that. Too many of these decisions are based almost solely upon how much money we are willing to spend, failing to treat advertising as a well-planned investment.

If you are satisfied with the status quo in your advertising, it must mean that you are content with your current volume of business. On the other hand, if you are seeking to grow your business, sometimes it is necessary to shake things up with your advertising. Even if your park is booked to capacity for most of the year, there are ways to reach out to new markets that might make the occupancy of a fixed number of campsites more profitable.

Thumbing through the pages of the 2018 campground directory for one of the larger state associations, I am seeing 1/16 page ads with dark text that is almost unreadable against dark background photos, poor quality photos, excessive amounts of text that can only be read with the help of a magnifying lens, and a serious lack of coherent design. I am also seeing ads that, regardless of size (but not 1/16 page!), command attention and stand out from adjacent ads where the only thing in common is the cost of the advertising space.

A well-designed ad should be part of a carefully executed marketing campaign. It should mirror the design and objectives of your website, collateral advertising, social media content, and overall branding. Even if your park is part of a franchise like KOA or Leisure Systems, you will want to capitalize upon the dollars that the corporate offices spend on national advertising campaigns, maintaining a consistency with their branding specifications and quality standards, while singling out your park’s individual identity and key selling points. It involves more than including the KOA logo or Yogi Bear graphics in an otherwise disconnected ad.

My best advice is to avoid trying to design ads yourself. You cannot design your own ad using software like Microsoft Word or Publisher and expect it to be press quality. There are too many details that cannot be properly fine-tuned using that type of non-professional software. You will also want to resist the urge to save money by having the directory publishers design your ads in-house. Almost without exception, the most highly skilled graphic designers are not designing free ads in that type of production-oriented environment. Finally, you do not want to take your chances with a freelance from a site like Fiverr.com who knows nothing about your business. All of your ads should reinforce one another with a consistency that steadily builds your brand awareness. If you are not already using a marketing company that has developed an overall marketing strategy for your park, consider hiring a local graphic designer who is experienced, has a solid portfolio, and has a proven track record.

Even the best designed ad can leave you with lingering questions regarding its effectiveness. With online advertising, running Google Analytics on your website can pretty clearly demonstrate how much traffic is coming from referring sites. It is quite possible that your analytics will show that an expensive Good Sam ad is a far better value in terms of cost per click than an inexpensive ad that sends little or no traffic to your website. With print advertising, it is far more challenging to measure results, although you may consider using unique website landing pages and unique phone numbers (either local or toll-free) using a call tracking service provider.

Now that you have an advertising campaign that has been effectively designed, here are a few pointers that will help you to get the most bang for your buck:

  1. Never allow an ad to print without seeing a proof, and always get a second set of eyes to proofread, because we rarely catch our own errors. If anything needs to be corrected, demand to see a new proof.
  2. Ask if any discounts are available. These might include a 15% agency discount and early payment discounts. If color is available, ask for it at no extra charge. Advertising rates are frequently negotiable.
  3. Ask for preferred ad placement. This generally means right-hand pages, with your ad adjacent to related editorial copy, not placed on a page with nothing but other advertising. Negotiate this premium ad space at no charge, as either a new advertiser or a loyal advertiser.
  4. Learn to say no, but also learn to say yes. Do not waste money on advertising that is not a natural fit for your business, but remain open to exploring new opportunities.
  5. Keep it simple. When it comes to ad content, less is usually more. Avoid the temptation to include the kitchen sink, but keep in mind that “white space” is not necessarily white.
  6. Include an incentive and a call to action. The incentive may be strictly emotional, and the call to action may be finalized online, following a link to your website.

Print advertising is alive and well, but plan it carefully to ensure that it will be as effective a component in your marketing mix as possible.

This post was written by Peter Pelland

What’s in a Name?

August 7th, 2018

In the campground industry, there are instances where it makes sense to change the name of a business, particularly if the old business name is too closely associated with a previous owner or has garnered a questionable reputation. In other instances, a park will change its name when it joins a franchise system and adopts the name that is assigned to its local area. Sometimes new owners will want to make a fresh start, after purchasing a park that they love that comes with a name that strikes them as less than well-informed.

Name changes are neither simple nor inexpensive. When Nissan decided to change its brand name from Datsun to Nissan back in 1984, its direct costs were said to be $500 million. It cost the company $30 million just to change the signs of 1,100 dealerships, as well as another $200 million to replace the “Datsun, We Are Driven!” ad slogan with a new campaign designed to build its new identity. Name changes should not be taken lightly because they carry innumerable costs, including the following:

  • Filing changes and paying the associated fees with your Secretary of State
  • Updating business registrations and licensing
  • Checking trademarks
  • Designing a new logo
  • Replacing signage
  • Replacing all of your advertising materials, from business cards to your website
  • Checking the availability of a new domain name (which may, in itself, determine or at least influence the new business name)
  • Taking measures to ensure that traffic from your old website redirects to your new site, without the new site needlessly taking a hit in its search engine ranking
  • Correcting listings on every website that references or links to your business

The website-related issues start with checking on the availability of a new domain name that will well-represent the new name of your business. To do this, you cannot simply enter a URL into a Web browser and presume that it is available because a website does not appear. You need to perform what is called a “whois lookup”, and a quick and easy way to do that is to go to https://whois.com/. If your first choices are already taken by similar businesses in other states, that might impact your choice of business name. Even without taking potential trademark issues into consideration, any businesses with the same name are going to confuse consumers looking for your site and will probably adversely impact your search ranking for years to come. Keep in mind that you do NOT want to settle for a non-dot.com variation of your desired domain name because too many people who see a .xyz, .dot, .fun, or .web URL will not recognize it and will type in the .com variation anyway.

