I first addressed the issue of ADA compliance and its impacts upon campground websites in early 2019. In the year since, it has become a recurring nightmare and just about everyone has been made aware of the ongoing problem. Campground owners and website developers have reacted, some have overreacted, and we have all learned a great deal in the process. Rather than rehashing the background of the Americans with Disabilities Act of 1990, its implementation, and the case law history that has encouraged the proliferation of lawsuits against campgrounds and other small businesses, I would like to share some of what we have learned over the past year, offering advice on what you need to do to protect your business.

As the title of a seminar that I recently presented before the Pennsylvania Campground Owners Association (PCOA) would suggest, it is important to separate the myths and rumors from the facts and solutions. Right from the start, let me explain that I am not an attorney and, in most instances, neither are you. If you are the target of what might be considered a frivolous lawsuit introduced by a serial plaintiff and an opportunistic attorney, you need serious legal representation, hiring a defense attorney with specific expertise in these matters. Far from small claims in a district court, these are class action lawsuits entered in federal courts, where the apparent objectives are costly out-of-court settlements.

Lawsuits Have Addressed Both Title II and Title III Complaints

A recent wave of lawsuits randomly targeted campgrounds in the state of New York. The complaints allege violations of both ADA Title II (which includes website construction, including reservation components) and Title III (compliant facilities, such as accessible facilities and rental accommodations.) In fact, one of the most significant website complaints is a failure to adequately outline, in detail, the accessible features within a park. Of course, this in itself presents a Catch-22, where you do not want your website to present an admission of a failure to comply.

The lawsuits that I have seen reference the need for compliance with the Web Content Accessibility Guidelines (WCAG 2.0), even though these were replaced by WCAG 2.1 guidelines back in June of 2018. It is important to understand that these are only guidelines, since actual regulations were never released, as planned, in 2018. The lawsuits also reference the availability of “several screen reading software programs” for use by the blind and visually impaired, but then specifically references the expensive Job Access With Speech (“JAWS”) screen reader. Free screen reader software can be easily installed on any computer, and will demonstrate that the text is fully readable on almost all websites.

Trust the Competency of Your Website Developer

Regardless of which company you may be using, it is fair to say that if you are working with any of the major website developers serving the family campground industry, you can trust their competence. The greatest risks are when your webmaster is the man in the mirror, your nephew, a local computer shop, or the boy down the road. Remember that it is your business that is at stake. Your website must meet WCAG 2.0 (or 2.1) guidelines. There are online tests that may be run, including the Web Accessibility Evaluation Tool (WAVE) and the PowerMapper SortSite Desktop website testing tool. Though highly inaccurate and full of false positives, they can represent a starting point for evaluation. They use different heuristics for essentially guessing whether or not a site is accessible. For example, some checkers do not know the difference between a missing alt attribute (a very important factor with screen reader software) and one that is intentionally specified as blank. Your webmaster knows the difference.

Presuming that you are taking a proactive approach and have not yet been sued, the following is a list of some of the most important factors to check on your website.

• Does your website include an “accessibility statement” that outlines how you are making a good faith effort toward being compliant (but NOT admitting a failure to comply)?
• Do you have “alt” tags (text alternatives) for every non-text element, not just images?
• There should be no text on your site that is scanned from a document and presented as a JPEG or other graphic file. Is there any text that cannot be selected by dragging your cursor?
• Are you identifying the site’s language (typically “en-us” to indicate “English” with the “United States” subtag), allowing text readers to more easily identify the language used?
• Does each page on your website have a unique and adequately descriptive title?
• Can the text on your site be resized up to 200% and maintain its clarity?
• Are all forms properly tabbed for easy keyboard navigation?
• Do your forms (including third-party reservation forms) offer alternatives and suggestions for input errors?
• Do your text and background colors maintain a high contrast ratio, avoiding text that overprints images?
• If videos on your site include any spoken words, are the videos captioned?
• Does your website allow users to pause and stop any moving content?
• Does your website avoid content that changes upon visual interaction, such as so-called “mouse-over” or “hover” content?
• Are PDF documents on your website tagged and compliant with PDF/UA (ISO 14289) and WCAG 2.0 standards?

Many of these standards have been long followed by website designers for a variety of reasons. For example, “alt” tags that are used by text readers are also read by search engine robots, and tabbed forms enhance usability for all users.

Talk with Your Insurance Agent

I am hoping that most people reading this article have not yet been victimized by an ADA compliance lawsuit. If you have not been sued, it is safe to say that it could happen at any time. It is not a matter of “if” but a matter of “when” it is your turn. Fortunately, every commercial insurance carrier serving the campground industry offers what is known as cyber insurance coverage that will provide coverage under these and a variety of other computer-related circumstances. Consider this a necessary cost of doing business, and contact your insurance agent without delay.

Final Warnings

You should also be aware that, although frequently evaluated in visual terms that impact the blind and visually impaired, the Americans with Disabilities Act of 1990 also prohibits barriers to the deaf, dyslexic, or people with cognitive issues or learning disabilities. We are currently only seeing the tip of the iceberg.

Many people are trying to capitalize upon the current fears and hysteria. Keep in mind that no website developer can build you a website that is guaranteed to be 100% ADA compliant (short of a site that consists of nothing but bold black text on a white background.) Avoid the temptation to believe that a compliance widget will solve your problems, even though it might help you and your webmaster to feel good. If you would like your website to include a tool such as the Userway Web Accessibility Widget, that is fine but keep in mind that it is not a substitute for proper coding and that it does not perform any functions that a handicapped person cannot already perform without the use of the widget. On the other hand, it might serve as one step toward potentially persuading a judge or jury that you are making a good faith effort at compliance.

Above all else, do not panic and overreact. Some people have gone to the extreme of taking down their websites or redirecting their URL to their Facebook page. Even temporarily, that will inflict major harm upon the search engine ranking that you have worked so hard to build over the years. You may as well disconnect your telephone or take down the sign at your entrance. We are living in a complicated world, where it is important to adapt to changing circumstances, not retreat into a cave.

I would like to share the knowledge that I have acquired as a result of my first-hand expertise on a very important and widely misunderstood topic. Tick-borne illnesses represent a broad spectrum of bacteriological infections, one of which is broadly recognized as “Lyme disease.” Ever since a cluster of families in Lyme, Connecticut first suffered varying but unexplained symptoms back in 1975, the CDC (Centers for Disease Control and Prevention) has been in denial about either the existence or the number of people infected, citing peer-reviewed medical studies conducted by physicians and scientists on the payrolls of the pharmaceutical and managed health (insurance) industries.

