Google Apps Account Access Temporarily Disabled

More than 22.7 million U.S. businesses are one-man or one-woman shows. Each of these tiny firms has a single owner, but no paid employees at all. The US government calls these businesses “Nonemployer” businesses.

If you are one of those 22.7 million U.S. businesses, you probably know about Google Apps for Work, the professional email, online storage, shared calendars, video meetings, voice telephone service and more, built for business, by Google.

More than 5 million businesses have gone Google. You may be a Google Apps for Work single user and account holder. If so, you need to know about Google’s account access problem.

You may have experienced or will experience in the future the dreaded “Account access temporarily disabled” message when you log in to your Google Apps for Work account. Imagine your business’ risk if you depend on all of Google Apps for Work’s services including business telephone service and you find your Google Apps for Work account arbitrarily disabled. You can be out of business in the blink of an eye.

Google’s account access problem lies in it’s “catch 22″ process to re enable your account, should you find yourself out of business. It goes like this;

Upon attempting to log on to your Google account, you get Google’s version of the “Blue Screen of Death”

 

Account access temporarily disabled

 

 

 

 

 

Since you are the only administrator, you seek the “24/7 phone and email support,” that you pay $5 to $10 a month for, from the “Google Support team”

 

Google Support team

 

 

 

 

 

Google Support team contact

 

 

 

 

 

 

 

 

 

 

Unfortunately, you cannot email support because you cannot access the “Admin Console.” But, you would want to call the “Google Support team” anyway because of the urgency to re enable your Google account. So you go about the business of locating your PIN because the “Google Support team” requires your PIN in order for them to answer their telephone. But, you see a page that states, “To locate your PIN: Sign in to the Google Admin console.”

 

Support PIN

 

 

 

 

 

 

 

 

 

 

So now, you’re stuck. You cannot call or email the “Google Support team” without access to your disabled Google account for their email link or PIN. That’s some strange paid “24/7 phone and email support.”

Fortunately, when Google’s account access problem happened to me, I located an obscure form at https://support.google.com/a/contact/admin_no_access that opened a support ticket. Unfortunately, 48 hours into the support request, my Google Apps for Work remains disabled.

Let me be the first to say that I like Google Apps for Work’s features and general performance. I especially like the ability to wipe a lost smartphone. I also like using Google Voice for calls using a computer headset. I’m not a Google Apps for Work reseller, but I have set up many businesses with Google Apps for Work.

But, single user Google Apps for Work accounts require a different approach. What can one do to protect one’s self from Google’s lackluster Google Apps for Work support?

  • Google Apps for Work “Nonemployer” business folks should always have two admin users in their account, with strong passwords and be well documented. The second admin user can be used to re enable the primary admin user when that user experiences “Account access temporarily disabled.”
  • Never use a Google Voice number as your primary business telephone number. If you have done that, immediately port your number out of Google Voice to a more dependable carrier, either a local telco service provider or a national VOIP provider with a demonstrated excellent support track record.
  • Back up your primary user’s email, contacts, calendars, tasks, voice calls, chats, drive and any other data you may have in Google Apps for Work. One can use Outlook sync for manual and limited backup or go the distance with backupify, the leader in Google Apps backup.

Have you been stunned by the dreaded “Account access temporarily disabled” message? If so, what was your experience?

Difference Between Office 2013 Suites and Office 365

2013mohbI get this question about the difference between the Office 2013 suites and Office 365 more than any other question. The main two differences have to do with “the cloud” and your ownership.

Microsoft Office is still the name Microsoft uses for its familiar productivity software. Office suites have traditionally included applications such as Word, Excel, PowerPoint, and Outlook. All Office 2013 suites include the latest versions of the applications, for use on a single PC.

Microsoft uses the name “Office 365” for products that include cloud services, such as additional SkyDrive online storage, Skype minutes for home use, Lync web conferencing or Exchange Online hosted email for businesses. Cloud services are features that are enabled over the Internet.

Some Office 365 plans also include the full-featured Office 2013 applications, which users can install across multiple computers and devices. Some Office 365 plans do not include the full-featured Office 2013 applications. Consequently, one gets stuck with limited "cloud" versions of familiar Office applications like Word and Excel.