In order to ensure that traffic from your old website will redirect to the equivalent pages on your new site, have your webmaster employ what are called “301 redirects”. These will seamlessly send visitors to your new site while signaling search engines to update their links. If you have a series of alternate domain names, either referencing the old or new business name, you will also want to set those up as domain aliases so they will direct visitors to your new online presence. Of course, you will probably want to reference the old business name on the new site, at least for a year or so. Something like “Welcome to New Campground, formerly Old Campground!” will assure people that they have arrived at the right place.

Updating the links on all of the sites that reference your business will be perhaps the most time-consuming and potentially frustrating, yet critical, process. It is important to maintain your continuing flow of incoming referral traffic. Some sites will require you to log in to your account, others will have an update form, and some others might require a phone call or email. In each instance, you will want to update your business name and Web address; however, while you are there, check to see if anything else should be updated in the listing. Start with the most obvious and important resources, then work your way down the list. For campgrounds, the list will include:

  • Your state association website
  • National ARVC and the Go Camping America website
  • Your listings with Google My Business and Bing Places for Business, which will also affect their respective online mapping resources, Google Maps and Bing Maps
  • Good Sam and the campground listings on GoodSam.com
  • Your Facebook page, including an update of your Facebook URL to reflect the new business name, and an update of your profile photo and cover image
  • Any other social media accounts that you are using
  • Campground review sites such as RVParkReviews.com, GuestReviews.com, and Campendium.com
  • Broader review sites such as TripAdvisor and Yelp
  • Your regional tourism agencies and local chambers of commerce, if you are members
  • Any other referring sites that show up as significant sources of traffic in your Google Analytics

Finally, there are literally dozens of local directory sites that you will want to at least try to update. Although few people actually use these sites as resources when looking for campgrounds, these sites are important because they can influence search engine rankings. You can attempt to update these listings yourself; however, some will charge a fee, and whatever you update might still be undone by one of the data aggregators that feed these sites their listing information. Alternately, you can go direct to the four major data integrators to search for and update your listings:

  • Factual
  • Axiom
  • Infogroup
  • Neustar/Localeze

There are companies like Yext that will provide this latter service of updating your local directory listings for a fee. Another option is Insider Perks, a company that specializes in working with campgrounds, and probably a better choice. With everything involved on this checklist, maybe that old business name isn’t looking so bad after all. One thing is certain, and that is necessity to consider all of the costs in advance of making such an important decision.

This post was written by Peter Pelland

Seize the Upscale Market

August 3rd, 2018

Too many business owners stress over what their competitors are doing, when they would be better off concentrating on what their customers want. Campground owners are no exception. Probably the most common fear is having a rate structure that is higher than that of nearby competitors. One of the questions that I most frequently field – typically right after the first of the year – is “What do you see other parks implementing for rate increases?” The insinuation is that unilaterally raising rates will somehow lead to a mass exodus of campers toward the lower-priced parks. This notion presumes that camping is a commodity where decisions are solely based upon price, without regard for customer loyalty or the many features and amenities that differentiate one park – or one campsite – from another.

A Glampsite at Cape Cod Campresort

That logic might apply to campers who are looking for nothing beyond the basics … the same customers who are not going to spend any money in your store or for added services, and who are the most likely to complain about everything from guest fees to your “no refund” policy. On the other hand, there is a growing and lucrative market of campers who are seeking out – and willing to pay for – little extras in their accommodations. Whatever the sites might be called, there is a growing demand for premium, premier, and super deluxe campsites. I reached out to the owners or managers of three parks that are noteworthy for fearlessly raising their rates on their upper tier of sites, and I asked them to share their thoughts on their experiences. We are all familiar with the aphorism that “a rising tide lifts all boats,” summarizing how everybody benefits from those who are willing to lead rather than follow. The entire campground industry can thank parks like these that have taken the initiative to lead rather than follow.

