What Happens If Your Server Dies Tonight? An SMB Disaster Recovery Wake-Up Call

Reading time: 6 minutes  ·  Last updated: 1 May 2026

Picture this: it’s 11:47 p.m. on a Tuesday. Your phone buzzes. A staff member is on call. The server room is offline. The website is down. Customer data appears to be encrypted. What happens between now and Wednesday morning?

For most SMBs, the honest answer is “we don’t know.” That’s why a written small business disaster recovery plan isn’t a nice-to-have — it’s the difference between a hard week and a closed business. Studies consistently show that 40% of SMBs hit by a major IT disaster never reopen, and another 25% close within a year. The companies that survive almost always have one thing in common: they planned for this on a calm Tuesday afternoon, not at 11:47 p.m.

Disaster recovery vs. business continuity (you need both)

The terms get used interchangeably, but they’re different jobs:

• Disaster recovery (DR) is about technology: how you get servers, data, and systems back online.
• Business continuity planning (BCP) is about the business: how you keep serving customers while DR happens.

A great DR plan with no BCP means your tech is back in 4 hours but you still lost three days of revenue because nobody knew what to tell customers. A great BCP with no DR is a stack of nice ideas with no infrastructure. You need both.

The two numbers that define your plan: RTO and RPO

Every DR plan rests on two numbers, and every SMB owner should know theirs.

• RTO — Recovery Time Objective. How long can the business survive with this system down? An hour? A day? Three days? The answer drives how much you should invest in fast recovery.
• RPO — Recovery Point Objective. How much data can you afford to lose? An hour’s worth? A day’s worth? A week’s? The answer drives backup frequency.

For most SMBs, email and accounting systems need an RTO under 4 hours and an RPO under 1 hour. Internal file shares can usually tolerate more. Knowing the numbers per system is the first real DR conversation.

The 6 components of an SMB disaster recovery plan

1. A risk inventory

What can actually go wrong? Hardware failure, ransomware, fire, flood, prolonged power outage, key-person loss, vendor outage, internet outage. The plan addresses the realistic ones.

2. A system inventory with priorities

What systems do you depend on, in what order? Email might be #1, accounting #2, CRM #3, file shares #4. The plan recovers them in priority order.

3. Backups that have actually been tested

The 3-2-1-1-0 rule is the modern standard (we wrote a whole post on this). The most common cause of failed recoveries is backups that nobody tested.

4. A documented failover procedure

Step-by-step instructions for moving to backup systems. Written for the staff member who will be reading it at 2 a.m. with a flashlight.

5. A communication plan

Who tells customers? Who tells staff? Who tells vendors? Who talks to the press if it’s that bad? Pre-written templates save 90 minutes of panic.

6. A scheduled rehearsal

Once a year, simulate a disaster. Run the plan. Fix the things that broke. A plan that has never been tested is a wish.

What “good” looks like for an SMB

A realistic standard for a 25–100 person SMB:

• Email recovery in under 1 hour.
• Critical applications (accounting, CRM, line-of-business) in under 4 hours.
• Full file restore in under 24 hours.
• Maximum 1 hour of data loss for any critical system.
• Quarterly backup verification, annual full DR rehearsal.
• Cyber-insurance-aligned controls (because your insurer is now reading this list).

Hitting that bar is no longer expensive — cloud-replicated backup and immutable storage have collapsed the cost. But it requires intention.

The most common SMB DR mistakes we see

• Backups on the same network as production. Ransomware encrypts both.
• “We have a backup” with no test restore in years. About 1 in 5 fail when first tested.
• No documented runbook. The plan lives in one technician’s head — and one technician’s head is on vacation.
• No bypass for offline cash flow. Could you still take payments if your POS / accounting was offline for a day?
• No internet-down plan. Even if your servers are perfect, if your office can’t get online, you can’t work.

How SohoWizz delivers DR for SMBs

Our standard DR engagement: a half-day workshop to define RTO/RPO per system, a documented runbook tailored to your stack, configured immutable cloud backups, an annual rehearsal day, and 24/7 monitoring so we’re often paged before you are. Most SMBs are fully covered in two to four weeks.

Read these next

• The 3-2-1-1-0 Backup Rule for SMBs
• How Much Is IT Downtime Really Costing You?
• The 12-Question SMB IT Health Check