All Office 365 products, such as Office 365 Home Premium, are paid for on a subscription basis, annually. Active subscribers will receive future rights to version upgrades as a benefit of their subscription. One pays for Office 365 every year.

Office 2013 suites require a one time payment. After payment, one owns the license to an Office 2013 product in perpetuity; in other words, forever.

I still use Office 2002, a product I paid under a hundred dollars to acquire, on some of the computers I own. But my standard, Office 2007 that I purchased one time in 2008, gets all my work done without any issues.

So, pay one time and own forever a Microsoft Office suite, preferably on DVD; or pay forever for Microsoft Office 365 adding a bit of cloud stuff, most of which one can get free already.

Move To A New QuickBooks Server

contactI recently responded to a request about using a Mac as a server. It got me to thinking about two things; how much I like Macs and how I move client’s QuickBooks to a new QuickBooks server after a hardware upgrade. I hope this information helps you out.

My response:

I also like Macs except when it comes to QuickBooks. You may have picked up on the fact that I always install a full version of QuickBooks on the server; never using Intuit’s “server install only” option for QuickBooks. Consequently, Mac is not an option for me. Intuit allows for a free extra server install in their licensing. I developed my XP Pro server installation as a reasonably inexpensive alternative to hosted QuickBooks, Windows Server operating systems/hardware installs and Apple or Linux installs.

For several years now, I’ve used my own methodology to move QuickBooks from a desktop or old server to a new server. I always use unique folders for each unique group of companies. I evaluate and enumerate the existing company files folder to see what I’m working with. Every company has their own unique mess. Once I’ve figured out the mess, I plan the cut-over date and build the new server including the new folder structure. Just prior to cut-over, I complete a fully verified backup of each company file. I will generally rebuild the company files when they do not verify. On many occasions, especially with large files, the company accountant will need to back out transactions or clean up the data before the file will verify.

Upon cut-over to the new server, I perform a restore from the verified QuickBooks backup file, moving unique companies into their respective new folders. Then, I go back to pick up custom reports, invoices, images, etc in their folders, like “QuickBooks Letter Templates”, “[company file name] – Images”, “Templates” as well as other folders with names relative to past versions. I will also pick up any shipping databases or other third party add on files. Finally, I copy the entire contents of the old company files folder to a unshared location on the server from where I can get anything that might be found missing several days after the cut-over.

Folks have a habit of placing task lists, spreadsheets, pdf docs and other extraneous files in the company files folder. I will copy those over to a shared “Accounting” folder and train users to place any accounting related support documents in that folder. In spite of that, I still see stuff land in the QuickBooks company file folders when I’ve returned weeks or months later.

On a side note, I’ve stopped using “Q” as a mapped drive letter. Microsoft reserved “Q” for their click to run software. Seems that everyone gets Microsoft Office from click to run these days. Consequently, I go to each client computer and map the server shared QuickBooks company files folder to a new drive letter.

Systems Lessons To Learn From Core Strength for Cyclists

I like to bike and have biked for years. Anyone that bikes seriously will tell you how important one’s core strength is for performance and endurance. I’ve not seen a better group of core strength exercises than these from Tom Danielson and Allison Westfahl from their book, Tom Danielson’s Core Advantage: Core Strength for Cycling’s Winning Edge.

So, I decided to create this page to use as a visual workout guide. Since one video is worth thousands of words, check out the example from youtube.

You can grab a copy of Tom and Allison’s great book from Amazon.

What does core strength have to do with computer and network systems, you ask? If you want your systems to endure over time and perform at a top level, develop strength in your core systems management practices. Use high quality systems monitoring, state of the art mobility management and best practices driven systems management. One can accomplish all of that, even with disparate systems located in your office and in the cloud. If you’re wondering how, contact me.

Posted in Business Systems Support Cycling by Les Murphy. No Comments

Utilize Systems Monitoring To Meet HIPAA Requirements

nurse computerAll systems monitoring should be configured to facilitate HIPPA compliance. However, the first step dictates that one deploys systems monitoring to all devices resident on the health care providers’ network. This often forgotten area of technology management needs illuminating to help bring some order and methodology to deploying activities that keep your medical enterprise fully HIPAA compliant.