Wells Beach Resort

Wells Beach Resort is a family-owned and operated campground that is in its 48th season of business along the southern coast of Maine. Kevin Griffin commented how his father, Ken Griffin, began converting standard RV sites into premium sites about 30 years ago, as a means to better satisfy changing customer demands and raise site rates. According to Griffin, “It was a decision that we’ve never regretted, but at the time it was something of a risk, not knowing if the added premium site features (e.g., carpeted patios, 50 amp electrical service, larger parking spaces) would be worth the investment. We started converting sites slowly but were pleasantly surprised to discover that there was a very strong customer demand for upgraded sites. Weighing costs against benefits, we decided to accelerate the site conversion process over a span of decades. Today about one-third of our sites have been converted from standard to at least premium status. We also have a newer class of upgraded premium sites that we call ‘Premier.’ Our Premium and Premier sites have nightly rates that are approximately 10 to 20 percent higher than our standard RV sites, but the demand for upgraded sites is still greater than the demand for less expensive standard sites.” He concludes that, if park owners are looking for a way to make customers happy while simultaneously increasing their pricing power, upgrading standard RV campsites is definitely an avenue worth exploring.

Black Bear Campground

In his travels along the West Coast, Frank Merrick, manager of Black Bear Campground in the Hudson Valley of New York, had noticed the trend toward offering true 100-amp service at RV sites. Making 50-amp service available on two separate power pedestals or through two power boxes at one source at individual RV sites allows campgrounds to accommodate the largest of all-electric rigs, which are gaining in popularity. Merrick decided to offer a limited number of true 100-amp sites at his park, in an attempt to draw these larger, all-electric models to the area. These sites were created and offered at a premium price, approximately 10% higher than the existing full-hookup sites at the park.

According to Merrick, “Results were positive as 2018 bookings began to increase, with a sizable percentage of new reservations requesting the premium sites.” As it turned out, only a few of these RV’ers had large, fully-electric rigs that truly required the 100-amp service, while most simply desired – and were willing to pay for – the larger sites that include this service option. Recognizing that opportunity, Black Bear decided to make these sites even more appealing by adding a few more features: a sod grass ‘back yard’ with rows of small privacy trees at either side, offering a bit more shielding from neighboring sites; two picnic tables per site, with a rock-lined pathway to the table in the ‘back yard’; and both a standard fire ring and a cemented iron grill at each site. According to Merrick, “the front and service area of each site was rocked with I9 for a comfortable spot to park an RV and any accompanying vehicles.” He added that “the rock also eliminated the need for grounds maintenance to mow or power trim directly next to a customer’s RV, lessening the possibility or occurrence of damage by the maintenance equipment.” Most of the items needed to upgrade these sites were already on hand at the campground, minimizing the cost of the aesthetic improvements, especially when compared to the number of bookings at the increased rates for these ‘Premium Sites’.

Cape Cod Campresort

Anthony Newman Sr., the owner of Cape Cod Campresort in Massachusetts, has been offering his campers ‘Glampsites’ for five years as of 2018, upgrading many of the existing sites and cabins to the park’s ‘Glampsite’ class of service. According to Newman, “We have seen little to no resistance to price increases which represent a minimum of $10.00 extra per site per night at this time. Typical upgrades to sites include pavement on the actual site pad, barbecue grills, paver patios, upgraded fireplaces, a grassy picnic area, upgraded picnic tables with umbrellas, and pea-stone parking spaces. The sites are very eye-appealing and we are finding almost 100% repeat requests for these sites despite the added cost.” Newman says that his average cost to upgrade one of these sites is $2,500.00; however, he says that his seasonal guests are willing to pay $1,000.00 extra for a ‘Glampsite’ and that the park actually has requests from existing seasonal campers willing to pay extra if their site can be ‘Glamped’. Newman concludes, “We figure in general about a two to two and half year payback on the upgrade investment. We plan to continue upgrading at least 10 more ‘Glampsites’ each year.”

Based upon the proven experience at these three parks, where management was not afraid to get ahead of the curve in offering guests premium amenities at a premium price, following suit in your park would appear to be a far less than risky venture. In fact, it is likely far riskier to maintain the status quo by continuing to market your park to a base of campers who make their decisions primarily upon price.

This post was written by Peter Pelland

Securing Your Digital Identity

June 25th, 2018

In recent months, I have been taking the 10 Steps for Securing Your Digital Identity seminar – that I first presented at the National ARVC Outdoor Hospitality Conference & Expo in Raleigh in 2017 – on the road, with presentations before several state association meetings. The information in the seminar, drawing parallels between the 2017 Equifax security breach and the risks that face small businesses like yours and mine, seems to continually grow timelier with each presentation.

Equifax has admitted that more data was compromised than was originally disclosed, the Internal Revenue Service (which cancelled a no-bid contract with Equifax) urged taxpayers to file their returns as early as possible in 2018 because a stolen identity can lead to a stolen tax refund, and Facebook admitted that it profited from personal data that was exploited by Cambridge Analytica for nefarious marketing purposes. That latter instance forced Facebook CEO Mark Zuckerberg to uncomfortably don a suit and tie, and led to the May 1, 2018 announcement by Cambridge Analytica that it was shutting its doors and initiating bankruptcy filings in both the United Kingdom and the United States.

Some people have suggested disconnecting from the Internet and deleting their social media accounts. The former suggestion is highly impractical in today’s interconnected world, and the latter suggestion – perhaps laudable – in unnecessary if some common sense precautions are exercised. Let me share just two of the highlights from my seminar that will help you to secure your digital identity.

