Just my opinion here.
Google apps for you email, external supplier for your web site, 2 HP Mini servers, 1 running a software raid NAS, the other running 2K8, 1 firewall and 1 switch (pref layer 3).
The 2K8 server has 4 drives in 2 X raid 1 configuration,
The NAS has 4 drives in raid 5.
The Windows server will run your database and OS on the 1st array, and user shares from the 2 array. At this point of 5 users (?) we are assuming the database will have very low use, and user network shares will have heavy use.
The NAS is your backup server, brought into the office (daily? weekly?), backed up to from the 2K8, then removed off site. Manual backups will be a pain but having an off site backup and losing a few days of data is more important than losing everything in a fire or theft.
Sprinkle your network accordingly but I would consider separating your internet and SQL traffic for security.
This should scale well in the future, if you're going to allow wifi access, create a non routed DMZ and open up the firewall as needed and run your internet facing firewall as locked down as possible. Get some crayons and do a design of how it's going to look, consider running smaller subnets, try to think of the internet as something you will have to allow people access to instead of being on the same gateway as all of your network traffic.