Do you have physical servers on your premises? Server racks humming in a corner of the office? After 30 years supporting SMEs across Dublin and Ireland, here are the 5 things every owner-manager should check before kicking off a new year. These aren’t theoretical recommendations — they are the gaps that, in our field experience, make the difference between trouble-free IT management in 2026 and a year of constant headaches.
KEY FIGURE
According to ENISA’s Threat Landscape reports and the NCSC Ireland’s annual reviews, SMEs are by far the most exposed group to ransomware and data exfiltration in Europe — close to half of recorded victims in 2025. The DPC publishes thousands of personal data breach notifications every year, with most rooted in fundamental gaps that the five essentials below would address.
5 IT essentials for SMEs in Dublin in 2026 — when you have local hardware
These five points are not ranked by importance: they are all critical, and they work together. The absence of just one creates the gap. Skim through them, then dig into each for the operational detail.
ESSENTIAL 1
Test your backups
Backups running ≠ backups restoring. The 3-2-1-1-0 rule and a real restore test every six months.
ESSENTIAL 2
Check your power supply
UPS tested, clean shutdown configured, plan B for extended outage. Otherwise the next outage will corrupt your data.
ESSENTIAL 3
Clean up access rights
Former employees’ accounts, scattered admin rights, offboarding process. The forgotten back door.
ESSENTIAL 4
Server room temperature
ASHRAE 18-27°C range, dust, filters, AC backup plan. Hot summers kill servers that overheat.
ESSENTIAL 5
Someone you can call
The fifth one isn’t technical — it’s what holds the other four together. Someone you call before deciding, not just when something breaks. It’s a question of mental load as much as budget.
1. Test your backups. Really.
The classic problem: “We have backups running every day.” OK — but do they actually work? Backups running for six months without a single restore test will fail on the day you need them. Network connection error, disk full, silent exclusion, ransomware-encrypted source: the failure modes are many, and no backup log shows them until you actually try to restore.
The simple test: take 30 minutes. Restore a file, a database — anything. Just to verify the full chain works: access to the backup, decryption, write to the workstation, data integrity. If that operation takes 2 hours instead of 30 minutes, you just learned something important about your real RTO.
3-2-1-1-0 RULE — NIST / NCSC RECOMMENDATION
3 copies of your data — 2 different media (disk + tape, disk + cloud) — 1 off-site — 1 immutable (that even an admin cannot delete) — 0 errors during the restore test. This is the SME backup reference rule for 2026, originally derived from the NIST Cybersecurity Framework and reused in NCSC backup guidance worldwide.
Common pitfalls to assess honestly:
- OneDrive / Google Drive ≠ backup: retention is 30 days in the personal recycle bin, then 93 days in the SharePoint site recycle bin. A file deleted 120 days ago is gone forever, unless you have a Microsoft 365 Backup licence or a specialist third-party backup (Keepit, Veeam 365).
- Sync ≠ backup: ransomware encrypting a shared folder propagates the encryption to all sync’d workstations within minutes. Without extended versioning, all your copies are corrupted at once.
- The real question: if your main server burns tonight, how much data do you actually recover? 24 hours? 7 days? Can you state the figure exactly? If not, your RPO isn’t defined — it’s whatever the incident decides.
2. Check your power supply
Power outages remain a recurring fact in Ireland — local cuts linked to works, storms or grid incidents are still part of normal business. What to test concretely, ideally once a year:
- Does your UPS actually work? Unplug the power and time it. The server holds 5 minutes? 20 minutes? 1 hour? If the battery is over 3 years old, its real autonomy is probably down to 60% of nominal capacity — time to replace it.
- Is the automatic shutdown configured? The UPS management software (APC PowerChute on Windows, NUT — Network UPS Tools — on Linux) must talk to the server to trigger a clean shutdown when the battery drops below 15%. Without it, the server cuts abruptly on empty battery — and that’s when you corrupt a database.
- Who intervenes if the outage lasts 24 hours? Weekend, in August, at 11pm on the 31st of December? Who has the key, who knows how to bring the rack back up in the right order, who has the on-call provider’s number? If the answer is “I don’t know”, you have a DR plan that exists only on paper.
No miracle solution — just documented common sense. The point of a UPS isn’t to keep production running through an extended outage; it’s to allow a clean, controlled shutdown before the battery is empty. 10 to 20 minutes of autonomy is more than enough, provided automatic shutdown is tested and works.
3. Clean up your access rights
The recurring scenario: a colleague leaves → their access remains active for months → their OneDrive is automatically deleted 30 days after account deactivation → six months later: “Wait, what was in their personal files?” In the meantime, their email account may still be forwarding to their personal inbox. Their laptop, if not returned, still holds their certificates and tokens. This is the attackers’ favourite entry door in 2026 — unspectacular but devastatingly effective.
What to put in place once and for all:
Active accounts audit
Full list: who still has an active account, who left 6+ months ago, who has forgotten admin rights. Cross-check against payroll. In our experience, 10 to 20% of accounts in a typical SME shouldn’t exist any more.
Formal offboarding process
On departure day: recover OneDrive / Teams data, deactivate the account (don’t delete immediately: 30-day grace period for recovery), transfer critical information to the successor, revoke certificates and MFA tokens.
Documented admin rights
Who knows the critical passwords (switch, firewall, hypervisor, SAN)? One single person = one single point of failure. Everything in an enterprise password manager (Keeper, 1Password, Bitwarden) with MFA — never in a shared Excel file.
GDPR alignment
You remain a controller for the personal data accessed via inactive accounts. The DPC considers proper account lifecycle management an Article 32 obligation — failing it can constitute a personal data breach if exploited.
4. Monitor your server temperature
Your servers run hot. If ventilation is poor, you are quietly preparing a hardware failure — and it’s a failure that often happens in July or August, exactly when nobody is at the office to react quickly. The reference standard is ASHRAE TC 9.9 Thermal Guidelines for Data Processing Environments (2021 edition), which recommends a range of 18 to 27 °C for production environments (class A1-A4). For an SME, we recommend the more conservative 18-24 °C range to keep some margin during summer peaks.
- Room temperature: a connected thermometer (around €30) with email/SMS alerts when thresholds are exceeded. Ideally one probe in the hot aisle behind the servers and one in the cold aisle in front. A delta of more than 15 °C indicates an air-flow problem.
- Dust and filters: a dusty server means fans working harder, abnormal heat that ages components prematurely. A compressed-air clean once or twice a year is enough for an SME. If your servers are stored in a closet without dedicated ventilation, that’s a different problem.
- Air conditioning: if it exists, it must be on a maintenance contract. If it fails in summer, what’s the plan B? Spot fans, shut down non-critical machines, rent a portable AC unit? An improvised plan B on a Monday during a heatwave quickly costs €2,000 in rental.
5. Have someone to talk to
The real problem of SME IT isn’t the technology. It’s being alone with IT decisions. “I don’t know whether to replace this server.” “I’m unsure about this software.” “This cloud quote — is it reasonable?” And nobody to ask without being sold a solution — so you postpone, you wait. Until something breaks, or the supplier imposes their view.
What actually helps: someone who knows your infrastructure, that you can call before deciding, who anticipates with you — not just in emergency mode when everything is already broken. That is the role of a fractional IT manager: regular presence, multi-year vision, vendor-independent advice, and someone who challenges your choices rather than rubber-stamping every request. It’s less a question of budget than a question of mental load — and posture.
THE GOLDEN RULE OF SME IT
Anticipating costs less than fixing. The five points above, handled together, represent the equivalent of 3 to 5 days of a fractional IT manager per year for an SME of 20 to 50 staff. The cost of a major incident (cryptolocker, server failure, lost backups) is measured in weeks of downtime and recovery — not counting the data lost forever.
How Ezohiko helps you on these 5 essentials
After 30 years of field experience, we have industrialised the response to the five essentials in four complementary formats — from one-off audit to ongoing partnership.
SME IT Barometer (free, 3 min)
Express online assessment to evaluate your IT maturity across the 5 essentials and 3 other dimensions (cybersecurity, cloud, governance). You receive a score out of 20 with commentary by email.
DR as a Service
Covers essentials 1 (backups) and 2 (power). Standby infrastructure hosted by Ezohiko, replication of your Proxmox VMs, restore test every 6 months with report, target RTO 4 hours. From a few hundred euros per month.
Fractional IT Manager
The fifth essential, embodied. An outsourced IT manager who thinks your IT day to day: initial audit, 12-month roadmap, regular presence (2 to 5 days per month), consulted before every decision. Predictable monthly fee, no long lock-in.
SafeIT — SME security pack
Supports essential 3 (access) and beyond. Bitdefender EDR antivirus, cloud endpoint backup, Keeper with MFA, 24/7 monitoring. €25/month/device, 30-min remote deployment per device, no lock-in.