Passwords

There is no easier way to ensure that your identity will be compromised than by using weak passwords, the same password for more than one account, or a password that you have not changed since the sun started rising in the East. A weak password is like the old skeleton keys that could open every door in the neighborhood when I was a child. If you think that your password is secure, you can quickly test its strength online at https://howsecureismypassword.net/. You do not want a password that can be cracked in seconds, minutes, days, weeks, months or even years, but a password that would require millions, billions or trillions of years to crack. I recommend tools that generate secure random passwords, such as the one at https://passwordsgenerator.net/, where secure passwords typically consist of a minimum of 16 characters that mix upper and lower case letters, numbers, and special characters.

Another option is to use four totally random and unrelated words in succession, such as kitten, faucet, maple, and magnet: kittenfaucetmaplemagnet. According to the online test, that example would take 277 trillion years to crack. The only problem is that most of us find it difficult to think in such a random manner. However, if you make a conscious effort, you can generate a highly secure password that should be relatively easy to enter into a keypad. The most common complaint even then is that secure passwords are difficult to remember.

The solution is to use one of several available password safes, including LastPass, Dashlane, and Keeper. These all work with Windows, Mac, iOS, and Android operating systems, have plugins for popular browsers, include two-factor authentication, offer fingerprint login on mobile devices, and have free versions which are usually all that you need. You only need to remember one highly secure master password. Even if that master password could somehow be hacked, nobody could log into your account thanks to two-factor authentication. If somebody attempts to log into my own password safe (which has happened more than a dozen times from hackers around the globe), they would have to know my master password (good luck!), then – because they would be logging in from an unrecognized device or IP address – they would also need to steal my phone AND know how to unlock that device in order to enter the two-factor authentication.

Software Updates

The massive Equifax security breach was the result of the company’s failure to install a patch in universally used Apache Struts open-source software in a timely manner. The Apache Foundation discovered a vulnerability in its software on March 7, 2017, announcing and patching that vulnerability the same day and issuing a subsequent patch three days later. Equifax failed to apply those urgent security patches for at least two months, resulting in a hack that compromised virtually every consumer in America, including at least 209,000 credit card numbers. Offering free identity theft protection and credit card monitoring service is a poor substitute for basic responsibility. In the fallout, Equifax’s CEO was forced to resign, its stock value plummeted by over 30% almost overnight (only recovering half of that loss at the time of this writing), it lost that multi-million dollar no-bid contract to provide taxpayer identity services for the IRS, and the company’s name is now almost always followed by the words “security breach.”

What are the lessons to be learned by your small business? First and foremost, it is critical to run the latest operating system and updates on all of your computers and mobile devices. If you are running a Windows computer, this means running the latest version of the Windows 10 operating system. Microsoft’s support for Windows Vista ended on April 10, 2012; support for Windows 7 ended on January 13, 2015; and support for Windows 8/8.1 ended on January 9, 2018. If you are running any of those operating systems, your computer and the files that it contains are at high risk. It is also important to be running the latest version of Internet browsers, such as Chrome, Firefox, Edge, and Safari; plug-in software such as Adobe Reader, Adobe Flash Player, and Java; and a reliable anti-virus software suite from companies like Avast, Trend Micro, Webroot, or Bitdefender.

Hack attacks are continuous and ongoing, seeking out vulnerable passwords and vulnerabilities in software. Without taking basic precautions, you could become the next victim of identity theft, be subjected to ransomware demands, have your credit card information stolen, or compromise the personal information of every one of your customers. The resulting impact could be devastating for your business. The days have long past when any business, large or small, can afford to take anything less than a vigilant stance when it comes to securing its digital identity.

This post was written by Peter Pelland

Start a Disruption (Updated)

May 27th, 2018

Successful business concepts today generally involve entirely new ways of thinking. In the world of computer software and mobile apps, the terminology is known as disruptive technology, and it refers to the fact that nothing really new or transformative comes from simply applying a new coat of paint or polish to something old and familiar. In a broad sense, the personal computer and the cell phone were among the greatest disruptors of recent time.

If you go back in time, other ground-breakers included the friction match, the printing press, the incandescent light bulb, the internal combustion engine, film, radio, television, and so on. Certainly, some of these inventions evolved over time rather than instantly bursting onto the scene. Television, for example, gradually evolved from radio to the flat-screen displays of today.

From the dozen local VHF channels of the early years, came UHF adapters, cable, and satellite systems that now bring hundreds of programming options into the home of any subscriber. Even the remote control has evolved by leaps and bounds from the original Zenith Flash-Matic, introduced in 1955, to the programmable, multi-function devices of today. I remember a very primitive one-button remote control on my family’s Sylvania console TV back in the 1960s. We could not watch TV during a thunderstorm because lightning made the remote control go crazy, endlessly changing the channels on the motorized tuner!

