The Password is PASSWORD

                     Highlights from the last few months in cyber-chaos

cyber security, password

  • April, 2014 – The “Heartbleed Bug” strikes, affecting as many as 500,000 websites.
  • November, 2014 – Sony Pictures Entertainment hacked by person/persons unknown; leads to a complete and total meltdown in Hollywood,  forcing people in the “biz” to actually pick up a phone and talk to their cubicle mate and for the rest of us to stream a bro-stick comedy over Christmas that we all probably would have been better off waiting for on Netflix.
  • December, 2014 – North Korea’s Internet service undergoes a “DDOS attack” (distributed denial of-service) by person/persons unknown.
  • January, 2015 – US Central Command’s Twitter and YouTube accounts hacked by Islamic State sympathizers
  • Retailers such as Target, Neimann Marcus, Michaels, Aaron Brothers, PF Changs, UPS, Home Depot, Chik-Fil-A – ALL HACKED!!

A recent study found that 13.1 million U.S. adults are victims of fraud, with a total somewhere in the $18 billion range of fraudulent activity accounted for annually.  Earlier this month, President Obama proposed legislation that would encourage companies and government agencies to share information about security threats and vulnerabilities with each other.

Remember when you got that email from your bank, your social media website, your email server to change your password in the wake of Heartbleed. Did you actually do it? A Pew research study last year found that only 61% of those who knew about Heartbleed changed their passwords.

Just how lazy are we?

 A survey from 2012 by Research Now for CSID on password habits among American consumers found:

  • 61% of us reuse passwords across multiple websites.
  • 54% of us have 5 or fewer passwords for all of our internet usage.
  • 44% of us change our passwords once a year or less.
  • 89% of us feel secure with our current passwords and security habits.
  • 21% of us have had at least one online account compromised.

Splashdata’s annual list of most commonly used passwords found that “password” had been supplanted by the surely uncrackable“ 123456” as the most popular password of 2013.

 So what kind of passwords should we be using? 

The latest and greatest recommendations from cyber experts, including Blizzard’s own Hosting Manager, Tish Lockard, agree on the following guidelines for creating strong passwords:

  • A strong password should contain AT THE VERY LEAST 8 characters, combining upper and lower case letters, numbers, punctuation marks and symbols; there should be no inclusion of words found in the dictionary or the names of your friends and family.
  • Never use easy to discover dates like birthdays or anniversaries; you’d be surprised what is clearly visible on our personal and business social media pages these days.
  • You should have a unique password for all of your important accounts.
  • You should change your passwords every 90 days and not reuse them for different sites.

There are password generating sites that will create strong passwords for you. Tish says, “Can’t think of a good password? There are tools out there, such that will cook up a good one for you.  You can even decide the length of your password and what type of characters to use.  I use this Every. Single. Day.” Hear that? Every single day! I am listening Tish!  Some others generators  are and

  How the B!33P am I supposed to remember that gobbledygook?

cyber security, heartbleed, passwords

Keep your Hello Kitty in a secure location, NOT near your computer!

How are you supposed to remember these nonsensical passwords? I know I have  been  loath to use passwords like those described above because there is no way I  am ever  going to remember them. Most security experts recommend the use of a password manager such as, or which have apps that can go with you from your computer, phone and tablet. YES, you will have to have a password  for these heavily  encrypted secure sites, but if you can’t remember ONE goofy  password, well, maybe this  World Wide Web thing just isn’t your bag.

DO NOT store your passwords in a public cloud, in a Google doc, in emails that  can be  hacked, on your phone’s notepad app or maybe not even in that little spiral  Hello Kitty  notebook that you carry around with you everywhere unless you have really bad  handwriting.

According to Tish, “If everyone could make these criteria a priority and truly commit to changing their passwords regularly, there would be a lot less chaos in  the world. Well, ok, chaos caused by hackers, anyway.” If we listen to Tish, at  least we all can do a little something about this cyber chaos. The hacker free-chaos, Tish and I will endeavor to deal with that another time.

Whatever method you decide upon to have truly secure passwords, remain ever vigilant as you cruise along the world-wide-web. There are hackers around every bend and it’s up to you to keep an eye on your online accounts. And don’t forget that old adage, if you don’t have something nice to say in an email about someone, maybe just jot it down in your Hello Kitty notebook.