Family physicians have widely misdiagnosed tick-borne illnesses or depended upon the highly unreliable ELISA and Western Blot blood tests that the CDC endorses. Unless a patient was “lucky” enough to display an erythema migrans (the bull’s eye rash that does not always appear, does not always look like a bull’s eye, and does not necessarily appear at the location of a tick bite) that the CDC accepts as a definitive sign of infection, physicians tended to treat the symptoms rather than the underlying causes.

Since the early days, doctors who specialize in trying to help Lyme disease patients have frequently been subjected to formal complaints, typically initiated by the health insurance providers who do not want to pay for treatment and who have the CDC’s denial on their side, often leading to the suspension or revocation of their licenses to practice medicine. Often out of fear, as well as the lack of information, general practitioners generally throw up their arms or grasp at any diagnosis that might explain away the classic symptoms, uselessly prescribing painkillers, steroids, or perhaps a short dose of antibiotics.

My Journey

In my case, over the course of decades of occasional tick bites, primary care physicians repeatedly told me that I tested negative (the nearly useless ELISA tests) and explained away my symptoms. Pain in my hands was written off as rheumatoid arthritis, being continually tired was written off as chronic fatigue syndrome (an imaginary illness) and spending too much time in front of a computer screen, pain in my joints was written off as “tennis elbow” and too much exercise, and pain in my neck was written off as sleeping on a bad pillow. Due to a combination of a very strong immune system and a high tolerance for pain, my symptoms were generally manageable. On two occasions, when the fleeting pain in my limbs became overwhelming enough for hospital emergency room visits, the puzzle pieces were not assembled and there was no diagnosis.

It was not until early in the summer of 2019 that I experienced a flare-up of most of the classic symptoms of Lyme disease – including the definitive rash – after being aware of another tick bite. Fortunately, it was a Sunday, so I went to a nearby urgent care clinic, where the physician’s assistant on duty immediately recognized the rash and symptoms, prescribing three weeks of antibiotics. I called my (former) primary care physician’s office afterward, asking to be tested for co-infections, and the office never returned my call.

On that first round of antibiotics, after an initially violent immune system reaction, many of my symptoms subsided, and I started an odyssey of reading everything I could find on the subject of tick-borne diseases. Certain that I was suffering from co-infections, I searched out a nearby specialist who ordered what are probably the only blood tests that are truly effective at flagging antibodies to the various diseases. The results indicated that I am infected with two active strains of borreliosis (Lyme disease) and six serious co-infections, some of which have been present and undiagnosed for decades. I am now on a long-term treatment program that includes multiple antibiotics, probiotics, powerful herbal regimens, and herbal compounds to support my immune system. (It turns out that the roots of the invasive Japanese knotweed plant – highly revered in Japan, Korea, and parts of China – are a miracle herb, higher in resveratrol than anything else on the planet.)

I am probably one of the fortunate few who are now on what is nonetheless a long road to recovery. Tick-borne illnesses usually have a much more debilitating effect upon infected children and the elderly, where symptoms are quite often misdiagnosed (and mistreated) as Amyotrophic lateral sclerosis (ALS), Multiple sclerosis (MS), Parkinson’s disease and Alzheimer’s disease. Part of the problem is that different people have different symptoms, co-infections require different treatments, and chronic (long-term) infections are much more difficult to treat than acute (recent) infections.

A Few Facts

• Although usually referred to as insects, adult ticks have 8 legs and are actually arachnids, more closely related to spiders.
• All types of ticks are infected, not just one as was originally believed. This includes hard-bodied ticks, soft-bodied ticks, deer ticks, dog ticks, and every other type of tick.
• Most ticks carry a laundry list of infectious bacteria, not just the Borrelia burgdorferi that cause Lyme disease.
• The same diseases can also be carried and transmitted (though less commonly) by mosquitoes, biting flies and fleas.
• Infected ticks are endemic throughout the United States (and most of the world), not limited to New England, the Mid-Atlantic, Upper Midwest, and West Coast as is often believed.
• A tick can transmit the disease spirochetes into your bloodstream within 10 minutes, not the 24-36 hours that is commonly believed.
• The Borrelia bacteria are spirochetes, highly adaptive organisms that respond to antibiotics by evolving into resistant cysts and forming biofilms.
• The bacteria spend little time in the bloodstream, finding their way into ligaments (hence the common joint pains) and tissues, favoring the knees, brain and heart.
• You can be infected by a tick in any stage of its development – larval, nymph, or adult.
• Ticks most commonly feed on mice and deer; however, they are known to feed on well over 100 host types, including lizards and birds. Migratory birds have helped to make the diseases endemic. Check your dogs and cats when they come in from the outdoors!
• Lyme disease is not new. Remember the 5,300 year old ice mummy found in the Austrian Alps back in 1991? That corpse contained Lyme disease DNA.
• Ignore the conspiracy theories and quack cures found on the Internet.

Sounding the Alarm

If you run a campground, you are probably spending a significant amount of time outdoors doing things like raking leaves, cutting brush, and cleaning sites. Perhaps you hunt, fish, hike, golf, or pursue other outdoor activities in your leisure time. Ticks prefer moist woodland environments, tall weeds and grasses, edge zones (such as the roughs on a golf course), and places such as stone walls and wood piles. If you are spending time in any of these environments, it is recommended that you treat your outer clothing, footwear, and camping gear with permethrin solution which will kill ticks within 10-20 seconds. It is also recommended that you use an effective tick repellent when outdoors. DEET is commonly recommended, but there are equally effective herbal compounds that are safer to use. Whether or not you are aware of having been bitten by a tick, if you are experiencing flu-like symptoms, pain in your joints (particularly knees and elbows), pain that seems to migrate from one part of your body to another, headaches, a stiff neck, swelling in your knees or other joints, a feeling of always being tired, or memory problems that are often described as “brain fog,” seek out a Lyme disease specialist. Lyme-related diseases represent one of the fastest growing epidemics in the United States today, and they are not to be taken lightly.

I recently wrote how one of the biggest mistakes was to have a website without the advantage of running Google Analytics. It is a free tool, it is easy to install, and it provides a wealth of extremely valuable information regarding a website, its traffic sources, and much more. I have also learned over the years that most people never take the time to actually review the data now at their fingertips, or they get lost in the sheer volume of all that is available. I have often spent 20 minutes on the phone with a client when both of us are logged into their Google Analytics account, walking them through the process of what to look for and where to find it. Let me attempt to take a similar approach to guide readers through the process.

Is it Installed?

Prior to proceeding any further, you need to confirm that Google Analytics is actually installed and running on your website and that you have been set up with user access. Ask your webmaster. If either you or your webmaster are uncertain (and it is not a good sign if your webmaster is uncertain!), view the source code on the Home page of your site by right-clicking on the page and choosing “View page source”. Then search the page’s source code for a string of text that begins with “UA-”. This will show you the Google Analytics tracking code and script if it is installed, usually near the top or the bottom of the page.