HIPAA Security Rules specifically outline US national security standards to protect health data created, received, maintained or transmitted electronically, also known as electronic protected health information (ePHI). The HIPAA Security Rules are divided into 3 distinct categories and below is a summary of each.

  • Administrative Safeguards. This section of the HIPAA security requirements is focused upon establishing a risk analysis process, with periodic reviews, assigning security management responsibilities, formulating security policies and procedures and establishing appropriate workforce security training.
  • Physical Safeguards. This section of the HIPAA security requirements is focused upon securely controlling physical access: to data processing facilities, workstations and devices as well as physical media which contains PHI (personal health information).
  • Technical Safeguards. This section of the HIPAA security requirements is focused upon establishing specific technical security controls which aim to protect PHI via the following key aspects: data access control, data & access auditing, integrity and transmission security.

Below is a detailed description of each HIPAA related configuration item and the required guidance towards a HIPAA compliant configuration. As per the HIPAA requirements, for items listed as Addressable the entity must perform one of the 3 options: 1) Implement the required control as stated 2) Implement an alternative control which meets the intent of the original control 3) If implementing either, they must document the technical and or business constraint which prevents them from doing so. For items listed as “Required” the entity is required to implement this control as stated.

164.308(a)(3)(ii)(C) – Terminating Access

Addressable

Have you implemented procedures for terminating access to EPHI when an employee leaves your organization or as required by paragraph (a)(3)(ii)(B) of this section?

» Recommendation: Utilize the systems monitoring dashboard to remotely remove terminated employees from all in-scope EPHI related systems.

164.308(a)(5)(ii)(A) – Security Reminders

Addressable

Do you provide periodic information security reminders?

» Recommendation: Utilize systems monitoring to push periodic reminders to the in-scope workstations.

164.308(a)(5)(ii)(B) – Malicious Software

Addressable

Do you have policies and procedures for guarding against, detecting, and reporting malicious software?

» Recommendation: systems monitoring provides managed antivirus services that guard, detect and report against malicious software.

164.308(a)(5)(ii)(C) – Monitoring Login’s

Addressable

Do you have procedures for monitoring login attempts and reporting discrepancies?

» Recommendation: Utilizing the systems monitoring dashboard, develop procedures to periodically review audit logs and login attempts.

164.308(a)(5)(ii)(D) – Password Management

Addressable

Do you have procedures for creating, changing, and safeguarding passwords?

» Recommendation: Via the centralized management capabilities of the systems monitoring dashboard, develop procedures to create, change and safeguard passwords.

164.312(a)(2)(i) – User Identity

Required

Have you assigned a unique name and/or number for identifying and tracking user identity?

» Recommendation: systems monitoring requires each user ID to be unique and tracks activity according to such. Further, ensure there are no shared user accounts within the client environments you manage.

164.312(a)(2)(iii) – Inactive Sessions

Addressable

Have you implemented procedures that terminate an electronic session after a predetermined time of inactivity?

» Recommendation: systems monitoring automatically times out inactive user sessions.

164.312(a)(2)(iv) – Encrypting EPHI Data

Addressable

Have you implemented a mechanism to encrypt and decrypt EPHI?

» Recommendation: systems monitoring mail automatically and transparently encrypts all mail archives with secure AES 256bit encryption, thereby protecting any EPHI information potentially contained within the archive.

164.312(b)(2) – Audit Reporting

Required

Have you implemented Audit Controls, hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use EPHI?

» Recommendation: User audit reports are dynamically generated by default and can be accessed at any time via the systems monitoring dashboard. Develop procedures to periodically review and investigate any discrepancies.

164.312(d) – Authentication to EPHI Data

Required

Have you implemented Person or Entity Authentication procedures to verify that a person or entity seeking access EPHI is the one claimed?

» Recommendation: Consult with your client and determine the appropriate level of security. Upon such, implement strong password authentication & for further security, configure the systems monitoring dashboard to validate source IP addresses.

164.312(e)(2)(ii) – Encrypt EPHI Data in Transit

Addressable

Have you implemented a mechanism to encrypt EPHI whenever deemed appropriate?

» Recommendation: Configure systems monitoring mail to only transmit email traffic via IMAPS (IMAP over SSL) as this will securely encrypt and protect EPHI transmitted via email over the Internet.

%d bloggers like this: