In the campground industry, there are instances where it makes sense to change the name of a business, particularly if the old business name is too closely associated with a previous owner or has garnered a questionable reputation. In other instances, a park will change its name when it joins a franchise system and adopts the name that is assigned to its local area. Sometimes new owners will want to make a fresh start, after purchasing a park that they love that comes with a name that strikes them as less than well-informed.

Name changes are neither simple nor inexpensive. When Nissan decided to change its brand name from Datsun to Nissan back in 1984, its direct costs were said to be $500 million. It cost the company $30 million just to change the signs of 1,100 dealerships, as well as another $200 million to replace the “Datsun, We Are Driven!” ad slogan with a new campaign designed to build its new identity. Name changes should not be taken lightly because they carry innumerable costs, including the following:

• Filing changes and paying the associated fees with your Secretary of State
• Updating business registrations and licensing
• Checking trademarks
• Designing a new logo
• Replacing signage
• Replacing all of your advertising materials, from business cards to your website
• Checking the availability of a new domain name (which may, in itself, determine or at least influence the new business name)
• Taking measures to ensure that traffic from your old website redirects to your new site, without the new site needlessly taking a hit in its search engine ranking
• Correcting listings on every website that references or links to your business

The website-related issues start with checking on the availability of a new domain name that will well-represent the new name of your business. To do this, you cannot simply enter a URL into a Web browser and presume that it is available because a website does not appear. You need to perform what is called a “whois lookup”, and a quick and easy way to do that is to go to https://whois.com/. If your first choices are already taken by similar businesses in other states, that might impact your choice of business name. Even without taking potential trademark issues into consideration, any businesses with the same name are going to confuse consumers looking for your site and will probably adversely impact your search ranking for years to come. Keep in mind that you do NOT want to settle for a non-dot.com variation of your desired domain name because too many people who see a .xyz, .dot, .fun, or .web URL will not recognize it and will type in the .com variation anyway.

In order to ensure that traffic from your old website will redirect to the equivalent pages on your new site, have your webmaster employ what are called “301 redirects”. These will seamlessly send visitors to your new site while signaling search engines to update their links. If you have a series of alternate domain names, either referencing the old or new business name, you will also want to set those up as domain aliases so they will direct visitors to your new online presence. Of course, you will probably want to reference the old business name on the new site, at least for a year or so. Something like “Welcome to New Campground, formerly Old Campground!” will assure people that they have arrived at the right place.

Updating the links on all of the sites that reference your business will be perhaps the most time-consuming and potentially frustrating, yet critical, process. It is important to maintain your continuing flow of incoming referral traffic. Some sites will require you to log in to your account, others will have an update form, and some others might require a phone call or email. In each instance, you will want to update your business name and Web address; however, while you are there, check to see if anything else should be updated in the listing. Start with the most obvious and important resources, then work your way down the list. For campgrounds, the list will include:

• Your state association website
• National ARVC and the Go Camping America website
• Your listings with Google My Business and Bing Places for Business, which will also affect their respective online mapping resources, Google Maps and Bing Maps
• Good Sam and the campground listings on GoodSam.com
• Your Facebook page, including an update of your Facebook URL to reflect the new business name, and an update of your profile photo and cover image
• Any other social media accounts that you are using
• Campground review sites such as RVParkReviews.com, GuestReviews.com, and Campendium.com
• Broader review sites such as TripAdvisor and Yelp
• Your regional tourism agencies and local chambers of commerce, if you are members
• Any other referring sites that show up as significant sources of traffic in your Google Analytics

Finally, there are literally dozens of local directory sites that you will want to at least try to update. Although few people actually use these sites as resources when looking for campgrounds, these sites are important because they can influence search engine rankings. You can attempt to update these listings yourself; however, some will charge a fee, and whatever you update might still be undone by one of the data aggregators that feed these sites their listing information. Alternately, you can go direct to the four major data integrators to search for and update your listings:

• Factual
• Axiom
• Infogroup
• Neustar/Localeze

There are companies like Yext that will provide this latter service of updating your local directory listings for a fee. Another option is Insider Perks, a company that specializes in working with campgrounds, and probably a better choice. With everything involved on this checklist, maybe that old business name isn’t looking so bad after all. One thing is certain, and that is necessity to consider all of the costs in advance of making such an important decision.

Too many business owners stress over what their competitors are doing, when they would be better off concentrating on what their customers want. Campground owners are no exception. Probably the most common fear is having a rate structure that is higher than that of nearby competitors. One of the questions that I most frequently field – typically right after the first of the year – is “What do you see other parks implementing for rate increases?” The insinuation is that unilaterally raising rates will somehow lead to a mass exodus of campers toward the lower-priced parks. This notion presumes that camping is a commodity where decisions are solely based upon price, without regard for customer loyalty or the many features and amenities that differentiate one park – or one campsite – from another.

A Glampsite at Cape Cod Campresort

That logic might apply to campers who are looking for nothing beyond the basics … the same customers who are not going to spend any money in your store or for added services, and who are the most likely to complain about everything from guest fees to your “no refund” policy. On the other hand, there is a growing and lucrative market of campers who are seeking out – and willing to pay for – little extras in their accommodations. Whatever the sites might be called, there is a growing demand for premium, premier, and super deluxe campsites. I reached out to the owners or managers of three parks that are noteworthy for fearlessly raising their rates on their upper tier of sites, and I asked them to share their thoughts on their experiences. We are all familiar with the aphorism that “a rising tide lifts all boats,” summarizing how everybody benefits from those who are willing to lead rather than follow. The entire campground industry can thank parks like these that have taken the initiative to lead rather than follow.

Wells Beach Resort

Wells Beach Resort is a family-owned and operated campground that is in its 48^th season of business along the southern coast of Maine. Kevin Griffin commented how his father, Ken Griffin, began converting standard RV sites into premium sites about 30 years ago, as a means to better satisfy changing customer demands and raise site rates. According to Griffin, “It was a decision that we’ve never regretted, but at the time it was something of a risk, not knowing if the added premium site features (e.g., carpeted patios, 50 amp electrical service, larger parking spaces) would be worth the investment. We started converting sites slowly but were pleasantly surprised to discover that there was a very strong customer demand for upgraded sites. Weighing costs against benefits, we decided to accelerate the site conversion process over a span of decades. Today about one-third of our sites have been converted from standard to at least premium status. We also have a newer class of upgraded premium sites that we call ‘Premier.’ Our Premium and Premier sites have nightly rates that are approximately 10 to 20 percent higher than our standard RV sites, but the demand for upgraded sites is still greater than the demand for less expensive standard sites.” He concludes that, if park owners are looking for a way to make customers happy while simultaneously increasing their pricing power, upgrading standard RV campsites is definitely an avenue worth exploring.

Black Bear Campground

In his travels along the West Coast, Frank Merrick, manager of Black Bear Campground in the Hudson Valley of New York, had noticed the trend toward offering true 100-amp service at RV sites. Making 50-amp service available on two separate power pedestals or through two power boxes at one source at individual RV sites allows campgrounds to accommodate the largest of all-electric rigs, which are gaining in popularity. Merrick decided to offer a limited number of true 100-amp sites at his park, in an attempt to draw these larger, all-electric models to the area. These sites were created and offered at a premium price, approximately 10% higher than the existing full-hookup sites at the park.

According to Merrick, “Results were positive as 2018 bookings began to increase, with a sizable percentage of new reservations requesting the premium sites.” As it turned out, only a few of these RV’ers had large, fully-electric rigs that truly required the 100-amp service, while most simply desired – and were willing to pay for – the larger sites that include this service option. Recognizing that opportunity, Black Bear decided to make these sites even more appealing by adding a few more features: a sod grass ‘back yard’ with rows of small privacy trees at either side, offering a bit more shielding from neighboring sites; two picnic tables per site, with a rock-lined pathway to the table in the ‘back yard’; and both a standard fire ring and a cemented iron grill at each site. According to Merrick, “the front and service area of each site was rocked with I9 for a comfortable spot to park an RV and any accompanying vehicles.” He added that “the rock also eliminated the need for grounds maintenance to mow or power trim directly next to a customer’s RV, lessening the possibility or occurrence of damage by the maintenance equipment.” Most of the items needed to upgrade these sites were already on hand at the campground, minimizing the cost of the aesthetic improvements, especially when compared to the number of bookings at the increased rates for these ‘Premium Sites’.

Cape Cod Campresort

Anthony Newman Sr., the owner of Cape Cod Campresort in Massachusetts, has been offering his campers ‘Glampsites’ for five years as of 2018, upgrading many of the existing sites and cabins to the park’s ‘Glampsite’ class of service. According to Newman, “We have seen little to no resistance to price increases which represent a minimum of $10.00 extra per site per night at this time. Typical upgrades to sites include pavement on the actual site pad, barbecue grills, paver patios, upgraded fireplaces, a grassy picnic area, upgraded picnic tables with umbrellas, and pea-stone parking spaces. The sites are very eye-appealing and we are finding almost 100% repeat requests for these sites despite the added cost.” Newman says that his average cost to upgrade one of these sites is $2,500.00; however, he says that his seasonal guests are willing to pay $1,000.00 extra for a ‘Glampsite’ and that the park actually has requests from existing seasonal campers willing to pay extra if their site can be ‘Glamped’. Newman concludes, “We figure in general about a two to two and half year payback on the upgrade investment. We plan to continue upgrading at least 10 more ‘Glampsites’ each year.”

Based upon the proven experience at these three parks, where management was not afraid to get ahead of the curve in offering guests premium amenities at a premium price, following suit in your park would appear to be a far less than risky venture. In fact, it is likely far riskier to maintain the status quo by continuing to market your park to a base of campers who make their decisions primarily upon price.

In recent months, I have been taking the “10 Steps for Securing Your Digital Identity” seminar – that I first presented at the National ARVC Outdoor Hospitality Conference & Expo in Raleigh in 2017 – on the road, with presentations before several state association meetings. The information in the seminar, drawing parallels between the 2017 Equifax security breach and the risks that face small businesses like yours and mine, seems to continually grow timelier with each presentation.

Equifax has admitted that more data was compromised than was originally disclosed, the Internal Revenue Service (which cancelled a no-bid contract with Equifax) urged taxpayers to file their returns as early as possible in 2018 because a stolen identity can lead to a stolen tax refund, and Facebook admitted that it profited from personal data that was exploited by Cambridge Analytica for nefarious marketing purposes. That latter instance forced Facebook CEO Mark Zuckerberg to uncomfortably don a suit and tie, and led to the May 1, 2018 announcement by Cambridge Analytica that it was shutting its doors and initiating bankruptcy filings in both the United Kingdom and the United States.

Some people have suggested disconnecting from the Internet and deleting their social media accounts. The former suggestion is highly impractical in today’s interconnected world, and the latter suggestion – perhaps laudable – in unnecessary if some common sense precautions are exercised. Let me share just two of the highlights from my seminar that will help you to secure your digital identity.

Passwords

There is no easier way to ensure that your identity will be compromised than by using weak passwords, the same password for more than one account, or a password that you have not changed since the sun started rising in the East. A weak password is like the old skeleton keys that could open every door in the neighborhood when I was a child. If you think that your password is secure, you can quickly test its strength online at https://howsecureismypassword.net/. You do not want a password that can be cracked in seconds, minutes, days, weeks, months or even years, but a password that would require millions, billions or trillions of years to crack. I recommend tools that generate secure random passwords, such as the one at https://passwordsgenerator.net/, where secure passwords typically consist of a minimum of 16 characters that mix upper and lower case letters, numbers, and special characters.

Another option is to use four totally random and unrelated words in succession, such as kitten, faucet, maple, and magnet: kittenfaucetmaplemagnet. According to the online test, that example would take 277 trillion years to crack. The only problem is that most of us find it difficult to think in such a random manner. However, if you make a conscious effort, you can generate a highly secure password that should be relatively easy to enter into a keypad. The most common complaint even then is that secure passwords are difficult to remember.

The solution is to use one of several available password safes, including LastPass, Dashlane, and Keeper. These all work with Windows, Mac, iOS, and Android operating systems, have plugins for popular browsers, include two-factor authentication, offer fingerprint login on mobile devices, and have free versions which are usually all that you need. You only need to remember one highly secure master password. Even if that master password could somehow be hacked, nobody could log into your account thanks to two-factor authentication. If somebody attempts to log into my own password safe (which has happened more than a dozen times from hackers around the globe), they would have to know my master password (good luck!), then – because they would be logging in from an unrecognized device or IP address – they would also need to steal my phone AND know how to unlock that device in order to enter the two-factor authentication.

Software Updates

The massive Equifax security breach was the result of the company’s failure to install a patch in universally used Apache Struts open-source software in a timely manner. The Apache Foundation discovered a vulnerability in its software on March 7, 2017, announcing and patching that vulnerability the same day and issuing a subsequent patch three days later. Equifax failed to apply those urgent security patches for at least two months, resulting in a hack that compromised virtually every consumer in America, including at least 209,000 credit card numbers. Offering free identity theft protection and credit card monitoring service is a poor substitute for basic responsibility. In the fallout, Equifax’s CEO was forced to resign, its stock value plummeted by over 30% almost overnight (only recovering half of that loss at the time of this writing), it lost that multi-million dollar no-bid contract to provide taxpayer identity services for the IRS, and the company’s name is now almost always followed by the words “security breach.”

What are the lessons to be learned by your small business? First and foremost, it is critical to run the latest operating system and updates on all of your computers and mobile devices. If you are running a Windows computer, this means running the latest version of the Windows 10 operating system. Microsoft’s support for Windows Vista ended on April 10, 2012; support for Windows 7 ended on January 13, 2015; and support for Windows 8/8.1 ended on January 9, 2018. If you are running any of those operating systems, your computer and the files that it contains are at high risk. It is also important to be running the latest version of Internet browsers, such as Chrome, Firefox, Edge, and Safari; plug-in software such as Adobe Reader, Adobe Flash Player, and Java; and a reliable anti-virus software suite from companies like Avast, Trend Micro, Webroot, or Bitdefender.

Hack attacks are continuous and ongoing, seeking out vulnerable passwords and vulnerabilities in software. Without taking basic precautions, you could become the next victim of identity theft, be subjected to ransomware demands, have your credit card information stolen, or compromise the personal information of every one of your customers. The resulting impact could be devastating for your business. The days have long past when any business, large or small, can afford to take anything less than a vigilant stance when it comes to securing its digital identity.

Successful business concepts today generally involve entirely new ways of thinking. In the world of computer software and mobile apps, the terminology is known as disruptive technology, and it refers to the fact that nothing really new or transformative comes from simply applying a new coat of paint or polish to something old and familiar. In a broad sense, the personal computer and the cell phone were among the greatest disruptors of recent time.

If you go back in time, other ground-breakers included the friction match, the printing press, the incandescent light bulb, the internal combustion engine, film, radio, television, and so on. Certainly, some of these inventions evolved over time rather than instantly bursting onto the scene. Television, for example, gradually evolved from radio to the flat-screen displays of today.

From the dozen local VHF channels of the early years, came UHF adapters, cable, and satellite systems that now bring hundreds of programming options into the home of any subscriber. Even the remote control has evolved by leaps and bounds from the original Zenith Flash-Matic, introduced in 1955, to the programmable, multi-function devices of today. I remember a very primitive one-button remote control on my family’s Sylvania console TV back in the 1960s. We could not watch TV during a thunderstorm because lightning made the remote control go crazy, endlessly changing the channels on the motorized tuner!

Disruptive ideas are far from limited to the technology industries. In the customer service industries, we need to think less like our grandparents and more like our next generation of customers. For campground owners, this means thinking outside the box, seeking out the next new idea that will appeal to your guests. When was the last time you invested in a major piece of new recreational equipment? Not simply a new playground, but things like a fitness course, canine agility park, jumping pillow, gem mining station, laser tag, or spray park. And when is the last time that you really shook up your activities schedule, adding an event or two that will run the risk of being ahead of its time but that could also prove to be overwhelmingly popular?

There are a couple businesses in New Jersey that fall under the “who wudda thunk it?” head-scratcher concept category. Stumpy’s Hatchet House was founded in 2015. Its first location, in Eatontown, was the first indoor hatchet-throwing facility in the United States, probably a lot more fun than either bowling or darts. Customers pay $40.00 per person for a two-hour session that includes safety training, a lesson, hatchet rental, and use of a hatchet pit. A separate party room can be rented by groups, or the entire venue can be rented for $1,500.00 per hour (up from $1,000.00 a year ago.) Spectators (referred to as “non-throwers”) pay a cover charge of $15.00 each. Stumpy’s is opening 3 more locations in June 2018, with a total of 12 locations soon to be in operation in 7 states.

Located in West Berlin, New Jersey, Diggerland USA is the first and only construction themed adventure park in North America, where children and families can drive, ride and operate actual heavy construction machinery. The park covers about 21 acres and is comprised of over 25 attractions, the majority of which are real, diesel powered, full size, pieces of construction equipment. Guests who visit Diggerland USA can drive full size backhoes, dig giant holes with real excavators, and operate just about every sort of construction machine you might imagine. Guests pay $129.00 for a one-hour package operating one machine, $258.00 for a two-hour package operating two machines, $387.00 for a three-hour package operating three machines, and an extra $395.00 to smash a car. There are also group packages and special adult sessions called Diggerland XL, designed for adults over the age of 18 and including more unrestricted equipment operation.

Both of these businesses fall under the umbrella category of the adult fun industry. Time will tell whether these ventures will take off and succeed in the long run, but most service businesses today are not planning where they will be 50 years from now. Serial entrepreneurs work within a far shorter time-frame (typically 10 years) within which to take risks, hopefully profit, move on to the next venture, and sell to a new investor. When you come right down to it, how many campgrounds are not currently for sale, given the right price and circumstances, along with a ready and willing buyer?

A park that embraces concepts on the cutting edge (no hatchet-throwing or excavator puns intended) will profit in the short run and tremendously increase its value in the long run.

You have no doubt heard about the GDPR, and you may think that it has nothing to do with you. First of all, what is the GDPR? Unlike the DPRK, which is also in the news quite a bit lately, the GDPR is based in the European Union, not North Korea. It stands for the General Data Protection Regulation, and it goes into effect on May 25, 2018, with the intent of standardizing data protection rules across the 28 member countries of the European Union, from Austria to the United Kingdom (yes, despite Brexit, the United Kingdom remains an EU member until March 29, 2019.) With additional countries currently seeking admission, there are only a few European countries (most notably Russia, Ukraine, Norway, and Switzerland) that are neither members nor in the process of joining. The GDPR is designed to protect the personal privacy rights of citizens who reside within the EU, through the implementation of data protection standards by companies based in the EU itself and global companies that either process or control the personal data concerning individuals who reside in the EU.

Although the owner of a small campground in Oklahoma may not think of his business as a global enterprise, the Internet has made this planet a very small world indeed. Campgrounds near international tourism destinations like New York City, Washington DC, or units of our National Park System certainly recognize their percentage of guests from outside of the United States, many of whom originate from within the European Union. In fact, I have written in the past about measures that park owners can take in order to pursue a larger segment of international tourism business. Unless you are going to take the extreme (and suicidal, from a business development standpoint) measure of banning guests from Europe, the new regulations apply to your business. It is better to embrace the standards now because these new standards are likely to be broadly embraced around the world in the coming years. Which one of us, as individual members of the world society, is not in favor of improving standards to protect our personal privacy?

Some people dismissively think that they can ignore the new GDPR rules, foolishly assuming that they cannot possibly be enforced or that their small business would certainly never be targeted. As Americans, we get inundated with a daily barrage of telemarketing phone calls and junk faxes despite the fact that they are prohibited by the U.S. Telephone Consumer Protection Act, and we have all been the victims of widespread security breaches where companies like Equifax get virtually slapped on the wrist. Well, change is in the air.

What Does It Mean For You?

The new rules require a higher standard of consent in the gathering of personal data, broaden the rights of individuals to demand that their personal data remain private, and establish enforcement powers that include some substantial files for violations. If your website, like many if not most, is running Google Analytics, Google Tag Manager, or similar analytical software, you have probably received notices from Google, requiring that you update your agreement and provide your company’s legal name and contact information, a process that shifts the burden of ultimate legal responsibility from Google to your business. If you are familiar with Google Analytics and have evaluated your analytical data, you know how it can map your website’s traffic volume down to the local level, based upon the IP addresses of individual computers and mobile devices. The information falls just short of identifying a specific visitor to your site as Liam Andersson, at 211 Svarvargatan in Stockholm, Sweden; however, the IP address of a user’s computer constitutes personal information under the new regulations.

If you are advertising your business using online tools such as Google AdWords, Bing Ads or Facebook Advertising, you are probably fully aware of how that advertising can be targeted toward specific countries. Targeting any EU countries identifies your company as one that is specifically processing data from individuals who come under the protection of the GDPR. Although many American campground websites have dedicated French language versions (if they cater to a French Canadian clientele) or Spanish language websites (in order to reach out to the growing numbers of bilingual Americans), having dedicated website content (not simply the availability of a Google Translate tool) in French (even FR-CA, as opposed to FR-FR) or Spanish could also be interpreted as an effort to market to individuals in France and Spain. Clearly, this gets complicated.

There is no question that companies like Google and Facebook will be modifying the ways that they gather and process personal data, in order to safeguard their own interests; however, your individual business is also going to have to take certain measures in order to comply with the new GDPR rules. If your park belongs to a franchise that has its own assets to protect, such as Leisure Systems’ Yogi Bear Jellystone Parks, your compliance needs to be assured. None of this is particularly easy, but it is all unquestionably necessary.

What Do You Need to Do?

First of all, you need to recognize that, even if you are not specifically targeting or marketing to consumers in the European Union, people residing in the member countries are likely to be visiting your website. For that reason alone, it is necessary that some modifications be made to your site, particularly if it involves the sale of any type of merchandise or has any sort of form that compiles personal information. This would include reservation request forms or any third-party software that processes reservations on your behalf. Those forms must be modified so that users specifically consent (opt in) to the gathering of their personal information (in other words, no permission boxes that are checked by default), and they must have a clear option to withdraw their consent. These processes must be very clear, specific and unambiguous, and you must have a means to immediately halt any data processing upon request.

Your website should also have a privacy policy that is associated with any e-commerce or form that gathers personal information. That privacy policy must be updated to reflect the new GDPR requirements. If it does not already do so, your privacy policy should specify that your website is not directed toward children (although, unlike alcohol-related sites as an example, an age gate does not need to be in place), whether or not it is using cookies or tracking technologies that might be out of compliance, how your website is identifying user locations (Google Analytics or Google Tag Manager, for example), whether you are collecting email address for marketing purposes (again, clearly specifying opt in and opt out procedures), whether you are collecting phone numbers and for what purposes, and how and where your data is stored.

Your level of exposure to the new GDPR rules should also address a series of European-specific questions. These include whether or not your site accepts payments in currencies other than U.S. dollars (it should not), whether your site is advertised or specifically marketed in any way toward European consumers (if so, you may want to reconsider this practice for the time being), whether your site blocks or diminishes content to European users (for example, disabling reservations – a rather extreme measure), and whether or not your site gets any significant traffic from users in Europe.

Although it is your responsibility to update any agreements with companies like Google and Facebook, many of the necessary steps will require either assistance or implementation by your webmaster or third-party reservation service providers. Keep in mind that this will involve additional services that will almost certainly incur additional fees. Maintaining standards that respect personal privacy go beyond your website and must influence your internal business practices, including the secure storage of customer data. We are living in a complicated world where, ultimately, we are all consumers with rights that need to be protected.

One of the perennial challenges facing campground owners is the struggle to find high caliber seasonal employees. Particularly when unemployment is as low as it is these days, it is not easy to find people who are anxious to clean toilets, mow lawns under the mid-August sun, or rake pieces of broken glass out of campfire rings. You understand because these are the types of jobs that you do yourself whenever necessary.

There is no question that those of us who run our own businesses think it is entirely normal to work 60+ hour weeks, to be on call when we are not working, and to grow accustomed to income uncertainty. I doubt that there has ever been a campground owner who has not at least occasionally been able to divide income earned by hours worked to find that his compensation calculated out to a fraction of minimum wage.

With that perspective as a backdrop, campground owners must nonetheless face the challenges of recruiting a qualified workforce. Larger parks that need to hire a hundred employees clearly face a more formidable task than smaller parks that get by with a half dozen multi-tasking workers. Complicating recruitment is the fact that most campground jobs are temporary and seasonal, forcing parks to compete against theme parks, golf courses, landscaping firms, farms, and any other businesses that are concentrated within the same limited tourist season.

Students on summer vacation and recent college graduates quite naturally come first to mind; however, many of them are still fantasizing that they should be earning six-figure incomes while doing nothing but sitting behind a desk. Then, there is the problem of schools resuming their fall sessions, often even before Labor Day, while your business is still at its peak. It is no wonder that I noticed the local Six Flags theme park holding recruitment days as early as January, hoping to fill up to 1,000 jobs prior to the park’s soft opening in April. I have also noticed over the last several years that the majority of lift attendants at U.S. ski resorts are South American college students who were recruited from the southern hemisphere to work in the cold during their summer vacations.

There are plenty of other businesses that face seasonal workforce challenges. Perhaps the most well-known is Amazon, a company that must recruit armies of warehouse workers to meet the demands of the spike in business that occurs during the holidays each year. In fact, Amazon has set up its own recruitment organization, called Amazon CamperForce, a name that has its origin in the fact that most of those workers are full-time RV’ers who have traded in their home mortgage payments for the freedom of the open road. Some the victims of corporate downsizing or plant closures, some former professionals who have grown restless with retirement, and others simply natural-born nomads, these mostly older folks tend to supplement their retirement incomes with seasonal employment.