Presuming that Google Analytics is installed and running on your site, you also need to be set up as a user with access to the account. By only being accessible to authorized users, you are prevented from allowing just anybody to access this data, particularly your competitors. Once you have confirmed that Google Analytics is installed and that you have been set up with user access, it is now time to log into your account to sort through the mountains of data.

Changing the Default View

When you reach your Google Analytics Home page, you will be shown a snapshot that includes active users (the number of people who are on your site right now) and a summary of some of the basic data compiled over the past 30 days. Although it is fun to see the number of active users on your site, along with which pages they are visiting, this information is generally not as useful as cumulative data. To get into the detailed data, click on the “audience overview” link. By default, this is going to show you a graph with daily traffic counts over the last 30 days; however, I think that it is generally more useful to chart the previous year’s traffic. In the upper right of the page, click on the down arrow to the right of the date range, then choose “custom”. There will be two date boxes, with the one on the right showing yesterday’s date. Change the date in the box on the left to show today’s date last year. While you are there, check the box that says “Compare to previous period”, then click “Apply”. I suggest that you continue to graph your data on a daily rather than weekly or monthly basis.

Sort the Wheat from the Chaff

Because most campgrounds are seasonal businesses, the annual graph is likely to look like a rocky roller coaster ride. For parks in northern states, the lowest traffic volumes will probably occur in December, after your park has closed for the season, people are more concerned with holiday shopping than where to camp next August, and the winter camping shows have not started to spur new interest in camping for the following year. You are also likely to see occasional spikes in traffic that may coincide with marketing efforts such as camping shows, investments in advertising campaigns, or links that appear in social media or review sites. The overview data will display the number of users, new users (people who had not previously visited your site during this time frame), sessions (which accounts for users who visit your site more than once and which is directly related to the number of sessions per user), pageviews (a cumulative number), pages per session (where you want people to visit enough of your site’s content to progress to your reservations page), the average session duration (where more time is more likely to persuade), and bounce rate (worthless traffic, generally bots that visit a single page on your site for a total of 0 seconds.) Because you have elected to compare data to the previous period, every set of number will be accompanied by a percentage showing an increase or decrease from the previous year, a useful demonstration of overall trends.

Refer to the “Reports” in the left-hand column, then scroll down to Audience > Geo > Location, and you will reach a world map and summary of demographic information. Your primary source country for traffic will undoubtedly be the United States, but it is also useful to know if you have significant amounts of traffic from beyond our shores. Click on “United States” (or the U.S. on the map) to open or zoom into a sequential list of the states that are sending you traffic. You can also click on any state to see the clusters of cities and towns within the state that are sending you traffic. With Google Analytics, you can click on almost anything to open a more detailed breakdown. Do you want to know if your participation in a camping show or advertising in a local newspaper provided you with a return on investment? This is one place to look.

Scroll down again to Audience > Mobile > Overview, and you might be surprised by the increase in traffic from users of mobile devices, generally coming at the expense of users of desktop (including laptop) computers, with tablets generally never gaining a significant amount of traction. If your site is not mobile-friendly, here is proof that it is losing you income.

Traffic Sources

When you are driving down the highway, the last thing you want is to encounter traffic; however, when you have a website, traffic is mission critical. Scroll down to Acquisition > All Traffic > Channels, and it will not be surprising if your primary source of traffic is organic search on Google. Although the results will show a list of the most important search phrases that have been used to actually reach your site (and which should influence the keywords in use on your site or chosen for any paid advertising campaign), the highest number will probably be “(not provided)”, which represents tracking data that Google was unable to gather, generally because the user was logged into Gmail or another Google Account while performing their Google search. When this occurs, the search is conducted over SSL and the search query data is hidden. Hopefully enough actual keyword numbers are shown to still provide you with the useful information you need.

Pennies from Heaven

Scroll down again to Acquisition > All Traffic > Referrals to see the other sources of traffic to your site. The top of the list will probably include your state association website, various campground review sites, Good Sam, state and local tourism websites, Facebook, Yelp, and local businesses with reciprocal links to your site. Once again, these numbers will help to justify your involvement with any paid advertising programs on referring sites. Although there may be costs involved in Good Sam advertising, your state association membership, and your membership in your local chamber of commerce or tourism association, their websites are targeting your market demographics and are likely to send you significant amounts of traffic that far outweigh your out-of-pocket costs.

These are only a few tips in the process of discovering what Google Analytics can do for you. There are hidden treasures to be found with many other clicks, but you will never discover them if you do not log into your account and put it to work.

The biggest mistake that many small business owners might make would be to build and maintain their own website. Sure, companies like GoDaddy, Wix, Weebly, and Vistaprint make it look like an easy task that anybody can handle, but do you simply want a website or do you want a website that can effectively compete online? Playing part-time webmaster when your business is at stake is clearly an example of being penny wise and pound foolish.

The next temptation is to hire one of the thousands of amateurs who hang out a “webmaster” shingle simply because they can navigate their way around the basic use of a CMS website building platform. That might be the computer repair shop in town that is trying to keep itself busy or even a family member or that “nice kid who knows a lot about computers” down the road. Inevitably, these people know very little about how to generate effective online buying decisions, and they absolutely understand zero about your particular business and its competitive environment.

Whether you insist on building your own site, or whether you simply want to keep an eye on your webmaster, there are a few common mistakes that you will want to avoid. Usually these mistakes are errors of omission, but they can also be reflections of careless work habits.

