Midyear Reality Check: What’s Changed In Your Systems Since January?

Midyear Reality Check: What’s Changed In Your Systems Since January?

Your business hasn't stood still since January and your systems haven't either.

You've added people to the team, adopted new tools and made fast calls to keep things moving.

What’s hard to keep track of is the trail those decisions leave behind, including who still has access to systems they no longer need, where your data ended up and who’s responsible for what.

By July, most businesses are running on assumptions about how their systems work. Here are four things to examine before those assumptions become expensive.

1. Access was expanded. Was it ever revisited?

New hires came in and needed to get on systems quickly. Other employees moved into new roles and picked up permissions along the way. Temporary access was granted to keep a project moving or cover for someone who was out.

But access almost never gets revisited after it’s needed, which means the picture inside most businesses looks like this:

·       People have more privileges than their current role requires

·       Former employees likely still carry active permissions

·       You don’t have a clean view of who can reach what

It’s time to ask the question, do the right people have the correct access today?

Do you know who can see what inside your business right now? If that answer takes longer than a few seconds, pay attention.

2. Your tools solved problems while creating new ones

Your sales team needed a better way to track conversations, so a CRM was added. Marketing brought on a platform to run campaigns faster. Finance adopted an application to simplify billing. Operations signed up for a project tool that seemed lightweight at the time.

Every one of those was a reasonable decision. Collectively, they created something messier.

Data now lives in more places, integrations were set up quickly and may not be working as intended, and visibility across systems has fragmented. 

When systems coexist without anyone owning the full picture, the risk doesn't announce itself. It shows up later in slower decisions, inconsistent reporting and gaps that belong to nobody. 

Do your systems work together or is your team quietly working around them? By the time that question becomes urgent, it's been a problem for a while.

3. Your backup and recovery confidence is probably assumed

Most businesses have backups in place and operate under a false sense of security, believing they're protected. Recovery is rarely tested, the timeline to restore operations is unclear, and ownership of the process often isn’t defined.

When something goes wrong, whether it’s ransomware, a server failure or an accidental deletion, the conversation starts with "wait, who handles this?"

Having backups is not the same as being able to recover. The difference between them only becomes clear at the worst possible time.

If something went down tomorrow, would you know exactly what happens next? Or would you be figuring it out on the spot?

4. Responsibility has blurred as your business has grown

Remember back when who owned what was clear?

Your internal team handled certain systems, vendors handled others and responsibilities were roughly defined, even if nobody had documented them.

Then systems expanded, new vendors came in, internal roles shifted and somewhere in the middle of all that growth, ownership got blurry.

Now when something breaks and it crosses systems or providers, the question of who takes the lead often gets answered in real time. Issues bounce, small problems sit unresolved longer than they should and nobody knows whose job it is to fix the problems.

When something alarming happens in your systems, do you know who is responsible for resolving it? Or do you figure it out in the moment?

Most risk doesn't come from what's broken

It comes from what's changed without being revisited.

Businesses that stay ahead of this aren’t doing anything complicated. They have a clear view of who has access to what, they know their backups work, and they know who owns what when something goes wrong. 

That clarity lets them move fast without things falling through the cracks. 

That’s what we’re here to help you achieve. A discovery call takes 10 minutes and will help give you a straight answer on where your systems stand today and what needs attention.

Call us at 619-782-0170 or visit www.mycre.com to schedule yours.

6 Questions Smart Companies Ask Their IT Provider Every Quarter

6 Questions Smart Companies Ask Their IT Provider Every Quarter

If you’re only talking to your IT provider when you renew your contract, you’re doing it wrong.

Technology isn’t a “set it and forget it” part of your business. It’s constantly evolving and so are the threats that come with it. That’s why quarterly IT check-ins are non-negotiable if you want your business to stay protected, productive and competitive.

But here’s the thing: Most business owners don’t know what to ask.

Today, we’re giving you a cheat sheet. These are the questions your IT provider should be ready to answer every single quarter without tech-speak or vague promises. 