When the holiday season is over at Amazon, that at-will workforce hits the road and heads in the direction of its next seasonal jobs, often found through advertisements in publications like Workamper News and Workers on Wheels or booths at camper rallies and outdoor festivals. Amazon CamperForce itself has partnered with campgrounds in 27 states – from Alaska to Florida – that help to provide a degree of employment continuity for those warehouse workers who are no longer needed after December 23rd.

When it comes to temporary seasonal employment, most businesses have a strong preference for the work ethics of older employees, and the job at your campground is much more appealing than running the concrete floors of a regional Amazon warehouse or harvesting crops under the sweltering sun, according to “Nomadland: Surviving America in the Twenty-First Century”, a 2017 book by author Jessica Bruder that paints a somewhat biased and less than flattering picture of the “work-camper” movement.

Seeking practical advice from campground owners with long histories of hiring experience, I asked several to share a few of their recruitment secrets. Those owners were Jack Robinson, the second generation owner of Four Seasons Family Campground, a New Jersey campground that celebrated its 50th anniversary in 2017; Leslie Baum, a second generation owner of Otter Lake Camp Resort, a larger park in the Poconos of Pennsylvania; Beth Ryan, the owner of both Lake Huron Campground in Michigan and the Keystone Lake Jellystone Park in Oklahoma; and Cathy Reinard, who has owned several parks, most recently New York’s Copake KOA.

The common thread among most of these park owners is probably Workamper News, a service that has been providing frameworks for connecting RVers with employers throughout North America since 1987. Workamper News is a bi-monthly printed publication, and Workamper.com is its online companion, each offering a wide range of free listing services and paid advertising options. Reinard says that Workamper News works best when her park is looking for employees at least six months in advance. The primary market here consists of older folks, often retired professionals who could be real assets to their employers, but the employee who you want to start working in April could be committed to another position thousands of miles away until then. Both Reinard and Ryan mention how providing a free full hookup site and free electric are real incentives for employees who are living out of their RVs and would otherwise have to pay to stay elsewhere. Ryan also offers an end-of-season bonus as incentive for workers who stay for the intended full term of their employment. On the other hand, Reinard points out that she still prefers local hires, where she does not have to lose the income that a seasonal site would otherwise generate, while gaining a greater likelihood of continuity of employment from year to year.

To find these local hires, three out of these four park owners turn to the guidance departments of local high schools and community colleges, even posting flyers on campus bulletin boards when permitted. Bulletin boards in general can be highly effective. There is a bulletin board outside of the pharmacy in my small town that is widely read. Reinard relates how she posted a job opening on the bulletin board in a local laundromat, leading to the hire of a new member of her housekeeping staff. The park owners say that they have also posted classified ads in local shopping guides (controlled circulation newspapers that are found in many local markets), Craigslist (where employment adds incur a $15.00 fee but typically generate many qualified responses), and Indeed (where employers can post jobs for free or pay per click for premium listings.)

Although many parks have a habit of posting job openings on their Facebook pages, Reinard cautions against this practice. She very succinctly states, “You do not want to appear to be one of those parks that are always looking for help (sending a wrong message to your guests who follow you on Facebook). If you are one of those parks, you need to take a hard look at your business and figure out why you have a problem.”

Some park owners also implement their own personal recruitment efforts that are loosely based upon the CamperForce model, except without the wheels. For example, Baum’s son is working a winter job at a nearby ski area, where the park is hoping he will be able to recruit a seasonal employee for the upcoming summer. She also mentions that her park pays higher wages than most other seasonal employers in the area, which also helps to encourage employees to return from year to year. Although the park owners also mentioned that they sometimes hire seasonal campers as employees, Reinard makes the point that she would rather avoid “mixing customers with employees”, preferring that they be one or the other but not both.

In addition to recruiting prior season employees for return engagements, Robinson summarizes employee recruitment at Four Seasons as “being visible in and interacting with the community” as the secret to his park’s success. The Robinson family has a strong presence in the Grange, the local fire company, the church, and the community in general. Their interactions with the families in these organizations spreads the word that they are in the market to hire young adults (primarily high school and college students.) According to Robinson, “There are families having three or four children, where all the children end up working for us – for many years.” This is a classic example where word of mouth has proven to be the most effective form of advertising.

With these peer insights as guidance; let’s hope that your park’s next recruitment effort will be its most effective ever!

I opened a box of breakfast cereal recently, and the inner bag of contents reached about half the height of the packaging. It was a classic example of the disclaimer that warns us that “contents are sold by weight, not volume”. If the packaging properly matched the size of its contents, it would have been half the size, have far less visibility on the supermarket shelf, and I probably would have passed on a purchase that did not appear to represent a very good value. You might say that I was deceived into making the purchase. Even though I liked the cereal, I am unlikely to purchase it again.

There are so many instances where corporate marketing decision-makers seem to underestimate the ability of their customers to make informed buying decisions and to alternately choose substitute products. Then there are instances that border on collusion, where companies follow the lead of a competitor who trail-blazes a reduction in product size without a corresponding reduction in price. For example, it only took one orange juice company to shrink its half-gallon container down to 59 ounces before every other company quickly followed suit. The same thing happened with ice cream, where the half-gallon container somehow evolved into a quart and a half. Perhaps the greatest offenses to consumer intelligence are meaningless comparison claims. I recently purchased a 50 ounce container of liquid laundry detergent where the label prominently stated “25% more ounces” (in a 36 pt. bold font) “vs. 40 fluid ounces” (in a 6 pt. light font). Needless to say, that claim did not influence my purchase.

Respect Your Guests’ Intelligence

People who feel that they have been somehow deceived into making a buying decision are almost never going to be return customers. When it comes to the outdoor hospitality industry, one of the biggest complaints is when guests feel like they are being “nickeled and dimed” during their stay. Although it is far preferable to avoid the imposition of add-on fees for incidentals like showers, Wi-Fi, or your planned activities, it is very important that any such fees be fully disclosed at the time of reservation. (One of my pet peeves is the imposition of so-called “convenience fees” for the making of reservations themselves!)

My best advice is to bundle as much as possible into your basic fees, promote the value within your rate structure, and stop presuming that people are comparison shopping for price without reading the fine print. One trend that I hope does not make inroads with the outdoor hospitality industry is the growing practice of hotels to impose so-called “resort fees”. This practice is so deceptive that it has generated lawsuits filed on behalf of consumers by 47 state attorneys general, who had recently negotiated an agreement with the Federal Trade Commission, until the Trump administration ordered the FTC to back off, siding with the hotel industry rather than the interests of consumers. Nonetheless, guests have little or no tolerance for deceptive rate embellishments.