1. Ignoring Mobile Devices: Checking the Google Analytics of two client websites in recent days, I was astounded to see that over two-thirds of traffic was now coming from users of smartphones, with conventional desktop and laptop computers coming in third to tablets. If your site is not mobile-friendly, you are turning away a tremendous portion of your market. Do not be deceived by the fact that almost any website may be viewed on a smartphone. There is a big difference between being able to view a site and actually engaging in a non-frustrating experience. Has your site abandoned the use of Flash (a popular way to present dynamic website content until support was dropped by iOS and Android devices), is content scaling down to the size of the display, does the navigation work with pudgy fingers, and can users tap a phone number displayed on your site to initiate a phone call?
2. Google Analytics: Yes, that comes next on the list. One of the biggest mistakes that can be made is to have a website without the advantage of running Google Analytics. It is a free tool, it is easy to install, and it provides a wealth of extremely valuable information regarding the visitors to your site, traffic sources, and much more.
3. Using Templates and Ignoring META Content: I am amazed at how many website titles display as “Just another WordPress site” because the webmaster did not take the minimal time and effort (or perhaps did not have the knowledge) to substitute an appropriate keyword-based title for the default template setting. A site’s title tag is critically important in organic search, and nobody is ever going to search for the term “just another WordPress site campground”, so it should be clear that having that as your site’s title will put your park at a severe disadvantage. Without naming names, I just found campgrounds suffering from exactly this failure located in Wisconsin Dells, WI; Marcellus, MI; Crossville, TN; Antonito, CO; Fletcher, NC; and Calvert City, KY.
4. ADA Compliance: Many of the factors that determine whether or not a website is ADA compliant involve the same META content that search engine robots love. These include image ‘alt’ tags and a site’s language tag. Other factors are part of a site’s mobile-friendliness, including scalable text. Your site should also maintain a proper contrast ratio between text and background colors, the site should be navigable by keyboard, and videos should be captioned. Very importantly, let people know about any accessible accommodations and facilities at your park.
5. Orphans: I am not talking about Mickey Rooney and Boys Town. I am talking about pages on a website that fail to link back to the other pages of the site. Sort of like a dead end in a corn maze or a hall of mirrors, orphan pages are very frustrating to site visitors.
6. Broken Links: Formula 409 is a well-known cleaning and degreasing product that has been around since the 1950’s, but 404 error messages on a website are about as popular as a “door-buster” item at Walmart that is out of stock the moment the store opens and the sale begins. People see these frustrating messages when they click on a broken link, typically because a page has been deleted without updating its incoming links.
7. Unencrypted E-Mail Links: You would not display your credit card number on a poster in Times Square, and you would certainly not hand out keys to your home or automobile to total strangers, so why would you display an unencrypted e-mail address on your website? Without encryption, the message to e-mail address harvesting spam robots is “Here I am. Come get me!”
8. Broken Graphics: One of the telltale signs of a beginning webmaster is broken graphics. If graphics are linked to files on a local computer, they will appear normally, but only on that computer. Anybody accessing the page from any other device anywhere in the world will see a broken graphic link.
9. Slow Loading Images: Have you ever visited a website, only to watch images slowly loading, as if they were being slowly painted onto your screen? Almost inevitably, it is because the person maintaining the site has used enormous photos on the pages then has those images being scaled down to size by the browsers of end users. The enormous files are being needlessly downloaded, then resized, when properly sized and optimized images would have loaded immediately.
10. Out of Date Content: You would not buy a gallon of milk that was past its expiration date, would you? Well, why would you expect people to “buy” what you are selling on your website if its content looks like it is way past its “best used by” date? Specifically, rates and schedules should show the current year. Particularly when it involves pricing, nobody wants to make a buying decision when there is pricing uncertainty.

These are only 10 common mistakes that webmasters frequently make. The overall best advice is to avoid working with that webmaster in your mirror (or that clever kid down the road) and to choose one of several professional companies that understand the campground industry and with reputations you can trust. You have better things to do than look for mistakes on your website … or to deal with the consequences of those mistakes.

I have always had an affinity for small family-owned businesses. I was raised in a small business environment, I own and operate a small business, and most campgrounds are small businesses. My favorite clients are probably otherwise known as Mom and Pop. What we have in common is a willingness to work endless hours and the ability to wear a variety of hats during the course of the day.

My small business experience began during my early childhood. My father’s business was located on the same parcel of property as our home, and I was fortunate enough to be able to appreciate the continuous overlap between our family life and business. Sometimes it’s just in your blood to control your own destiny and be your own boss, although you quickly understand that you are actually working for your customers. My father was one of 10 children of French-Canadian immigrants who built their lives out of virtually nothing, and most of his siblings were also small business owners.

In my father’s instance, his destiny was in the wholesale produce business, leaving high school in his junior year when he was offered a partnership in an existing business that he grew into that home-based business and a warehouse that was built the year I was born. When I was in grade school, I could not wait to return home in the afternoon to see what chores I could be assigned in the warehouse, even though most of the activity took place much earlier in the day. When I was a 16-year-old high school student, I remember getting my driver’s license one morning and being sent off by myself in a truck to pick up a load of butternut squash that afternoon at a farm in the next county.

What I learned from my father I also see when observing my clients at work and fellow vendors at trade shows. In addition to the aforementioned commitment to long hours, I find that the key ingredients to success are a commitment to quality, a willingness to take risks, and the ability to innovate. Above all else, it involves a total dedication to the needs of your clientele.

My father’s customer base consisted of a combination of small businesses and larger commercial enterprises. Those customers included corner grocery stores (and later convenience stores), supermarkets, restaurants, caterers, schools, hospitals, nursing homes, and the commissary at the nearby air force base. At an earlier time, before I was born, truckloads of produce would be driven non-stop to be unloaded into the backs of transport planes that were part of the Berlin Airlift.

As times changed, my father’s customer base changed. In 1958, the “Chef” potatoes that were peeled and prepared by hand in virtually every food service operation in the country were suddenly replaced by the frozen French fry. Three railroad carloads of Maine potatoes sat and rotted in a new warehouse expansion that had been built specifically for their short-term storage. The crystal ball was not always crystal-clear, and the risks involved in the perishable food industry have always been enormous. It was important to explore new product offerings and to respond to new customer demands. Exotic fruits were introduced, and ethnic Asian and Hispanic businesses had demands for produce that had been previously somewhat “foreign”. Soon thereafter, organic produce became a major product line rather than merely a niche.

In every instance, it was important to not only respond to customer demands but to attempt to forecast that demand, influencing it through marketing that was based upon inventory of a highly perishable product line. It was also important to source produce as locally as possible, at least on a seasonal basis. Although primary sources of supply were large regional distribution centers (in our instance, Boston) with railroad sidings and easy highway access, every effort was made to buy directly from local farms during their harvest seasons. Freshness was mission-critical, along with same-day delivery – usually within two to three hours.

In the years since my family business experience, the produce industry – like the campground industry – has changed dramatically. Large buying groups were designed to eliminate the middleman, with large supermarket chains and food distribution networks like Wal-Mart, Whole Foods and Costco having the power to buy direct, providing their own transportation, warehousing, and distribution network. For the smaller buying organizations, the integral role that was played by wholesalers such as my father’s business was replaced by much larger food distribution companies such as Sysco, U.S. Foodservice, Performance Food Group, and Gordon Food Service – each of which maintains dozens of distribution centers throughout the United States.

With all of this background in my blood, it is easy to understand how I have an appreciation for smaller small businesses, and campgrounds provide a very natural fit. Fortunately for campgrounds, the vendors within the industry provide a myriad of opportunities to work with businesses that are similarly sized – or even smaller than most campgrounds themselves. I would encourage you to maintain loyalties with vendors that have proven their reliability and commitment, thinking “small” or more “local” whenever it makes practical sense. As I walked the halls of industry trade shows in recent months, it was easy to spot not only new vendors within established product and service categories, but also several startup companies with new approaches to old ideas, as well as some with entirely new ideas that might benefit your business. Be open to considering what they have to offer, understanding that they may or may not offer any advantages whatsoever over working with proven performers. Ask them to share their visions, explaining the problems their businesses are designed to solve, and giving them an opportunity to listen to you. Generally speaking, vendors who take more time listening and getting to learn about your business, rather than telling you about their products, are the ones whose trust you want to establish and maintain for years to come.