Question 1: What security problems do we need to address?

Every business has vulnerabilities. The important question is whether your IT provider is actively identifying and addressing them before they become costly.

Ask them:

  • Are there systems that need security patches?
  • Have there been any unusual login attempts or suspicious activity?
  • Are there users, devices or processes creating unnecessary risk?

You want specifics, not a generic “you’re protected” response. 

A good IT provider should be able to explain where your biggest risks are today and what’s being done about them.

Question 2: Have you tested our backups recently?

A backup is valuable only if it works when you need it. 

That sounds obvious, but you’d be surprised how many businesses assume they’re protected simply because backups exist. Then a server fails, ransomware hits or someone accidentally deletes critical data, and suddenly nobody’s sure how quickly systems can be restored.

Ask:

  • When was the last full recovery test?
  • How long would restoration realistically take?
  • Are backups stored securely and separately from our primary systems?
  •  Are cloud applications included in backup coverage?

You don’t want guesses during an outage. You want a process that’s already been tested under pressure. 

Question 3: Where is our technology slowing us down?

Most productivity issues don’t look dramatic enough to trigger an IT emergency. They show up when your team loses momentum throughout the day. 

An employee waits 15 seconds for an application to load dozens of times before lunch. A sales call freezes halfway through a proposal. Someone avoids using a system altogether because it’s become unreliable enough to be frustrating. 

Ask your provider:

  • Are there recurring performance problems?
  • Are we outgrowing our current hardware or software?
  • What systems generate the most complaints internally?
  • Is there anything we should optimize or replace?

Technology should help your team move faster, not train them to tolerate inconvenience. 

Question 4: Are we still compliant with industry regulations?

Compliance regulations change constantly, whether you’re dealing with HIPAA, PCI-DSS, GDPR, cybersecurity insurance requirements or other industry-specific regulations.

A company that was compliant last year can easily drift out of alignment without realizing it.

Ask:

  • Have any compliance requirements changed recently?
  • Are there gaps in our documentation or policies?
  • Do we need additional employee training? 
  • Are there security controls we should strengthen?

The cost of noncompliance usually extends far beyond fines. It affects insurance claims, legal exposure and customer trust.

Question 5: What should we be budgeting for next quarter? 

Good IT planning eliminates surprises. Your provider should be tracking:

  • Aging hardware
  • Expiring warranties
  • Software license renewals
  • Upcoming infrastructure upgrades
  • Security investments worth planning for

Quarterly reviews should help you make decisions early, spread costs out intelligently and avoid emergency purchases that wreck budgets. 

Question 6: Where are we falling behind that’s leaving us exposed?

This is the question too many IT providers avoid because it requires them to think strategically, not just technically. Ask them:

  • Are there new tools or automations we should consider?
  • Are we lagging behind in any security protocols or performance benchmarks?
  • What are other businesses our size doing that we aren’t?
  • Have cybersecurity standards changed in ways that affect us?

Technology moves fast, but cybercriminals move faster. A good IT partner helps you stay ahead of both. 

You AREN’T Having These Conversations? Red Flag 

If your IT provider doesn’t have clear answers to these questions — or worse, if they aren’t offering to meet with you quarterly in the first place — you might not be getting the support you need.

You need someone who’s not just reacting when something breaks but also actively working to prevent the break in the first place.

Our job isn’t just to fix issues when they happen. It’s also to help you avoid downtime, reduce risk and make smarter technology decisions before problems start costing you money.

We offer 10-minute discovery calls to help business owners like you get a clear view of their tech setup — what’s working, what’s not and how to fix it before it turns into a problem.Call us at 619-782-0170 or visit our website www.mycre.com to schedule yours.

Windows Server 2016 End of Life: What Construction Companies Running Sage Need to Know

Windows Server 2016 End of Life: What Construction Companies Running Sage Need to Know

For most businesses, an operating system update is background noise. A version number changes, IT handles it, everyone moves on. But when an operating system reaches true end of life, something different happens, and most construction executives don't find out what until it's already a problem.