Disruptive ideas are far from limited to the technology industries. In the customer service industries, we need to think less like our grandparents and more like our next generation of customers. For campground owners, this means thinking outside the box, seeking out the next new idea that will appeal to your guests. When was the last time you invested in a major piece of new recreational equipment? Not simply a new playground, but things like a fitness course, canine agility park, jumping pillow, gem mining station, laser tag, or spray park. And when is the last time that you really shook up your activities schedule, adding an event or two that will run the risk of being ahead of its time but that could also prove to be overwhelmingly popular?

There are a couple businesses in New Jersey that fall under the “who wudda thunk it?” head-scratcher concept category. Stumpy’s Hatchet House was founded in 2015. Its first location, in Eatontown, was the first indoor hatchet-throwing facility in the United States, probably a lot more fun than either bowling or darts. Customers pay $40.00 per person for a two-hour session that includes safety training, a lesson, hatchet rental, and use of a hatchet pit. A separate party room can be rented by groups, or the entire venue can be rented for $1,500.00 per hour (up from $1,000.00 a year ago.) Spectators (referred to as “non-throwers”) pay a cover charge of $15.00 each. Stumpy’s is opening 3 more locations in June 2018, with a total of 12 locations soon to be in operation in 7 states.

Located in West Berlin, New Jersey, Diggerland USA is the first and only construction themed adventure park in North America, where children and families can drive, ride and operate actual heavy construction machinery. The park covers about 21 acres and is comprised of over 25 attractions, the majority of which are real, diesel powered, full size, pieces of construction equipment. Guests who visit Diggerland USA can drive full size backhoes, dig giant holes with real excavators, and operate just about every sort of construction machine you might imagine. Guests pay $129.00 for a one-hour package operating one machine, $258.00 for a two-hour package operating two machines, $387.00 for a three-hour package operating three machines, and an extra $395.00 to smash a car. There are also group packages and special adult sessions called Diggerland XL, designed for adults over the age of 18 and including more unrestricted equipment operation.

Both of these businesses fall under the umbrella category of the adult fun industry. Time will tell whether these ventures will take off and succeed in the long run, but most service businesses today are not planning where they will be 50 years from now. Serial entrepreneurs work within a far shorter time-frame (typically 10 years) within which to take risks, hopefully profit, move on to the next venture, and sell to a new investor. When you come right down to it, how many campgrounds are not currently for sale, given the right price and circumstances, along with a ready and willing buyer?

A park that embraces concepts on the cutting edge (no hatchet-throwing or excavator puns intended) will profit in the short run and tremendously increase its value in the long run.

This post was written by Peter Pelland

The GDPR Is Coming, The GDPR Is Coming!

May 14th, 2018

Global Data Protection Regulation

You have no doubt heard about the GDPR, and you may think that it has nothing to do with you. First of all, what is the GDPR? Unlike the DPRK, which is also in the news quite a bit lately, the GDPR is based in the European Union, not North Korea. It stands for the General Data Protection Regulation, and it goes into effect on May 25, 2018, with the intent of standardizing data protection rules across the 28 member countries of the European Union, from Austria to the United Kingdom (yes, despite Brexit, the United Kingdom remains an EU member until March 29, 2019.) With additional countries currently seeking admission, there are only a few European countries (most notably Russia, Ukraine, Norway, and Switzerland) that are neither members nor in the process of joining. The GDPR is designed to protect the personal privacy rights of citizens who reside within the EU, through the implementation of data protection standards by companies based in the EU itself and global companies that either process or control the personal data concerning individuals who reside in the EU.

Although the owner of a small campground in Oklahoma may not think of his business as a global enterprise, the Internet has made this planet a very small world indeed. Campgrounds near international tourism destinations like New York City, Washington DC, or units of our National Park System certainly recognize their percentage of guests from outside of the United States, many of whom originate from within the European Union. In fact, I have written in the past about measures that park owners can take in order to pursue a larger segment of international tourism business. Unless you are going to take the extreme (and suicidal, from a business development standpoint) measure of banning guests from Europe, the new regulations apply to your business. It is better to embrace the standards now because these new standards are likely to be broadly embraced around the world in the coming years. Which one of us, as individual members of the world society, is not in favor of improving standards to protect our personal privacy?

Some people dismissively think that they can ignore the new GDPR rules, foolishly assuming that they cannot possibly be enforced or that their small business would certainly never be targeted. As Americans, we get inundated with a daily barrage of telemarketing phone calls and junk faxes despite the fact that they are prohibited by the U.S. Telephone Consumer Protection Act, and we have all been the victims of widespread security breaches where companies like Equifax get virtually slapped on the wrist. Well, change is in the air.

What Does It Mean For You?

The new rules require a higher standard of consent in the gathering of personal data, broaden the rights of individuals to demand that their personal data remain private, and establish enforcement powers that include some substantial files for violations. If your website, like many if not most, is running Google Analytics, Google Tag Manager, or similar analytical software, you have probably received notices from Google, requiring that you update your agreement and provide your company’s legal name and contact information, a process that shifts the burden of ultimate legal responsibility from Google to your business. If you are familiar with Google Analytics and have evaluated your analytical data, you know how it can map your website’s traffic volume down to the local level, based upon the IP addresses of individual computers and mobile devices. The information falls just short of identifying a specific visitor to your site as Liam Andersson, at 211 Svarvargatan in Stockholm, Sweden; however, the IP address of a user’s computer constitutes personal information under the new regulations.