I attended a trade show in Florida late last year, flying into and out of Daytona Beach International Airport, a smaller airport that is serviced by only three airlines (Delta, American, and JetBlue) with a limited number of arrivals and departures. During the event, we stayed at the Hilton Hotel that was the designated host hotel for the conference. At the close of the conference, we were anxious to return home to Bradley International Airport. We had a connecting flight in Charlotte, where the airlines were already cancelling flights in advance of a large storm that had a bullseye on the Carolinas. Timing was critical.

Our flight out of Daytona Beach was on a plane that arrived with a mechanical issue that needed to be addressed, delaying departure on this, the last flight out of the airport for the evening. The delays were extended, due to the fact that there are no technicians available in Daytona Beach to sign off on a safety report. The plane was not moving until after a technician could drive in from Orlando. The gate counter had a line of people who were trying to explore their alternatives, essentially the choice between spending another night in Daytona Beach or waiting for the plane to be approved for its late departure. Unless your final destination was Charlotte, you were going to be stranded there for at least another day.

Some of the passengers were more irate than others, taking out their frustrations on the gate agents, seemingly without understanding that the situation was beyond the control of those airline employees.  In our instance, treating them with due respect, one of the gate agents and her supervisor went well out of their way to find alternate arrangements to get us home with the least delay possible. Flying to another airport, such as Boston or Providence, was not an option because our car was parked at our home airport outside of Hartford. American Airlines departures from Daytona Beach only fly to Charlotte, so our workaround involved getting us to another airport with alternate destinations.

The airline pulled our checked bags (refunding our baggage fees), paid for a taxi to take us to the airport in Jacksonville, arranged for a ticket agent to work overtime to meet us at the ticket counter in Jacksonville (that was otherwise closed by the time of our arrival), and paid for us to spend the night at a Hilton Hotel near the airport so we could catch an early morning flight that would connect in Philadelphia rather than Charlotte – ahead of the coming storm. This was customer service above and beyond anything that could be reasonably expected. Let me add that we were not flying first class but in economy seats.

If you have been following the news recently, you probably recall that several airlines have suffered some widely reported public relations disasters. There was the United Airlines incident where a passenger’s puppy died after they were forced to stow it in the overhead bin and another incident where a passenger was dragged from an overbooked United Airlines flight when he refused to voluntarily surrender his seat to another passenger. Recovering from bad press can be a slow and difficult process. Fortunately for most small businesses, customer relations incidents generally occur on a one-on-one basis. As long as you do the right thing, reasonable people will appreciate your efforts. These are example of successful customer service. The customer service failures in this story begin with Hilton Hotels.

The ticket agent working overtime at the American Airlines counter in Jacksonville was tasked with making our hotel arrangements at the nearby DoubleTree by Hilton airport hotel. When he called both Hilton reservations and the local hotel’s front desk, he was told that no rooms were available. I fired up my laptop, went to my Hilton Honors account, and saw that there were plenty or rooms available at the hotel. What Hilton would not do – after 10:00 PM on a night where they had dozens of vacant rooms that would otherwise generate zero income – was honor the so called “distressed passenger” discounted rate that is the usual arrangement between hotels and the airlines. We had to pay for the room ourselves, and then provide a receipt to the airline for reimbursement (which was processed and paid quite promptly.) Think of this from a campground’s perspective. If you have unsold inventory at the last minute on the day before the start of a summer weekend, you are likely to offer space at a discount rather than leave a site vacant. For a hotel, 10:00 PM on the night of arrival is definitely the last minute to sell an otherwise vacant room.

Also if you have been following the news, you know that both Hilton Hotels and its DoubleTree brand have suffered some public relations disasters over the past year, not the least of which was the incident in December of 2018 where a registered guest (who happened to be African American) was evicted from the DoubleTree Hotel in Portland, Oregon for using his cell phone in the lobby. With bad press like that, you would think that DoubleTree by Hilton Hotels would be going out of its way to try to cater to its customers. Public relations disasters are almost always preventable, and public relations success stories almost always result from employees who have been empowered to do the right thing, every time and under all circumstances. Of course, this does not mean that every Hilton or DoubleTree Hotel is problematic, but bad press for any member of a franchise casts a shadow of doubt over the entire chain.

Some might argue that providing exceptional customer service is too costly and time-consuming or that the good deeds are rarely recognized beyond the direct recipient. I would argue that consistently positive customer relations can serve as the foundation of a company’s success. In the long run, it is a winning strategy.

Wait, There’s More …

Did I mention how pleased I was with American Airlines? Well, it did not take long for this enthusiasm that American Airlines had generated to get flushed totally down the drain. Allow me to explain …

Three months later, I happily returned to American Airlines to book a flight from Hartford to Colorado Springs, paying $463.00 for my round-trip fare. My return flight was one of 40 flights that were cancelled on March 7, 2019 when 14 of American Airlines’ Boeing 737-800s were taken out of service due to mechanical issues with overhead bins.

Upon notification of the flight cancellation, I called and spoke with an American Airlines ticketing agent who, over the course of a lengthy telephone conversation, assured me that my ticket had been transferred to United Airlines for a return to Hartford via United. On the basis of this assurance, I checked out of my hotel, returned my rental car, and proceeded to the United Airlines ticket counter in Colorado Springs, where I was told that I did not have a ticket.

Going back and forth between the United and American ticket agents in Colorado Springs, I was told that American Airlines would not transfer my ticket because I had purchased a basic economy fare. I understood that this fare meant that I would board in the last group, not have pre-assigned seating, would not be eligible for upgrades, and that I would not qualify for flight changes or refunds due to changes in my plans. I was there to fulfill my end of the agreement and was not of the understanding that this fare would disqualify me for the transfer of my ticket to another airline in an instance of a mechanical failure on the part of American Airlines.

Without any viable options, I paid United Airlines $1,312.00 (plus a $30.00 baggage fee) for economy seating on my return flight. The American Airlines ticketing agent in Colorado Springs told me that I could contact American Airlines for reimbursement for the unused portion of my fare. I requested not only that reimbursement but reimbursement for the full amount that I paid to United Airlines after I had been told that American had transferred my ticket.

While I understood that American Airlines was under no obligation to offer me this compensation, I would hope that under consideration of my past loyalty and future travels, it would choose to do the right thing. It did not. It has been over 6 weeks since I wrote to American Airlines, and they have not even responded to my letter, let alone issue a refund. I know that, like several other airlines, American has been taking a hit with the grounding of its Boeing 737 Max 8 fleet. On the other hand, they have not been too preoccupied to prevent them from spamming me on a daily basis, promoting dubious travel deals and a variety of ways to earn AAdvantage miles. I will pass.