Windows Server 2016 reaches the end of Microsoft's extended support on January 12, 2027. If your Sage 300 CRE or Sage 100 Contractor environment is still running on it, here is what that date actually means, why it matters more for a construction company than for almost any other type of business, and what a responsible plan looks like before the deadline makes the decision for you.

What "End of Life" Actually Means

When Microsoft retires support for a server operating system, it doesn't slow down. It stops, permanently. No more security patches. No more bug fixes. No more technical support if something breaks at the OS level. Every vulnerability discovered in Server 2016 after January 2027 stays open, on every machine still running it, indefinitely.

This matters because new vulnerabilities are found constantly, in every operating system, every year. On a supported platform, Microsoft closes them as they're discovered. On an unsupported one, they simply accumulate. The server doesn't stop working the day support ends. It keeps running, which is exactly what makes the risk easy to underestimate. Nothing visibly changes. The exposure builds quietly in the background instead.

Why Attackers Specifically Target End-of-Life Systems

This isn't a theoretical risk that only matters to security professionals. Threat actors actively look for infrastructure running outdated, unpatched operating systems, precisely because they know those systems have no upcoming fix. An end-of-life server isn't just more vulnerable in the abstract, it becomes an identifiable target the moment support ends.

Microsoft's own threat intelligence backs this up with hard numbers. According to Microsoft's Digital Defense Report, the overwhelming majority of ransomware attacks that succeed in fully encrypting a target's data begin on unmanaged, unpatched, or unsupported systems, the exact profile of a server running an end-of-life operating system. Ransomware groups favor this kind of infrastructure for a simple reason: it offers a long, predictable window to operate, with no patch cycle working against them.

Why This Hits Construction Companies Differently

Most generic advice about server end of life is written for a generic business. Construction firms running Sage carry a different and more concentrated kind of exposure.

Your Sage environment isn't a side application. It holds job cost data across every active project, payroll for every employee, banking and ACH details, subcontractor records, and in many cases certified payroll tied to public contracts. A ransomware event doesn't just lock files somewhere on a network. It can halt payroll runs mid-cycle, freeze billing during an active draw, and stall project approvals while the business works through recovery, all while jobs in the field keep moving regardless of what's happening on the server.

For a firm managing several projects simultaneously, even a short disruption compounds fast. And if the incident involves payroll or banking data, it can trigger breach notification obligations most construction firms have never had to navigate and aren't staffed to handle on short notice.

The Risk Doesn't Stay in IT. It Reaches Bonding, Insurance, and Compliance

This is the part that surprises most executives: an outdated operating system doesn't stay an IT problem. It can quietly become a liability in conversations that have nothing to do with technology.

Many cyber insurance policies require running supported, patchable software as a condition of coverage. If a breach is later traced to a known, unpatched vulnerability on an end-of-life system, that can give an insurer grounds to deny a claim entirely, at the exact moment a firm needs that coverage most. The same logic applies to compliance postures like SOC or PCI that some lenders, sureties, and general contractors now expect from their subcontractors and vendors as a condition of doing business. An aging OS sitting quietly in a server closet can show up later as a problem in a bonding conversation, a lender review, or a prequalification questionnaire.

The Cost of Waiting Compounds. The Cost of Planning Doesn't

The exposure here isn't flat, it steepens over time. Between now and January 2027, risk grows every month as new vulnerabilities are discovered and never patched on Server 2016. After the deadline passes, that curve gets steeper still, because the vendor safety net disappears completely and there is no longer any patch coming, ever, for anything.

Firms that get ahead of this on their own timeline get to do it on their own terms: planned testing, a controlled cutover window, no pressure. Firms that wait usually end up moving anyway, just under worse conditions, after an incident, under time pressure, with far less control over cost or scheduling. The deadline doesn't go away if it's ignored. It just shifts who's in control of how the transition happens.

What This Means If You're Hosted With myCREcloud

If your Sage environment is hosted with myCREcloud, this transition looks different than it would for a firm managing its own on-premise infrastructure, and it's worth understanding why.

A firm running Sage on premise that wants to get ahead of this deadline has to do all of it themselves: source and budget for a new server OS license, plan and execute the OS-level rebuild, and then handle the Sage migration on top of that, usually while also juggling whatever else is competing for the IT budget that quarter. That's a real project with real cost before the Sage piece even starts.

For myCREcloud clients, the OS layer is something we manage as part of hosting your environment, not something you have to plan, budget, or execute on your own. As Server 2016 approaches its end of life, we're building current, supported environments for affected clients at no cost for the new server OS itself. The remaining piece, migrating your Sage application and database into that new environment, is a real project with real scope, but it's one we can schedule around your calendar rather than a hard deadline forcing the timing.

The point isn't that the work disappears. It's that being hosted means you're not solving this alone, on your own infrastructure, against your own clock.

A Readiness Checklist Before Your Migration Conversation

You don't need every answer before reaching out, but having these on hand makes the first conversation more productive:

    • Your current Sage version and which modules are active

    • Your user count and where they're located

    • Your full list of integrations (Procore, hh2, Autodesk, Microsoft 365, or others)

    • When your backups were last tested with an actual restore, not just confirmed as completed

    • Whether any custom reports, macros, or workflows depend on specific file paths

    • Your current remote access method, if any

    • Where Sage already feels slow or painful today, since that often points to other improvements worth making during the same project

The Bottom Line

January 12, 2027 isn't a soft target. It's the date Microsoft stops protecting Server 2016 against every vulnerability discovered after it. The risk isn't hypothetical and it isn't a future problem sitting safely down the road, it's a clock that's already running, and it gets harder to manage the closer it gets to zero.

The fix isn't complicated: a planned, tested move to a current, supported environment before the deadline forces the timing. If you're hosted with myCREcloud, that move is already underway for affected environments, and the only real decision left is when it fits your schedule.

If you have questions about where your environment stands, reach out to your myCREcloud contact directly, or request time on our calendar to walk through it together.


Sources: Microsoft Digital Defense Report (microsoft.com); Microsoft Windows Server Blog, "Planning ahead for Windows Server 2016 end of support"; Microsoft Lifecycle documentation for Windows Server 2016.

myCREcloud Achieves SOC 2 Compliance Certification

myCREcloud Achieves SOC 2 Compliance Certification

myCREcloud Achieves SOC 2 Compliance Certification

June 1, 2026 - myCRECloud, a provider of cloud-based Sage hosting and IT services for construction professionals, today announced it has successfully completed its SOC 2 Type II audit, achieving certification that validates the company's commitment to data security, availability, and confidentiality. The certification, awarded following an independent audit by a licensed CPA firm, confirms that myCREcloud's systems and processes meet the rigorous standards set by the American Institute of Certified Public Accountants (AICPA).

"Earning our SOC 2 certification is a meaningful milestone for our team and our customers," said Tanner Evenrud, Founding Partner, Chief Revenue Officer, at myCREcloud. "It reflects the work we've put into building a platform that our clients can trust with their most sensitive business data. Security has always been a priority for us, and this certification provides independent verification of that commitment."

The SOC 2 audit examined myCREcloud's internal controls related to security, processing integrity, and data protection over an extended review period. With this certification, customers and partners can have greater confidence that their information is managed with the highest level of care. myCREcloud remains dedicated to continuous improvement of its security practices and looks forward to maintaining this standard as the company grows. For more information, visit www.mycrecloud.com or contact sales@mycrecloud.com.

Summer Project: Scaling Your IT Infrastructure

Summer Project: Scaling Your IT Infrastructure

Week 22 · June 2026

Summer Project Surge:
Is Your IT Infrastructure Ready?

Construction season peaks in summer. Your technology should too. Here's how to make sure your systems can handle the load.