Consider the All-Inclusive Approach

A far better – and opposite – approach is the all-inclusive concept, where guests are willing to pay a premium for the privilege of avoiding add-on fees. The all-inclusive concept originated with Club Med way back in 1950. It is the rule rather than the exception in some vacation destinations such as Mexico and the Caribbean. The concept has since been embraced by resort operators, cruise lines, travel agencies and online booking companies, several major airlines (including United, JetBlue, and Southwest), hotel chains (including Marriott and Hilton), and even wholesale buying clubs like Costco.

With all-inclusive pricing, as the name implies, guests willingly pay a premium fee for the privilege of vacationing without having to pull out their wallets throughout the course of their stay. All-inclusive pricing is most popular with destination resorts and highly competitive, saturated tourism markets. Probably the best known and most broadly marketed of these practitioners is Sandals Resorts International, which now promotes the tagline of “more quality inclusions than any other resorts on the planet”. Their all-inclusive stays include accommodations, dining, wine and spirits, golf, water sports, scuba diving, land sports, and entertainment. Even here, there are fee-based options such as spa treatments, premium wines, and scuba certification, as well as some restrictions on golf that vary from one resort or level of accommodations to another. The bottom line is that guests feel that they are being offered far more than they would otherwise expect.

Unfortunately, when I perform a Google search for the terms “all-inclusive campgrounds” or “all-inclusive camping resorts”, the results are pretty limited. I am more likely to find dude ranches, cabin resorts, and family resorts that do not fit the definition of a campground. Nonetheless, it seems that there is a small but growing list of campgrounds, ownership groups, and franchises that are discovering and beginning to capitalize upon the “all-inclusive” buzz words.

When I clicked through to the website of a campground in Michigan that calls itself “all-inclusive”, I found that it did not charge extra fees for most of its planned activities (something that is not all that uncommon); however, it charges extra fees for bike rentals, boat rentals, boat launching, and a few other “add-ons”. Another park in Wisconsin is promoting its all-inclusive pricing but is also charging for a short list of optional services that include boat and golf cart rentals, its laundry, and honey wagon service. Finally, a Jellystone Park in Texas is really promoting an all-inclusive pricing concept that includes full use of a wide range of recreational amenities – from miniature golf to a jumping pillow to a splash park. In each instance, the point of emphasis is not the list of fee-based options but the list of what is included at no additional charge.

The key to growth in the family camping industry has always been to draw in a new wave of guests who do not currently consider themselves campers. To reach them, offer them the unexpected and create the perception of overwhelming value that they have come to appreciate elsewhere. An all-inclusive approach to pricing may prove to be an idea whose time has come.

For campgrounds in Canada and the northern states, winter is the off-season. Whether or not the owners are fortunate enough to spend their winters in Florida or other Southern climes, their parks are usually operating with skeleton staffs or are totally vacant, with hopes that off-season income will cover their utility bills and mortgages. Either way, the off-season is the prime time for campers to make reservations for the upcoming season, and it is also the time when you, as a campground owner or manager, are likely to have the least number of interruptions competing for your attention.

We all tend to think that technology makes life easier, believing that it can simplify the task of generating a new stream of business. While there is some truth to that idea, the fact is that the most effective technologies require a commitment of both time and old-school business practices. If you are a small business owner, the time that must be invested is quite likely to be your own.

The Internet is often seen as a technological panacea with respect to the harvest of a new base of customers. For campgrounds, the entire online process is typically funneled toward online reservations, the outdoor hospitality industry’s equivalent of e-commerce on Amazon. Unfortunately, many people still buy into the “if you build it, they will come” concept that was the mantra of the 1989 fantasy-drama film, Field of Dreams. Things are not that simple in real life, and the reservation process rarely flies on autopilot.

In many instances, prospective online customers have pre-purchase questions that must be answered prior to making their decisions. These inquiries are almost always going to involve either email or a phone call, with the customer expecting a prompt response (in the case of email) or an immediate response (in the case of a phone call).

If somebody is determined to camp exclusively at your park, they may be more patient in awaiting a response to an immediate question; however, a camper who is seeking a park in your local area may very well be contacting you and several of your competitors. Being the first to respond is the equivalent of getting your business to appear at the top of the Google or Bing search results.

If you are away from the office, either make arrangements to access and respond to your emails or delegate that responsibility to a trusted employee. Never use an auto-responder, which simply encourages the recipient to look elsewhere. Try to use personalized templates that will streamline the response process and that will minimize the number of back-and-forth emails that must be exchanged. Next, check to ensure that the sender name on your emails is clear and intuitive to the recipient. It should include the name of your business. I am amazed at how many emails arrive in my inbox identified solely by vague sender names such as ‘info’, ‘reservations’, ‘office’, or some other generic term. If a customer has contacted several parks, ensure that he or she will immediately identify the source of your response. Finally, your emails should always include a “signature” that includes the full range of alternate contact information, including your mailing address, phone number(s), and social media addresses.

Beyond listing alternate contact information in your email signature, consider offering your online visitors one or more truly alternate means of contact. Online chat is great, as long as you have somebody available to respond at any given time; however, the single most important alternative is a telephone number. In 2018, there is no question that well over 50% of your online traffic will be coming from users of mobile devices, and according to a Google AdWords report, 70% of users of mobile devices are likely to “click to call” either prior to or rather than completing an online purchase. This statistic equally applies to online reservations at campgrounds.

A smartphone user may be ready to make a reservation but would prefer to do so over the phone rather than fumbling through an online process. Are the phone numbers listed on your website properly linked to allow smartphone users to simply click the number to call you? It is otherwise awkward to try to read a number and then call it from the same device. Make the process easy!

It is essential for the business phone number to forward directly to either the owner or manager of a campground and that the call be either immediately answered or returned within minutes. Do not include an alternate phone number “for a faster response” in your outgoing message. If another number will reach you more directly, forward the call to that number, rather than expecting the caller to be able to immediately transcribe that number and then place a second call. Nobody likes to needlessly jump through hoops, and that second call is highly unlikely to be made.

What happens when someone calls your campground in the off-season? Do they get a message telling them that you are out of the office and will reopen in May? If so, you can almost be certain that you have lost a sale every time your phone rings. Of course, callers might expect to reach your voicemail during off-hours and on weekends; however, if you are available to take a call during those times, do so. Big companies that have the poorest ratings for customer service are almost always the companies that are notorious for putting callers on hold, forcing them to navigate through complex phone menus, or make it extremely difficult to get through to a live operator.

What callers do not want to sense from you is a lack of response, whether that is an unanswered phone, a non-reassuring outgoing message, or a phone that is answered in an unprofessional manner. When was the last time that you called your own number to listen to your outgoing message? Does it clearly identify your park, is the sound clear and friendly, and is the message current? I am amazed at how many businesses use a default outgoing message that only references the phone number. I will not leave a message in that instance because there has been no confirmation that I have even reached the correct number. In other instances, the recorded message might include long pauses or background noise. Use a written script, record it in a quiet space, play it back, and do it again if it is less than perfect. I have even called parks with outgoing messages that say that they will reopen at a certain date that was two months in the past, not to mention parks where it is impossible to leave a message because the mailbox is either full or not set up properly.

If you attended my “10 Steps for Securing Your Digital Identity” seminar at the 2017 Outdoor Hospitality Conference & Expo, you learned that my lead segment involved the importance of keeping your passwords secure. Passwords have been around since ancient times, when the first sentry asked “Who goes there?”, becoming essential for admission to a speakeasy during Prohibition, and playing a vital role in military security during World War II.

When I was growing up in the 1960s, the doors to our house had old mortise locks and keys that gave our family a sense of security. I recall that the logic when the doors were locked at night was to keep the key turned 90 degrees in the keyhole on the inside of the lock, under the presumption that this would prevent a thief from inserting a key into the outside of the lock and gaining entry. Of course, if somebody got locked inside, we knew that it would only take a couple of minutes to jimmy the key out of the lock. When we were away from home, the key came with us, leaving the lock even more vulnerable.

If a key got lost or broken, we simply walked to the neighborhood hardware store (yes, they existed back then!) and bought a skeleton key for 50¢ that would probably open every lock in our house, including the outside entry doors, as well as the locks on most every other house in the neighborhood. It is no wonder that we relied on neighbors to keep an eye on our houses back then. Sadly, many people today do not even know the names of their neighbors.

Nowadays, passwords are almost exclusively associated with computers and Internet security, and a lame password is essentially the equivalent of a skeleton key. Like those families sleeping soundly behind the security of a mortise lock, a majority of computer users think that their passwords are securely protecting their accounts from getting hacked.

Before I go any further, I would like you to test one of your passwords. Go to this URL and enter your password: https://howsecureismypassword.net/. As an example, I just tested “JBDayton62”, which is exactly the type of password that many people use, so falsely confident in its security that they use it on every account that requires a password. According to the test, a computer could crack this 10-digit password in only 8 months; however, anybody who researched the Internet and social media and already knew that John Brown was born in Dayton, Ohio in 1962 could crack this password in no time flat. If a password is convenient to remember, it is easy to crack!

What Constitutes a Secure Password?

Quite simply, for a password to be secure it should consist of a minimum of 16 characters; never contain a word or a combination of words found in the dictionary; never contain the names of family members, friends, pets, sports teams, and the like; and be made up of a random combination of uppercase letters, lowercase letters, numbers, and special characters. You can also often use spaces in passwords, although it is unfortunate that many websites still prevent users from choosing truly secure passwords, by precluding the use of special characters, for example.

The next rule is to always use a unique password for each and every site, and then to change each password on a routine and frequent basis. Apply even stricter standards for sites that provide access to highly secure information, such as your online banking or the IRS’s Electronic Federal Tax Payment System (EFTPS) website. The time to change your old, reused, vulnerable, weak, or compromised passwords is now, not next week or “when you get around to it.”

Before you naively presume that nobody is out there trying to crack your password, consider the fact that password cracking software is readily available online for use by hackers (and occasionally by companies that are on the lookout for weak passwords being used by employees.) Those programs include L0phtCrack, Cain, and John the Ripper … all designed to crack passwords (and sometimes credit card numbers) using brute force, dictionary attacks, rainbow tables, and other means.

How to Create a Secure Password

Never trust yourself to generate your own secure password. Our brains are simply not programmed to think randomly, and any password that makes sense to you is easy to crack. Some people even think that including a foreign-language word in their password will make it secure, perhaps presuming that hackers only reference English language dictionaries (even though English may be far from their native languages.) My recommendation is to use a secure online password generator such as the Secure Password Generator: https://passwordsgenerator.net/

The Secure Password Generator will allow you to choose any length of characters (from 6 to 2,048) and choose the types of characters that will be allowed (or excluded, if a site does not permit certain characters), then generate it on your own computer.

How to Store Your Passwords

Once you generate a highly secure password, keeping it written down on a sheet of paper or in a Word document on your computer is like leaving the keys for Fort Knox at a lost and found counter. You need a way to store and access your passwords safely, relatively easily, and securely. I recommend the use of a password safe. Three of the best are LastPass, Dashlane, and Keeper.

LastPass – https://www.lastpass.com/
Dashlane – https://www.dashlane.com/
Keeper – https://keepersecurity.com/

All three work with Windows, Mac, iOS, and Android operating systems; have plugins for popular browsers; include two-factor authentication; include form-filling; offer fingerprint login on mobile devices; and have free versions.

The idea with a password safe is that you have only one highly secure master password to remember. Thanks to geolocation, if you login to your account from an unfamiliar IP address, the two-factor authentication will kick in, requiring you to confirm your identity before being allowed access. In my own instance, 12 attempts to login to my account over the last 6 months have been thwarted – 3 from Vietnam, 2 from China, 2 from Brazil, and one each from Argentina, Georgia, Ukraine, The Philippines, and the United States (North Carolina). Do not think for a moment that there are not people out there actively trying to hack into your accounts. They are out there and they are everywhere.

Access to our personal data is far too important to be left to chance, and I am hoping that this article might help to open the eyes of a few disbelievers. People who are ahead of the curve when it comes to planning are already taking measures to ensure the longevity of access to their data, even as new biometric methods such as fingerprint and iris recognition are coming into play. According to a survey taken by the University of London and cited in Wikipedia, one in ten people are now including password access or recovery information in their wills. My best advice is to think toward the future, but to start changing your way of thinking today.

