It was a Tuesday morning. The client had a deadline that afternoon, a prospect call booked for 11am, and a room full of people staring at screens that refused to do anything useful.
The Wi-Fi had gone down. Not completely, just enough to make everything painful. Email was limping. The VoIP phones were throwing errors. The shared drive had become a theory rather than a fact.
By the time they called us, they had already spent two hours doing the IT equivalent of turning it off and on again. Twice. With increasing desperation and declining optimism.
The fix itself took forty minutes. Getting the router back on stable firmware, isolating the affected switch, pushing the config changes through. Straightforward work once you are in front of it.
The two hours of chaos before we arrived? That was entirely avoidable.
The real problem was never the Wi-Fi
When we sat down with them afterwards, we did something we always do after an incident: we asked questions.
Who was the first point of contact when something went wrong? Silence.
Was there a documented process for network failures? More silence.
Did they know which systems were business-critical and which could wait? The MD looked at the operations manager. The operations manager looked at the floor.
They were a 35-person business. Eight years trading. Decent margins. And they had no IT emergency plan. Not because they were careless, because nobody had ever sat down with them and helped them build one.
That, in our experience, is the norm rather than the exception. Most UK SMEs get by on institutional knowledge, two or three people who know how everything works, holding it all in their heads. That works fine right up until it doesn’t.
“We had most of this information already. It just wasn’t written down anywhere.” their MD, afterwards
We hear a version of that line fairly often. The knowledge exists. The plan doesn’t.
What we actually put in place
We spent an afternoon with them. No big production. No consultancy theatre. Just a structured conversation, a shared document, and a few things set up before we left. Here is what came out of it.
One
A single communication channel, for the right people only. A dedicated Slack channel restricted to IT staff and senior managers. Not a group chat that 40 people ignore. One place where, when something breaks, everyone knows to go and nobody is asking “is anyone looking at this?” in a thread that disappears.
Two
A run-book written in plain English. Not commands. Not jargon. Step-by-step instructions for the most common failure scenarios, VPN dropping out, the email server throwing a tantrum, a firmware update gone rogue. Vendor contact numbers. Screenshots. A checklist that the least technical person in the building could follow at 9pm on a Friday without needing to call anyone.
Three
A priority matrix, not a server list. A simple document mapping their systems to recovery order. The client database: top tier, restore immediately. The shared marketing folder: important, but not on fire. Knowing what to bring back first saves hours of confused decision-making when everyone is already stressed and the MD is standing behind you asking questions.
Four
Off-site backups, and a monthly test for them. They had backups. They had not tested them in fourteen months. A backup nobody checks is not a backup. It is a false sense of security with a progress bar. We put a thirty-minute test slot on the calendar once a month. Confirmed working. Job done.
Five
Monitoring that tells you before things break. Real-time alerts on network anomalies, unusual login patterns, traffic spikes. Not reactive, proactive. If something is going wrong at 2am, we want to know at 2am. Not at 9am when the client is already in the building, already in a meeting, and already unhappy.
The part that actually saved them money
A few weeks later, the monitoring flagged unusual outbound traffic at around 6am. Nobody was in the building. The traffic was consistent, not a spike, just a steady bleed, which is exactly what you see when a device has been quietly compromised and is checking in with somewhere it shouldn’t be.
We isolated the device, ran the investigation, and had a clean answer within two hours. An old laptop that hadn’t been patched in months, sitting on the network, doing something it shouldn’t. They had no idea it was there.
Without the monitoring in place, that could have run for weeks. Possibly longer.
The plan paid for itself before the end of the first month.
One thing worth being honest about
Plans go stale. Technology moves faster than most businesses update their documentation. What worked eighteen months ago might have a gap in it today. A new system that wasn’t there when the run-book was written, a vendor whose contact number has changed, a backup process that nobody has touched since it was first set up.
We review ours with clients quarterly. Not a big production, an hour, a checklist, a few updates. The kind of maintenance that takes minutes to do and hours to wish you had done when something breaks on a Friday afternoon.
Cybersecurity awareness for the wider team matters too. Not long, formal training days, short, practical sessions on what phishing looks like, why password managers matter, and what to do if something looks wrong. When your team knows what to look out for, the number of incidents that reach the IT problem stage drops noticeably. In our experience, most breaches start with a human decision, not a technical vulnerability.
The short version
Most IT crises we are called in to fix are not caused by sophisticated attacks or catastrophic failures. They are caused by the absence of a documented plan, an untested backup, and a communication gap at the worst possible moment.
The businesses that recover quickly from outages are not the ones with the best hardware. They are the ones who sat down beforehand and wrote things down.
That afternoon with the client cost them nothing. The outage cost them a morning, a stressed MD, and a prospect call that had to be rescheduled.
The second scenario is the more expensive one.
If you want to know where your gaps are, we offer a free 45-minute IT resilience review. No commitment. No sales deck. Just an honest look at what you have, what you are missing, and what the actual risk is.
We cap it at five a month, so there are not many slots at any given time.
Get in touch at tier3-solutions.com or drop us a message directly. The review is free. The downtime is not.