📅 June 2, 2026 ⏱ 6 min read 🏗 Cloud & IT

Summer is here — and for construction businesses, that means more active job sites, more users logging into Sage, more documents moving through the system, and more pressure on your IT infrastructure than any other time of year. If your technology isn't ready for the surge, your projects will feel it.

more Sage logins during peak summer months
99.99%
uptime guaranteed with myCREcloud hosting
500+
construction businesses already in the cloud

Why Summer Puts Pressure on Your Systems

During peak construction season, your team isn't just larger — it's more spread out. Project managers are on-site. Subcontractors need access to documents. Accounting is processing more invoices than ever. Everyone needs real-time data, and they need it from different locations, devices, and sometimes different time zones.

If your Sage environment is still hosted on an in-office server, that means remote access headaches, VPN slowdowns, and the constant risk of a single point of failure taking down your whole operation in the middle of your busiest season.

Key Insight

A server outage in July doesn't just cost you downtime — it costs you project momentum, billing delays, and trust with your clients at the worst possible moment.

Signs Your Infrastructure Isn't Keeping Up

Watch for these warning signals as summer ramps up:

  • Sage is running slowly — more concurrent users are hitting the limits of your hardware or bandwidth
  • Remote access is frustrating — field staff can't reliably connect to what they need from job sites
  • IT support is stretched thin — your team is spending more time on tech problems than project work
  • Data backups feel uncertain — you're not 100% confident your data is protected if something goes wrong
  • Adding users is painful — onboarding a new project or employee means IT configuration work instead of a simple login

How Cloud Hosting Handles the Surge

Moving your Sage 300 CRE or Sage 100 Contractor to the cloud isn't just a technology decision — it's an operational one. When your Sage environment lives in a cloud-hosted infrastructure built specifically for construction, it scales with your season rather than breaking under it.

With myCREcloud, your entire team accesses Sage through any browser — Chrome, Safari, Firefox, Edge — from any device, anywhere. No VPN required. No server room to maintain. No one calling IT because they can't connect from the job site.

⚠️

Still on a local server? Summer is the highest-risk season for hardware failure. Heat, load, and age combine to make on-premise servers more vulnerable exactly when you can least afford downtime. Now is the time to evaluate your backup plan.

What to Audit Before the Season Peaks

Whether you're already in the cloud or still evaluating, here's a quick summer-readiness checklist for your construction IT:

  • Verify that daily automated backups are running and tested
  • Confirm all users have working remote access before they need it on a job site
  • Review user permissions — are the right people accessing the right data?
  • Check that MFA (multi-factor authentication) is enabled for all Sage users
  • Identify any integrations (Procore, Viewpoint, etc.) that need performance testing
  • Ensure your IT support escalation path is documented — who calls who when something breaks?

We've had a great experience working with myCREcloud. Their onboarding process was seamless and well organized. They made the transition easy for our team and handled everything from start to finish.

— Jacob H., myCREcloud Customer

The Right Time to Make a Move

Migrating to cloud hosting mid-summer is possible, but the ideal window is right now — before the full surge hits. myCREcloud's US-based migration team handles the transition from start to finish, including data migration, user setup, and training, so your team barely notices the change except that things start working better.

If summer has already arrived at full force and migration isn't on the table right now, use this season as your proof point. Document every tech pain point your team experiences over the next 90 days. When fall planning starts, you'll have a clear business case for moving to the cloud before next summer's surge.

The Bottom Line

Summer doesn't wait for your IT to catch up. Construction businesses that run on cloud-hosted Sage are spending their summer building projects — not troubleshooting servers. If your technology is slowing your team down during your busiest season, it's worth a conversation about what a better setup looks like.

Ready to handle the surge?

Talk to the myCREcloud team about moving your Sage environment to the cloud before summer peaks.

619.704.2969 · mycrecloud.com

Cloud Hosting Sage 300 CRE Sage 100 Contractor Construction IT Summer Planning IT Infrastructure Remote Access