Amazon Travel to Compete with Expedia, Priceline

Travel Photo with Orange HatOnline travel industry news source,,  is reporting Amazon’s entrance into the travel market. So far, it’s but a toe in the water for Amazon, with offerings only near major US cities and a handful of independent hotels with good reviews reported on Nonetheless, for those of us in the travel industry, having a new distribution opportunity from an entity with the might and muscle of Amazon is pretty big news, and something definitely worth watching as it unfolds!


  • Who:
    • Independent hotels with good TripAdvisor ratings, with only a few places per city.
    • By Invitation Only. Amazon Travel is inviting a few independent hotels and resorts to participate. There is no online sign up area.
  • Where:
    • near major US cities, including New York, Los Angeles, Seattle, Boston and Dallas
  • When:
    • January 1, 2015
  • Why:
    • 15 percent commission vs. the average 25 percent rate paid to Expedia.
    • There are about 20 million members in Amazon Prime. Hotels can give special deals to Amazon that undercut the deals that they give to all OTAs, because these specials deals are offered just to Amazon’s Prime Members.
  • How:
    • Amazon already offers local deals at its website; these travel deals are supposed to be another offering in that area of Amazon.
    • Pretty rudimentary booking procedures. Booking notifications will be via email, and hotels need to update their calendars on the Amazon extranet site.
    • Amazon gets paid first, then will pay the hotel in two payments, less its 15% commission

Stats for comparison:

  • (owned by Priceline) has over 550,000 properties, including over 210,000 vacation rentals globally.
  • Expedia has over 300,000 hotels globally.
  • According to Seeking Alpha, Amazon has
    • 20 milllion Prime Members
    • Over 230 million active user accounts
    • About 80 million people using its website to shop each month

Amazon has ventured into the travel arena in the past:

  • With Expedia in 2001, when they partnered in an online travel store. This foray ended in a nasty breakup between Amazon and Expedia.
  • With SideStep (later acquired by Kayak) in 2006 which allowed searches in Amazon’s travel store for flights, hotels, car and vacation packages.

Insight Finder from Google makes Google Research Easier

Google has a website called thinkinsights with Google that is a great source to get insight, facts, stats, research, planning tools and… data!

There is a lot of great travel related data that is worth checking out.  They also have a “Real Time Insights Finder” which can help you discover all kinds of free real-time data from a plethora of Google Tools:

TripAdvisor Shares ROI Study for TripAdvisor Business Listings

TripAdvisor is touting a Forrester Consulting study The Total Economic Impact of TripAdvisor’s Business Listings that is sharing some interesting ROI results from 154 lodging properties (hotels, inns, resorts, etc.) with about 50% of them located in the U.S..

In a nutshell, say the TripAdvisor Business Listing:

  • Offered a 410% “risk adjusted ROI” Annually.
  • Averaged $6 in incremental booking for every $1 spent.
  • Only tracked click-throughs and online bookings.  Phone calls not tracked.

Does this mean every hotelier should run out and buy an ad?
Some of the factors that caused a higher than average ROI were:

  • Your Popularity Ranking
  • Whether the hotel used the Special Offers feature
  • Smaller hotels (100 rooms or fewer) did better

In another Forrester Report, an anonymous organization that manages twenty hotels using TripAdvisor’s Business Listing shares some eye opening results… with a 400% return being on the low end.

So, if you have a good popularity ranking, and will take the time and trouble to use the Special Offers feature, you should probably purchase a TripAdvisor Business Listing.

How does the TripAdvisor Business Listing compare to other sources in terms of ROI?
I took a look at 55 lodging websites using Google AdWords and found that ROI was about 1,050% (for July-December, 2010)  and that the conversion rate was .34%  (average for 2010).
I didn’t “risk adjust” the ROI, I just got it out of Google Analytics.   If you believe it, every $1 spent in Google AdWords brought $10.50 in online revenue.    (It takes about 300 visitors for a conversion.)

So, should you run out and do PPC?  Not so fast. [Read more…]

Lodging Industry Website Performance Averages

Studying your hotel’s website’s performance in Google Analytics can be a daunting task.  It is hard for many to even know where to begin and what reports to look at.  There is so much data available and it can be sliced, diced, filtered and segmented to an infinite degree.   Arggh.