Update, July 29, 2019: The following post was written about the Equifax security breach when it first came to light back in October of 2017. The wheels of justice often turn very slowly; however, in an agreement reached on July 22, 2019, Equifax has agreed to a $700 million settlement that includes $425 million that has been set aside as compensation for the 150 million people affected. You were probably one of the 150 million, now entitled to compensation. If you are unsure whether or not your data was compromised, click here to determine your eligibility to participate in the settlement:
https://eligibility.equifaxbreachsettlement.com/en/eligibility

Presuming that you were affected, it will take all of 5 minutes of your time to submit a claim for a minimum $125.00 settlement payment following this link:
https://www.equifaxbreachsettlement.com/file-a-claim

Every so often, a truly important news story breaks into the public consciousness through an information overload that seems more and more obsessed with partisan issues, celebrity news coverage, and YouTube videos gone viral. One of these recent stories involved the unfolding cybersecurity breach at Equifax, one of the three American companies that compile the personal information that determines your credit-worthiness, your ability to obtain a loan, and the interest rate that you will pay for that privilege.

Of course, a legitimate question could be asked regarding what gives Equifax, Transunion and Experian the right to gather hyper-sensitive personal and financial information on every American citizen alive today. We have certainly come a long way from the idealized days of George Bailey and the Bedford Falls Building and Loan, when financial decisions were local and finalized with a handshake. In our modern times, it would seem that the minimum responsibility on the part of credit reporting agencies would be to maintain iron-clad security standards to prevent our personal information from falling into the hands of malevolent third parties.

In the recent Equifax incident, the personal security information of 143,000,000 Americans was compromised. According to the Federal Reserve Bank, there are only about 125,000,000 households in the United States. Without question, you were personally impacted. Essentially, the names, addresses, dates of birth, social security numbers and more for virtually every adult citizen in the United States were compromised. In addition, investigations have disclosed that credit card numbers of 209,000 individuals were hacked, along with personal identification numbers (PINs) for another 182,000 consumers.

According to testimony prepared for a House Energy and Commerce Committee hearing, Equifax CEO Richard Smith admitted that the breach was the result of a failure to apply a software update, despite warnings from the Department of Homeland Security, followed a day later by a warning from the company’s own security team. The company’s policy was to apply such patches within 48 hours, but this failed to happen. The patch was designed to repair the vulnerability in the open source Apache Struts software that the company was using in one of its systems. Even following the company’s internal software policies, hackers would have had three days to exploit that vulnerability – a virtual lifetime in the world of hackers. The Apache Software Foundation had issued a patch for the flaw in March, two months before hackers began accessing sensitive information on Equifax’s servers on May 13. Clearly, Equifax had no excuse for its failure to have taken immediate corrective measures.

This all occurred two years after a similar, but smaller, security breach occurred at Experian, compromising “only” 15,000,000 Americans. What did the credit reporting industry learn over that time? Apparently how to wait months before reporting the incident, while providing an opportunity for three top Equifax executives to unload $1.8 million worth of company stock, after the breach was discovered but prior to its announcement. It also forced Smith to resign, albeit with an over $90 million golden parachute, according to Fortune Magazine.

The impacts of the Equifax security breach upon individuals have been well-documented, including advisories to subscribe to free credit monitoring services, change all of your passwords to unique strings of characters that are more difficult to crack, to pay to freeze reports on your credit (only unfreezing the reports in specific instances, such as when applying for a loan), and to join into one or more of the class action lawsuits against the company. As a small business owner, on the other hand, what measures should you take to ensure that you are safeguarding the information of your customers to the best of your ability? There is no question that international cybercriminals tend to pursue the larger and more lucrative targets; however, every business that conducts business online (not necessarily through its website, but through any Internet-based transactional application) is vulnerable and bears a responsibility for protecting its customers.

The Federal Trade Commission offers a series of five areas of recommendation for how businesses should handle their customers’ personal information.

• The first is an assessment of how your company handles personal information that is gathered from a variety of sources, including credit reports, employment applications, and customer-provided data. How is it delivered to your business, how broadly is it accessed within your company, and how and where is it stored? A particular area of concern is the processing of credit cards. Above all else, cybercriminals are looking for credit card information, social security numbers, and banking information. There is no reason for most businesses to maintain records of that information in any form.
• Stop gathering information that you do not need. With the exception of very specific matters including employee tax accounting, there is no reason to ever ask for anybody’s social security number. Do not maintain records of credit card numbers. Those should only be gathered through a secure point of sale terminal or via a secure online payment gateway, where you do not actually see the number, its expiration date, or the security code. Never ask people to provide that information via email, and discourage the common practice of taking that information over the phone. Because “we’ve always done things this way” is no longer an excuse.
• Keep all physical and electronic records secure. Paper records and backup files should be stored in locked rooms or file cabinets, with limited employee access to a limited number of keys. Electronic files should be encrypted and password-protected. Individual computers should be password protected, put into password-protected sleep or screen saver mode when left unattended, and shut down at the end of each business day. Scan the computers on your network for vulnerable open network services. For example, if a computer is not intended to be used for the sending or receipt of email, the ports for those services should be closed on that computer. Every computer should also be running real-time anti-malware and anti-virus software that includes scans of incoming email messages for malicious content that might be disguised as routine file attachments. Never allow an employee who is untrained in basic security precautions to access and open email messages.
  A highly secure password is almost worthless if an employee is allowed to write it down on a Post-It Note, typically attached to his computer monitor. Educate employees (and yourself!) on the importance of password security, use a “password safe” application with a highly secure master password, and lock out users after a limited number of incorrect login attempts on any computer and any online application. Laptops and mobile devices are particularly vulnerable due to their portable nature. They should never be left where they would be even momentarily visible to thieves, and their access to secure information should be carefully limited. Using unsecured Wi-Fi access at airports and other public places is an extremely risky practice.
• Always maintain proper disposal practices. We have all heard the old adage about one man’s trash being another person’s treasure. That was never as true as it is today. Paper records and disposable electronic media containing sensitive data should never go into the trash. These need to be run through cross-cut shredders or incinerated. When disposing of old computers and storage devices, all data must first be removed with a data wiping utility. Simply deleting files leaves them recoverable by a thief. Did you realize that your office copier or fax machine contains a hard drive that stores its data? That data probably includes copies of your tax returns, and that data also needs to be wiped prior to the disposal of any such device.
• Finally, maintain a response plan in the event of a security breach. If a computer is compromised, immediately disconnect it from Internet access, remove it from your network, and then shut it down. Bring in an expert to identify and correct the vulnerability and assess any threats to personal information. If there have been compromises, immediately notify your customers and anyone else who may have been impacted by the breach of security. Do not repeat the Equifax mistake of hiding disclosure for months.

This is a brief summary of what occurred in the recent Equifax security breach, how you should react to that breach, and some of the measures that you should implement to tighten the security standards at your own business. If you would like to learn more, be sure to attend the “10 Steps for Securing Your Digital Identity” seminar that I will be presenting at the Outdoor Hospitality Conference & Expo, in Raleigh, on November 8, 2017.