If you are advertising your business using online tools such as Google AdWords, Bing Ads or Facebook Advertising, you are probably fully aware of how that advertising can be targeted toward specific countries. Targeting any EU countries identifies your company as one that is specifically processing data from individuals who come under the protection of the GDPR. Although many American campground websites have dedicated French language versions (if they cater to a French Canadian clientele) or Spanish language websites (in order to reach out to the growing numbers of bilingual Americans), having dedicated website content (not simply the availability of a Google Translate tool) in French (even FR-CA, as opposed to FR-FR) or Spanish could also be interpreted as an effort to market to individuals in France and Spain. Clearly, this gets complicated.

There is no question that companies like Google and Facebook will be modifying the ways that they gather and process personal data, in order to safeguard their own interests; however, your individual business is also going to have to take certain measures in order to comply with the new GDPR rules. If your park belongs to a franchise that has its own assets to protect, such as Leisure Systems’ Yogi Bear Jellystone Parks, your compliance needs to be assured. None of this is particularly easy, but it is all unquestionably necessary.

What Do You Need to Do?

First of all, you need to recognize that, even if you are not specifically targeting or marketing to consumers in the European Union, people residing in the member countries are likely to be visiting your website. For that reason alone, it is necessary that some modifications be made to your site, particularly if it involves the sale of any type of merchandise or has any sort of form that compiles personal information. This would include reservation request forms or any third-party software that processes reservations on your behalf. Those forms must be modified so that users specifically consent (opt in) to the gathering of their personal information (in other words, no permission boxes that are checked by default), and they must have a clear option to withdraw their consent. These processes must be very clear, specific and unambiguous, and you must have a means to immediately halt any data processing upon request.

Your website should also have a privacy policy that is associated with any e-commerce or form that gathers personal information. That privacy policy must be updated to reflect the new GDPR requirements. If it does not already do so, your privacy policy should specify that your website is not directed toward children (although, unlike alcohol-related sites as an example, an age gate does not need to be in place), whether or not it is using cookies or tracking technologies that might be out of compliance, how your website is identifying user locations (Google Analytics or Google Tag Manager, for example), whether you are collecting email address for marketing purposes (again, clearly specifying opt in and opt out procedures), whether you are collecting phone numbers and for what purposes, and how and where your data is stored.

Your level of exposure to the new GDPR rules should also address a series of European-specific questions. These include whether or not your site accepts payments in currencies other than U.S. dollars (it should not), whether your site is advertised or specifically marketed in any way toward European consumers (if so, you may want to reconsider this practice for the time being), whether your site blocks or diminishes content to European users (for example, disabling reservations – a rather extreme measure), and whether or not your site gets any significant traffic from users in Europe.

Although it is your responsibility to update any agreements with companies like Google and Facebook, many of the necessary steps will require either assistance or implementation by your webmaster or third-party reservation service providers. Keep in mind that this will involve additional services that will almost certainly incur additional fees. Maintaining standards that respect personal privacy go beyond your website and must influence your internal business practices, including the secure storage of customer data. We are living in a complicated world where, ultimately, we are all consumers with rights that need to be protected.

This post was written by Peter Pelland

Help Wanted, Apply Today!

March 21st, 2018

One of the perennial challenges facing campground owners is the struggle to find high caliber seasonal employees. Particularly when unemployment is as low as it is these days, it is not easy to find people who are anxious to clean toilets, mow lawns under the mid-August sun, or rake pieces of broken glass out of campfire rings. You understand because these are the types of jobs that you do yourself whenever necessary.

There is no question that those of us who run our own businesses think it is entirely normal to work 60+ hour weeks, to be on call when we are not working, and to grow accustomed to income uncertainty. I doubt that there has ever been a campground owner who has not at least occasionally been able to divide income earned by hours worked to find that his compensation calculated out to a fraction of minimum wage.

With that perspective as a backdrop, campground owners must nonetheless face the challenges of recruiting a qualified workforce. Larger parks that need to hire a hundred employees clearly face a more formidable task than smaller parks that get by with a half dozen multi-tasking workers. Complicating recruitment is the fact that most campground jobs are temporary and seasonal, forcing parks to compete against theme parks, golf courses, landscaping firms, farms, and any other businesses that are concentrated within the same limited tourist season.

Students on summer vacation and recent college graduates quite naturally come first to mind; however, many of them are still fantasizing that they should be earning six-figure incomes while doing nothing but sitting behind a desk. Then, there is the problem of schools resuming their fall sessions, often even before Labor Day, while your business is still at its peak. It is no wonder that I noticed the local Six Flags theme park holding recruitment days as early as January, hoping to fill up to 1,000 jobs prior to the park’s soft opening in April. I have also noticed over the last several years that the majority of lift attendants at U.S. ski resorts are South American college students who were recruited from the southern hemisphere to work in the cold during their summer vacations.

There are plenty of other businesses that face seasonal workforce challenges. Perhaps the most well-known is Amazon, a company that must recruit armies of warehouse workers to meet the demands of the spike in business that occurs during the holidays each year. In fact, Amazon has set up its own recruitment organization, called Amazon CamperForce, a name that has its origin in the fact that most of those workers are full-time RV’ers who have traded in their home mortgage payments for the freedom of the open road. Some the victims of corporate downsizing or plant closures, some former professionals who have grown restless with retirement, and others simply natural-born nomads, these mostly older folks tend to supplement their retirement incomes with seasonal employment.

When the holiday season is over at Amazon, that at-will workforce hits the road and heads in the direction of its next seasonal jobs, often found through advertisements in publications like Workamper News and Workers on Wheels or booths at camper rallies and outdoor festivals. Amazon CamperForce itself has partnered with campgrounds in 27 states – from Alaska to Florida – that help to provide a degree of employment continuity for those warehouse workers who are no longer needed after December 23rd.

When it comes to temporary seasonal employment, most businesses have a strong preference for the work ethics of older employees, and the job at your campground is much more appealing than running the concrete floors of a regional Amazon warehouse or harvesting crops under the sweltering sun, according to “Nomadland: Surviving America in the Twenty-First Century”, a 2017 book by author Jessica Bruder that paints a somewhat biased and less than flattering picture of the “work-camper” movement.

Seeking practical advice from campground owners with long histories of hiring experience, I asked several to share a few of their recruitment secrets. Those owners were Jack Robinson, the second generation owner of Four Seasons Family Campground, a New Jersey campground that celebrated its 50th anniversary in 2017; Leslie Baum, a second generation owner of Otter Lake Camp Resort, a larger park in the Poconos of Pennsylvania; Beth Ryan, the owner of both Lake Huron Campground in Michigan and the Keystone Lake Jellystone Park in Oklahoma; and Cathy Reinard, who has owned several parks, most recently New York’s Copake KOA.

The common thread among most of these park owners is probably Workamper News, a service that has been providing frameworks for connecting RVers with employers throughout North America since 1987. Workamper News is a bi-monthly printed publication, and Workamper.com is its online companion, each offering a wide range of free listing services and paid advertising options. Reinard says that Workamper News works best when her park is looking for employees at least six months in advance. The primary market here consists of older folks, often retired professionals who could be real assets to their employers, but the employee who you want to start working in April could be committed to another position thousands of miles away until then. Both Reinard and Ryan mention how providing a free full hookup site and free electric are real incentives for employees who are living out of their RVs and would otherwise have to pay to stay elsewhere. Ryan also offers an end-of-season bonus as incentive for workers who stay for the intended full term of their employment. On the other hand, Reinard points out that she still prefers local hires, where she does not have to lose the income that a seasonal site would otherwise generate, while gaining a greater likelihood of continuity of employment from year to year.

To find these local hires, three out of these four park owners turn to the guidance departments of local high schools and community colleges, even posting flyers on campus bulletin boards when permitted. Bulletin boards in general can be highly effective. There is a bulletin board outside of the pharmacy in my small town that is widely read. Reinard relates how she posted a job opening on the bulletin board in a local laundromat, leading to the hire of a new member of her housekeeping staff. The park owners say that they have also posted classified ads in local shopping guides (controlled circulation newspapers that are found in many local markets), Craigslist (where employment adds incur a $15.00 fee but typically generate many qualified responses), and Indeed (where employers can post jobs for free or pay per click for premium listings.)

Although many parks have a habit of posting job openings on their Facebook pages, Reinard cautions against this practice. She very succinctly states, “You do not want to appear to be one of those parks that are always looking for help (sending a wrong message to your guests who follow you on Facebook). If you are one of those parks, you need to take a hard look at your business and figure out why you have a problem.”

Some park owners also implement their own personal recruitment efforts that are loosely based upon the CamperForce model, except without the wheels. For example, Baum’s son is working a winter job at a nearby ski area, where the park is hoping he will be able to recruit a seasonal employee for the upcoming summer. She also mentions that her park pays higher wages than most other seasonal employers in the area, which also helps to encourage employees to return from year to year. Although the park owners also mentioned that they sometimes hire seasonal campers as employees, Reinard makes the point that she would rather avoid “mixing customers with employees”, preferring that they be one or the other but not both.

In addition to recruiting prior season employees for return engagements, Robinson summarizes employee recruitment at Four Seasons as “being visible in and interacting with the community” as the secret to his park’s success. The Robinson family has a strong presence in the Grange, the local fire company, the church, and the community in general. Their interactions with the families in these organizations spreads the word that they are in the market to hire young adults (primarily high school and college students.) According to Robinson, “There are families having three or four children, where all the children end up working for us – for many years.” This is a classic example where word of mouth has proven to be the most effective form of advertising.

With these peer insights as guidance; let’s hope that your park’s next recruitment effort will be its most effective ever!

This post was written by Peter Pelland

Give Your Guests More of What They Want

February 24th, 2018

I opened a box of breakfast cereal recently, and the inner bag of contents reached about half the height of the packaging. It was a classic example of the disclaimer that warns us that “contents are sold by weight, not volume”. If the packaging properly matched the size of its contents, it would have been half the size, have far less visibility on the supermarket shelf, and I probably would have passed on a purchase that did not appear to represent a very good value. You might say that I was deceived into making the purchase. Even though I liked the cereal, I am unlikely to purchase it again.

There are so many instances where corporate marketing decision-makers seem to underestimate the ability of their customers to make informed buying decisions and to alternately choose substitute products. Then there are instances that border on collusion, where companies follow the lead of a competitor who trail-blazes a reduction in product size without a corresponding reduction in price. For example, it only took one orange juice company to shrink its half-gallon container down to 59 ounces before every other company quickly followed suit. The same thing happened with ice cream, where the half-gallon container somehow evolved into a quart and a half. Perhaps the greatest offenses to consumer intelligence are meaningless comparison claims. I recently purchased a 50 ounce container of liquid laundry detergent where the label prominently stated “25% more ounces” (in a 36 pt. bold font) “vs. 40 fluid ounces” (in a 6 pt. light font). Needless to say, that claim did not influence my purchase.

Respect Your Guests’ Intelligence

People who feel that they have been somehow deceived into making a buying decision are almost never going to be return customers. When it comes to the outdoor hospitality industry, one of the biggest complaints is when guests feel like they are being “nickeled and dimed” during their stay. Although it is far preferable to avoid the imposition of add-on fees for incidentals like showers, Wi-Fi, or your planned activities, it is very important that any such fees be fully disclosed at the time of reservation. (One of my pet peeves is the imposition of so-called “convenience fees” for the making of reservations themselves!)

My best advice is to bundle as much as possible into your basic fees, promote the value within your rate structure, and stop presuming that people are comparison shopping for price without reading the fine print. One trend that I hope does not make inroads with the outdoor hospitality industry is the growing practice of hotels to impose so-called “resort fees”. This practice is so deceptive that it has generated lawsuits filed on behalf of consumers by 47 state attorneys general, who had recently negotiated an agreement with the Federal Trade Commission, until the Trump administration ordered the FTC to back off, siding with the hotel industry rather than the interests of consumers. Nonetheless, guests have little or no tolerance for deceptive rate embellishments.

Consider the All-Inclusive Approach

A far better – and opposite – approach is the all-inclusive concept, where guests are willing to pay a premium for the privilege of avoiding add-on fees. The all-inclusive concept originated with Club Med way back in 1950. It is the rule rather than the exception in some vacation destinations such as Mexico and the Caribbean. The concept has since been embraced by resort operators, cruise lines, travel agencies and online booking companies, several major airlines (including United, JetBlue, and Southwest), hotel chains (including Marriott and Hilton), and even wholesale buying clubs like Costco.

With all-inclusive pricing, as the name implies, guests willingly pay a premium fee for the privilege of vacationing without having to pull out their wallets throughout the course of their stay. All-inclusive pricing is most popular with destination resorts and highly competitive, saturated tourism markets. Probably the best known and most broadly marketed of these practitioners is Sandals Resorts International, which now promotes the tagline of “more quality inclusions than any other resorts on the planet”. Their all-inclusive stays include accommodations, dining, wine and spirits, golf, water sports, scuba diving, land sports, and entertainment. Even here, there are fee-based options such as spa treatments, premium wines, and scuba certification, as well as some restrictions on golf that vary from one resort or level of accommodations to another. The bottom line is that guests feel that they are being offered far more than they would otherwise expect.

Unfortunately, when I perform a Google search for the terms “all-inclusive campgrounds” or “all-inclusive camping resorts”, the results are pretty limited. I am more likely to find dude ranches, cabin resorts, and family resorts that do not fit the definition of a campground. Nonetheless, it seems that there is a small but growing list of campgrounds, ownership groups, and franchises that are discovering and beginning to capitalize upon the “all-inclusive” buzz words.

When I clicked through to the website of a campground in Michigan that calls itself “all-inclusive”, I found that it did not charge extra fees for most of its planned activities (something that is not all that uncommon); however, it charges extra fees for bike rentals, boat rentals, boat launching, and a few other “add-ons”. Another park in Wisconsin is promoting its all-inclusive pricing but is also charging for a short list of optional services that include boat and golf cart rentals, its laundry, and honey wagon service. Finally, a Jellystone Park in Texas is really promoting an all-inclusive pricing concept that includes full use of a wide range of recreational amenities – from miniature golf to a jumping pillow to a splash park. In each instance, the point of emphasis is not the list of fee-based options but the list of what is included at no additional charge.

The key to growth in the family camping industry has always been to draw in a new wave of guests who do not currently consider themselves campers. To reach them, offer them the unexpected and create the perception of overwhelming value that they have come to appreciate elsewhere. An all-inclusive approach to pricing may prove to be an idea whose time has come.

This post was written by Peter Pelland