The lesson I have learned, in addition to NEVER again buying a basic economy airfare ticket, is that big companies like American Airlines can never be trusted to do the right thing in the long run. My enthusiasm has been crushed, and my loyalty has been obliterated. Thanks for nothing, American Airlines!

In recent weeks, a growing number of campgrounds have received letters and phone calls from legal entities raising questions regarding their websites’ compliance with ADA standards. In this case, ADA stands for the Americans with Disabilities Act of 1990. Signed into law by President George H.W. Bush, the ADA was a natural extension of the Civil Rights Act of 1964, prohibiting discrimination against people with disabilities in all aspects of public life. At its signing, President Bush said, “This act is powerful in its simplicity. It will ensure that people with disabilities are given the basic guarantees for which they have worked so long and so hard: independence, freedom of choice, control of their lives, the opportunity to blend fully and equally into the rich mosaic of the American mainstream.” In 1990, the Internet as we know it today did not even exist, and interpretation of the law today is far from simple.

The ADA is comprised of sections referred to as “titles”. Title I prohibits discrimination in the workplace by any employer with 15 or more full-time employees. Clearly, this applies to the hiring practices of larger campgrounds. Title II prohibits public entities from discriminating against “qualified individuals with disabilities” by excluding them from services and activities. Title III requires that newly constructed or altered public accommodations comply with ADA standards. For campgrounds, considered “public accommodations”, this is why your new restrooms and other remodeled facilities must be universally accessible. Titles II and III have also raised issues regarding accessible swimming pools and accommodations for service animals. Titles IV and V cover telecommunications (closed captioning) and miscellaneous provisions that are of lesser concern for your business.

Title II Is the Basis for the Current Problems

Originally applied to state and local governments, the definition of what constitutes a “public entity” has become far more broadly interpreted. The Internet and websites (which, as you recall, did not exist in 1990) are now being challenged as “places of public accommodation” due to the way in which they are accessed. This interpretation has been encouraged by legal challenges; most notably the Winn-Dixie case in 2017, where a plaintiff in Florida was successful in one of over 175 (as of November 2018) such lawsuits that he has filed against businesses with websites claimed to be partially inaccessible to the blind. His attorneys were awarded over $100,000.00 in damages. In addition to South Florida, popular federal court jurisdictions for the filing of such suits include Western Pennsylvania, California, and New York City, according to Forbes Magazine.

Regulations regarding websites were slated to be finalized in 2018, but those standards were put on hold under the Trump administration. On the surface, that would appear to be a prudent move that provides relief for small businesses. Unfortunately, actual regulations (as ill-advised as they may have been) are replaced by extensive recommendations, and a “Wild West” of lawsuits appears to be on the horizon. The ability of robots to search for vulnerable websites has opened up new opportunities for eager attorneys representing not only the blind but individuals with low vision or cognitive impairments, as well as the deaf, using either computers or mobile devices.

In lieu of regulations, highly confusing recommendations have been put forward by the World Wide Web Consortium (W3C), the international standards organization that develops protocols and guidelines for the Internet. Its Web Accessibility Initiative (WAI) has developed a set of Web Content Accessibility Guidelines (WCAG), the most recent version being WCAG 2.1, released in June 2018. The guidelines are broken down into three levels: A, AA, and AAA, where “A” is the most basic and “AAA” is the most extreme.

Meeting “AAA” standards would be prohibitively costly and would severely impede the online marketing efforts of most businesses. On the other hand, most websites are already in compliance with the “A” standards. In the event of a legal challenge, it is widely believed that a small business that shows a good faith effort at providing “reasonable accessibilities” on its website would prevail in its defense. This appears to translate into an attempt to meet as many “AA” standards as practical. The people who will face the greatest challenges are do-it-yourself webmasters. On the other hand, no website design company will realistically ensure 100% compliance with the existing standards.

I am not an attorney. Should you receive any communication regarding the ADA compliance of your website, you are advised to contact your attorney for legal guidance.

Presuming that you are simply taking a proactive approach, the following is a list of some of the most important “A” and “AA” standards.

• Create “alt” tags (text alternatives) for all images and media files.
• Identify the site’s language (typically “en-us” to indicate “English” with the “United States” subtag), allowing text readers to more easily identify the language used.
• Forms should be properly tabbed for easy keyboard navigation.
• Offer alternatives and suggestions for input errors on forms.
• Provide a consistent navigation and layout throughout the site.
• Ensure that text may be scaled up to 200% of size without causing horizontal scroll bars to appear or breaking the layout.
• Ensure that text and background colors maintain a high contrast ratio.
• Allow users to pause and stop any moving content.

Many of these standards have been long followed by website designers for a variety of reasons. For example, “alt” tags that are used by text readers are also read by search engine robots, and tabbed forms enhance usability for all users.

If you are interested, the far more extreme “AAA” standards partially include sign language translations for all videos, text alternatives for videos, 100% keyboard access, definitions for unusual words, explanations of words that are difficult to pronounce, text using a basic reading level, and no time limits or interruptions of page content.

There are online tests that will allow you to check your website for compliance red flags. One of these is the WAVE web accessibility evaluation tool. There are other fee-based online service providers that offer tests and remediation. One such site that I found at the top of a Google search had an image with a missing “alt” tag right at the top of its own Home page, a very basic compliance failure. We are wading through some very murky waters. As always, you need to stay informed. With typically narrow profit margins, it is hard to imagine any business that would willingly fail to welcome all potential guests.

Liability can take many forms, and it is important for every business to take reasonable precautions to protect its interests in the event of either physical or emotional injury claims on the part of guests. Injuries of either type may often lead to claims for compensation and damages, even when the injuries are the result of reckless behavior on the part of a guest or the failure to follow posted rules and regulations. Businesses with greater inherent risks of injury must take greater precautions to protect themselves from the threat of lawsuits.

Campgrounds with greater inherent risks might include parks with ziplines, shooting ranges, river rafting, paintball fields, mountain biking, mechanical bulls, and climbing walls; however, every park has liabilities, and there are probably more personal injury attorneys within a 50-mile radius of your park than there are churches, schools, and hospitals combined.

Many campgrounds utilize blanket release forms known as crowd releases. Crowd release forms are generalized notifications that your guests are surrendering their reasonable rights to sue pursuant to their use and enjoyment of your park and its facilities, and they typically apply to the taking of photographs or videos. A crowd release will warn people that photography and filming may be ongoing at any time, that the images may be used in any and all media, in perpetuity, and that the guest consents to the use of his or her image without compensation by nature of entry; however, crowd releases rarely cross the line and attempt to cover the issues of physical liability. Crowd release forms also constitute rather weak defenses in a court of law.

If your park offers recreational amenities or activities with greater inherent risk, you will want to incorporate some very specifically detailed liability releases. There is no question that risky activities offer a great deal of appeal, particularly among younger guests, and can go a long way toward expanding a park’s customer base; however, it is necessary for your business to take reasonable measures to ensure the safety of its guests and to take measures to protect itself against lawsuits that may result if injuries are inflicted during the pursuit of those activities. Needless to say, the incorporation of these precautions should go hand-in-hand with the purchase of suitable liability insurance.

Downhill skiing and snowboarding are activities where participants assume a degree of risk. For years, the National Ski Areas Association has promoted a Responsibility Code that has attempted to shift responsibility for injuries upon skiers and snowboarders, not the ski area operators. The code advised users to ski in control, be able to stop at all times, avoid those downhill, yield to those uphill, not stop where they would obstruct a trail, utilize retention devices, observe signage, keep off closed terrain, and know in advance how to use lifts.

The Responsibility Code was a start, but the extensive text printed on the backs of most lift tickets these days is now designated as a “Ski Ticket Contract and Express Assumption of Risk”. The following text is typical and taken from the back of a recently issued lift ticket: “I accept and understand that skiing, snowboarding, and other forms of winter mountain sports are hazardous, with many inherent risks and resulting injuries or death. By my purchase and use of this ticket, I freely and willingly accept and voluntarily assume all risk of property damage, personal injury or death which results from my participation in winter sports activities and the inherent risks of such activities as they are defined herein.” This statement is followed by an extensive paragraph that itemizes those inherent risks, both natural and man-made.

One might think that this broad wording would release the business operator from almost all liability; however, the ski industry takes added measures to reduce the risks of injury, including the use of ski patrollers to open and close trails during the course of the day, sweep trails at the end of the day, and evacuate injured skiers from the slopes. Grooming, signage, the increased use of helmets, and improvements in the safety of equipment also help to reduce the likelihood of injuries. Despite all of these efforts to reduce liability, enforceability is never ironclad. In December 2014, the Oregon Supreme Court ruled that a season pass waiver was unenforceable, opening the way to a $21.5 million personal injury lawsuit, and this ruling has since been used to chip away at the overall validity of waivers and releases.

Bearing in mind the potential legal issues of enforceability, parks that provide higher risk amenities should follow the lead of not only the ski industry but also the amusement park industry, which routinely enforces height, weight and age restrictions, along with providing a long list of health conditions that should preclude participation. Those conditions typically include, but are not limited to, pulmonary problems, high blood pressure, cardiac disease, pregnancy, obesity, seizures, prior injuries, fear of heights, and psychological or psychiatric problems. Yes, that list covers just about everything. Health issues require a separate signed waiver.

When I enjoyed the use of a high ropes and zipline course recently, I signed both a written liability release and a health waiver. I was provided with copies of each, I was provided assistance in properly suiting up for the activity, and I was provided with basic instruction in the use of the equipment. In another recent outing, I visited a resort that operates mountain biking trails and a mountain coaster. At this facility, guests are directed to a row of computer kiosks where liability releases and health waivers are digitally signed before tickets may be purchased.

There are a number of companies that provide reasonably priced digital release services that work with either computer kiosks or mobile apps. These services save time, avoid the generation of a mountain of paperwork, are secure, offer cloud storage, provide analytical information, and can even integrate with email marketing programs as a means of generating return visits. Some services even allow seasonal businesses to adjust their subscription services between their peak season and off season. A few of the companies that you may want to look into include:

• Smartwaiver – https://www.smartwaiver.com/
• WaiverForever – https://www.waiverforever.com/
• WaiverElectronic – https://www.waiverelectronic.com/

Whether your park uses crowd releases, liability releases, health waivers, or a combination of all three, it is important to make every effort to protect its interests and to avoid the many catastrophic impacts of personal injury lawsuits.

If somebody asked you the name of the font used on your latest brochure or directory ad, would you be able to answer that question? In fact, if you paid somebody to design that advertising for your business, how long would it take that designer to identify the font? I actually encountered a situation about a year ago where a campground owner asked her website designer for the name of the font that was used as a substitute for a logo on her website. The website designer responded that she did not know, and that it was “just something that she thought looked nice.”

According to Thomas Phinney, the CEO of FontLab, there are perhaps 300,000 fonts in the world today, contained within about 60,000 font families (representing variations of a single font.) Those 300,000 fonts are not your biggest concern; however, the fonts that are used in your own advertising – from your website to print to signage to apparel – should all be singularly consistent. Fonts are one of the key components of branding, where “close enough” or “looking nice” is just not good enough to protect the integrity of your business.

There is only one font that represents such universally recognized brand names as Ford, Coca-Cola, AT&T, and Kleenex. For example, the font used in the Coca-Cola logo is called Spencerian script, a popular font in the United States from about 1850 to 1925, adapted by Coca-Cola in 1885 with special alternate character ligatures for the capital letters “C”. Needless to say, that font has shown some staying power! Also script based, the Kleenex logo is based upon the Montauk Pro Bold font, with proper kerning to connect the letters as if they were written with one continuous swipe of a marker.

Fonts such as these were not chosen randomly, even though we years later think of them as everyday acquaintances. The characteristics of various fonts trigger a series of predictable emotions – from strength and reliability and trustworthiness to modernity and cutting edge and fun. These fonts then go hand in hand with color, which is also anything but random. I still own sets of the old Pantone^® Process Color System swatch books that were the color reference standard in the days before the personal computer came into everyday usage. Those color values allowed designers to communicate color values with a consistency from one project to another, allowing for the matching of very specific colors on press. In theory, computers and monitors today can reproduce as many as 16.7 million colors, described as various combinations of red, green, and blue (RGB) color pixels. In practice, those colors are often difficult to share from one computer to another because identical colors may appear with considerable differences when viewed on two uncalibrated monitors.

Then there is the issue of the differences between the RGB (monitors) and CMYK (print) color spaces, which do not even come close to perfectly overlapping and translating from one to the other. Generally speaking, if colors are to be reproduced both online and in print, it is necessary to work in the CMYK color space, where the differences will be less pronounced when converting to RGB than when converting in the opposite direction. None of this is particularly easy, which is part of the rationalization for turning to experts for assistance. When you thought Kodak^®, you thought yellow and red, and when you think UPS^®, you think brown, but the world has gotten more complex. Fonts and colors are only two components that come into play in the design of an effective logo that will stand the test of time. (Keep Coca-Cola in mind as your long-term goal!)

You can design your own logo, use clipart, buy one online for $79.00, or find thousands of graphic design hobbyists who will design you a logo, of sorts, for $5.00 on fiverr.com. You will get what you pay for. Work with a single designer (it is not a competition!), expect multiple concepts and revisions, reject clip art, expect multiple formats including a vector file, and expect to pay a fair price. Ask yourself if that designer in Bangladesh or the Philippines has any understanding of the concept of camping.

Along with a logo, try to develop a tagline, something that is clever, not a cliché. It is almost not necessary to identify the companies associated with the following taglines, but I will disclose them at the end of this article if you happen to get stumped on one:

• Can You Hear Me Now?
• Where’s the Beef?
• When You Care Enough to Send the Very Best.
• Think Small.
• Just Do It.
• We Try Harder.
• You Deserve a Break Today.

Franchises from McDonald’s to Kampgrounds of America (KOA) recognize the importance of consistency in everything from fonts to colors to taglines, but you do not need to run a franchise business in order to think smart like one. Once you have established your branding, it needs to be used everywhere, without exception. This includes your signage, your building exteriors and interiors, and your apparel and branded merchandise. Branding is inherently not “generic” in any sense of the word. When there is a range full of cattle that all looks alike, you need to make your cattle stand out from the rest. It’s all about branding.

(Need help with matching the taglines with their corporate parents? Here you go: Verizon, Wendy’s, Hallmark, Volkswagen, Nike, Avis, and McDonald’s.)

Most people realize that the ultimate in cyberwarfare would be for one country to take down the power grid, telecommunications network, financial industry, or military and defense networks of a foe country. There is no doubt that the United States, Russia, China and other countries maintain this capability but wisely withhold use of this “nuclear option” in cyberwarfare, although there have been instances where the waters have clearly been tested. As has been recently demonstrated, cyberwarfare tends to take a much more subtle and individualized approach, exploiting weaknesses in things like social networks and ballot tabulations. The same sort of approach, where individuals are targeted, is generally practiced in cybercrime, the aggressive bully that is the awkward little stepbrother of cyberwarfare.

Cybercrime takes a variety of forms but generally targets either individuals or individual companies. Small businesses, where there is often only a subtle distinction between a business and its owners, can be particularly vulnerable. In most instances, the criminal activity exploits vulnerabilities in the security practices of the target. These vulnerabilities include the failure to apply software patches and updates, unsecure office practices, and the use of weak, old, and/or repetitive passwords. The results include the easy entry of computer viruses and malware that can turn a computer into a bot on a criminal network or install ransomware that will hold a computer and its files hostage. The same vulnerabilities lead to the proliferation of phishing attempts and other email and telephone scams where the senders or callers impersonate trusted companies in an attempt to obtain passwords, secure information like social security numbers, your credit card numbers, or remote access to your computer.

One of the latest trends in cybercrime exploits a combination of known hacks and personal fears and anxieties. As most of us know, there have been a number of major websites that have been hacked in recent years, some instances more widely publicized than others. The ultimate victims are the individuals whose personal data has been breached and compromised. The term “pwned” originated in early online gaming as a typographical error in the word “owned”. If you have been “pwned”, it means that your personal information is now “owned” by others. To see if your personal data has been “pwned”, visit the “Have I Been Pwned?” website and enter your email address. At the time of this writing, there are 296 websites that have been “pwned” with over 5 billion accounts compromised. Some of the websites that have been hacked include Adobe, Ancestry, Avast, Comcast, Dropbox, Exactis, Experian, Forbes, Kickstarter, LinkedIn, MySpace, River City Media, Snapchat, Ticketfly, tumblr, and Yahoo. This list includes websites that you have probably used, and in all likelihood, your personal information has almost certainly been hacked. In my own instance, my email address has been compromised in 10 of these major hacks, most recently the Exactis hack in June 2018. That recent hack disclosed credit status information, dates of birth, email addresses, income levels, marital statuses, names, phone numbers, physical addresses, and much more from 340 million personal data records.

Stolen passwords are then readily exchanged, sold, or even made freely available on a number of forums and so-called “pastes”, utilized by cybercriminals who are well aware of the human tendency to reuse usernames (many simply the users’ email addresses themselves) and passwords across a variety of websites. Security breaches like the Yahoo and Dropbox hacks go back to 2012. Although savvy Internet users will have changed their passwords on those sites long since then, if those same passwords were used on other websites, the vulnerability remains. More recent hacks will expose passwords that are currently in use, demonstrating a strong argument in favor of changing passwords on a regular basis.

With this combined background information in mind, you will understand how I felt both alarmed and violated when I received an email one evening back in July that made it past the Gmail spam filter. The subject line included a username and password combination that I frequently used 10 or 15 years ago, indicating that somebody had gained access to my personal information, even though it no longer represented valid credentials. The email had successfully caught my attention and, at first glance, seemed like there could be cause for concern. It went on to allege that a visit to pornographic websites led to the installation of remote access and keyboard logging software on my computer that gave the hacker complete access to my email and social media address lists, as well as my computer’s microphone and camera. Cutting to the chase, the sender was threatening to send a compiled split-screen video of the sites I had visited, along with my “interactions” with those sites, to my friends and family members as allegedly compiled from access to my computer. The only way to prevent this from happening was to pay $3,200.00 in Bitcoin (a cryptocurrency that is popular with online thieves) using a key that was provided.

The facts that I do not spend my time visiting pornographic websites, do not have either a camera or microphone installed on my computer, would immediately know if somebody had remote access to my computer, my passwords are highly secure, and Trend Micro Maximum Security software shows that my computer is free of any malware, spyware or viruses, still left me feeling personally violated. The following morning, I spoke with an agent at the Federal Bureau of Investigation’s Boston field office who told me that this extortion scam had been circulating quite widely throughout the month of July 2018. (In fact, I found a variation in my spam folder a couple days later, with this second thief only seeking $250.00 in Bitcoin.) The agent also told me that there were people who reported receiving variations that were sent through the mail. I also have friends and clients who told me that they have received the same sort of email during the same time period and as recently as last week. I went on to file an online complaint with the FBI’s Internet Crime Complaint Center, commonly referred to as the IC3. There is also a page on the Krebs on Security website that outlines the “Sextortion” scam and currently includes nearly 1,000 comments from people like me who have received the emails and are trying to warn others from falling victim.

The lessons to be learned are to:

• Be aware that your personal information has been stolen, probably on multiple occasions.
• Your personal information can be used in extortion attempts.
• Minimize vulnerabilities on your computer and run up-to-date security software.
• Never trust any email that sets a deadline or seeks payment in cryptocurrency.
• Never make an extortion or ransom payment.
• Notify legal authorities if you are a victim.

It is challenging enough running a small business these days. Nobody needs to waste time, worries, or money with the perpetrators of online scams, who are going to continue to evolve into using more creative and credible formats.