Summary — 5 IT essentials for 2026
- ✅ Test your backups — really, not just the green log
- ✅ Check your UPS and your emergency shutdown procedure
- ✅ Audit and clean up accounts, access and admin rights
- ✅ Monitor your server room temperature (18-27 °C ASHRAE)
- ✅ Find a trusted IT advisor who anticipates with you
Nothing revolutionary. Just common sense and anticipation. That is what makes the difference between a quiet year and a year full of IT headaches for your SME IT. If you hesitate on any one of these points, that is probably the one to address first.
Frequently asked questions — 5 IT essentials for SMEs in Dublin 2026
How can an SME efficiently test its backups?
The minimal test is to restore an actual file from the backup and verify it is readable, complete and identical to the original. To go further, schedule a full restore test of a server or database at least once a year — this measures your real RTO (recovery time) and RPO (maximum data loss). Document each test: duration, volume, anomalies. A good fractional IT manager triggers these tests without you having to think about them, at least twice a year.
What is the difference between a backup and a cloud sync (OneDrive, Google Drive)?
A sync replicates your files in real time but doesn’t keep history beyond 30 days in the OneDrive personal recycle bin (93 days in the SharePoint recycle bin). If ransomware encrypts your files, the sync propagates the encryption to all copies within minutes. A real backup keeps independent historical versions (multiple restore points), stored on a separate medium not permanently connected to the network, and ideally immutable. That is the 3-2-1-1-0 rule.
How long should a UPS hold during a power outage?
The point of a UPS isn’t to keep your servers running indefinitely — it’s to allow a clean, controlled shutdown before the battery is empty. Generally count on 10 to 20 minutes of autonomy at nominal load, which is enough to trigger automatic shutdown via NUT or APC PowerChute without data corruption. Verify once a year that automatic shutdown actually triggers. Beyond 3 to 5 years, batteries lose significant capacity and must be replaced.
What risks do user accounts present when not deactivated after departure?
An active account from a former employee is a potential entry point into your information system — and one nobody monitors. If their credentials were compromised in the past, an attacker can access your business tools without anyone noticing. Under GDPR, you also remain responsible for personal data accessed via these accounts, even after the departure. For an SME, an annual audit of active accounts cross-checked against payroll is a “zero effort” measure that eliminates most of the risk.
What is the ideal temperature for an SME server room?
The reference standard is ASHRAE TC 9.9 Thermal Guidelines for Data Processing Environments, recommending a range of 18 to 27 °C for production IT environments. For an SME without a dedicated server room, we suggest aiming for 18-24 °C to keep some margin during summer peaks. Above 27 °C on a regular basis, electronic components age prematurely — hard drive life expectancy drops by roughly 50% per 10 °C above the recommended range.
How do you choose a trusted IT provider to support your SME in Dublin?
A good IT provider for an SME must know your infrastructure in detail, be reachable before emergencies, and accept being challenged on technical and commercial choices. Favour a provider that performs a documented initial audit, delivers a map and a 12-month roadmap, explains why they recommend such a solution, and gives you the keys to take back control if you change provider one day. Avoid those who can’t quickly answer: “If our main server fails tonight, what’s the exact procedure?”
Is a local physical server more secure than a cloud solution in 2026?
Neither is intrinsically more secure. A well-maintained local server offers full control but requires skills, regular updates, a tested DR plan and documented procedures. A cloud solution delegates infrastructure maintenance to the provider but introduces dependency on internet, the provider, and specific GDPR obligations. For most SMEs in 2026, the optimal solution is hybrid: cloud for collaborative data, local or virtualised server for specific business applications, with externalised backup in all cases.
What IT budget should an SME of 20 staff plan for in 2026?
A reasonable SME IT budget typically represents 2 to 4% of revenue depending on the sector. For a 20-person SME, it breaks down roughly into: Microsoft 365 or Google Workspace licences (€60 to €120/month/user depending on plan), hardware and workstation refresh (4-year amortisation), server infrastructure and backup, connectivity and telephony, antivirus and security solution, and externalised support (provider or fractional IT manager). A predictable, piloted budget — stable monthly fee rather than surprise invoices — remains one of the major differences between an SME that endures its IT and an SME that runs it.
Let’s discuss your situation.
30 minutes, no obligation.
Let’s take a look together at what it would take to ease your IT workload. No sales pitch. Just an honest assessment of the situation.
Your IT architect. Your trusted partner.