A common question for anyone looking at their stats (other than where to begin) is typically “Is this good?” or “What is average?” That question is asked about visits, Google traffic, bounce rates, etc… pretty much every analytics metric.

Part of the problem with answering the question is that the answer is different for different industries…. the lodging industry will have different norms than the real estate or restaurant industry.

Even within industries there are many segments.   In celebration of Google Analytics Month, we will share research averages taken from Google Analytics, for 85 lodging websites including hotels, resorts, vacation rental managers and inns, from large to small.

How many visitors should I get? (January, 2011):

  • Average # of Visits:  27,683
  • Average Pages per Visit:  6.45
  • Average Time on Website:  5 Minutes, 31 seconds

What is a good bounce rate?  (January, 2011):

  • The average website bounce rate was  32%
  • The average bounce rate for visitors from Google:  29%
  • The average bounce rate for visitors using mobile devices:  40%
  • The average bounce rate for Facebook visitors:  48%

How much traffic should I get from search engines: (January, 2011):

  • On average, 41% of visits originated from organic search
  • Google accounted for 81%, Bing 9%, Yahoo 9%

[Read more…]

Gross Revenue in Google Analytics vs Reality – A Wake Up Call

Amy Tomasello, project manager extraordinaire, and I were reviewing revenue data for a client the other day.  We wanted to compare what Google Analytics is reporting vs. what the client actually deposited “in the bank” for January.

The reality was pretty interesting.

According to Google Analytics, this VRM in Florida received about $85,000 in online bookings in January 2011.  When we asked the client to “match it up” with what she received, it was pretty interesting.  Photo Courtesty: Treehugger on Flickr

Here’s what we found out:

  1. Google Analytics doesn’t report cancellations, or those that call and move to another unit, be it less or more expensive.
  2. Some guests call and decline trip insurance, further reducing the gross revenue of the booking.
  3. Credit card fees and other “costs of collecting money” aren’t revenue, so even though they’re included in the gross revenue numbers, they need to be pulled out to get a true picture of revenue.
  4. Google Analytics DOES remove taxes from gross revenue numbers, so that math is already done.

So what did we find out?  In reality the actual revenue deposited “in the bank” for January 2011 was down around $57,000 – which basically slices about 34% off the top – WOW!  It was definitely eye opening.

I started to think, how can we track this better in Google Analytics?  I think, and correct me if I’m wrong, that the only way is to have the actual transaction “thank you” page divide out the fees and report those to Google Analytics as separate line items.

For example:

[Read more…]

Mobile Phone Usage in Google Analytics

The experts tend agree that mobile is growing quickly.  Its impact on the hotel and lodging industry is expected to be great.

Recent research and report data supports the experts:

  • PhoCusWright reports in its mobile usage among traveller report from ’09 that mobile bookings will reach $160 million in 2010 and 77% of frequent business travelers have already used their mobile devices to find local (e.g. lodging) and attractions.
  • Even travel related search is predicted to rise.  According to Google, mobile device searches for travel related terms have jumped 12 times and hotel-specific terms are up 30 times in the same period.

But what is the impact right now? You can investigate and monitor your mobile based traffic is Google Analytics, which has an entire section devoted to mobile data for your website.

Looking at Google Analytics Mobile reporting and aggregating the data for 70 lodging properties, here is how the mobile phone usage broke down, by device for the month of January 2011:

The surprising number here may be the iPad usage at 42%.  It defies the definition of mobile… it is kind of big and typically renders a website more like a laptop than a phone.   iPad usage certainly skews the results if we are strictly defining mobile.  Another surprise is the small “other” slice.  This may also be skewing the results, it is likely that some users are using “dumb” phones that don’t trigger the Google Analytics javascripts.

The number of visits for those 70 lodging websites averaged 1,581 visits per website in January 2010… up from 363 in January 2009.  In terms of percentages, that is a move from 1.48% to 5.76%… seasonally adjusted in one year.

Whatever the case, and whatever the experts say, a lot of people are interacting with your hotel’s website through a cell phone.  Make sure your website looks and works OK in an iPhone and iPad are probably the lowest hanging fruit… this typically entails NOT using Flash and making your website de-cluttered and easier to operate on a smaller screen.