Business continuity myth busting – the top 5 misconceptions debunked

20/05/25 Wavenet
Business continuity myth busting – the top 5 misconceptions debunked placeholder thumbnail

For longevity and success, organisations need to be resilient and prepared for anything, to respond quickly if an interruption occurs. Yet, many businesses fall prey to common misconceptions surrounding business continuity that can jeopardise their success. Our team of industry-leading business continuity specialists has identified and addressed the top five myths that are misleading and potentially harmful to your organisation’s readiness for unforeseen challenges.

By understanding and avoiding these misconceptions, you can strengthen your business continuity strategies and ensure your organisation remains strong and agile in the face of adversity.

Discover the top fallacies – with clarification and expert insight - surrounding business continuity, to ensure your business is protected from the pitfalls of these pervasive myths.

Myth one: “Your data is safe in the public cloud” / “Your cloud provider is responsible for business continuity”

It isn’t, and they’re not! In short, cloud providers are subject to the same disruptions as any other organisation, and it’s important to know that outsourcing your infrastructure or services to a public cloud provider does not outsource the risk – you’re still responsible for your data!

On-premises risk

Cloud risk

Flood/fire/environmental at your site

Flood/fire/environmental where your data is stored

Data held and accessed via a LAN

Maintaining connectivity to data in the cloud and ensuring its resilience in the cloud

 

Loss of control of the location and sovereignty of your data

 

Misconfigurations/changes can be difficult to find and track. Could you rebuild in another cloud with all the networking configured?

Email data stored in Microsoft Exchange – a large proportion of infiltration comes via this route

Email data in Microsoft 365 (still needs to be backed up) – a large proportion of infiltration comes via this route

Over-reliance on IT resilience, leading to a lack of planning for recovery from serious incidents requiring data and IT system recovery from backups

Lack of visibility of supplier’s level of reliance on IT resilience (and level of recovery arrangements) Careful project planning required in preparation to failback/recover from backups, in the event of a major incident during the migration to the cloud

Not having up to date and tested plans to recover from IT disasters and major business incidents

Not having up-to-date and tested plans to recover from IT disasters and major business incidents

Make sure SLAs are appropriate and applicable in the event of downtime considering both traditional disasters as well as cyber incidents which require additional remediation

 

 

Public cloud platform SLAs can be difficult to interpret in the event of downtime How will I maintain control of my IT spend when I move to the cloud? Can services be impacted if this gets out of control?

Understanding how to make changes to the service provision and the implications to the business

Understanding how to get your data out of the public cloud and how much it will cost. Egress charges can be difficult to interpret – and will it run anywhere else?

Myth two: “Microsoft backs up your data in Microsoft 365.”

It doesn’t. While Microsoft 365 provides robust services for business, a comprehensive backup for your data is not one of them. As a software-as-a-service offering it is NOT Microsoft’s responsibility to protect your Microsoft 365 data. In fact, Microsoft itself recommends that users regularly back up content and data using third-party services.

Without third-party backup, sensitive business data such as emails or shared files stored in Microsoft 365 are not protected from the most common or most serious data loss issues.

When looking at infiltration into company systems, email can be one of the most accessible to bad actors and it’s not always IT that can help. It’s important to train employees about clicking on links and sending information externally. And it’s important that your culture makes it easy and natural for staff to report anything that does catch them out. The sooner your provider can help you, the better.

Myth three: “There’s not much point in looking at business continuity now, as we’re looking at moving to the cloud / changing technology.”

Regardless of what technology you use and where it is, you need a business continuity plan. What is important, is to make sure your business continuity solution is still appropriate and update it to accommodate any changes.

Our advice: When making any changes to your environment, it is vital to understand how your risk profile changes and how it affects your ability to recover your data and continue running the business, in the event of a breach or outage.

Moving to cloud environments or utilising shared or public cloud services to run elements of your business can deliver significant performance, cost and resilience benefits. But it doesn’t remove the risk or responsibility you have around data legislation, compliance and business continuity. The same applies to changes in the way you utilise third-party or in-house solutions, and the way your staff access data, where from, and how.

One of the benefits of having business continuity services in place, is that you’re able to put them on stand-by to cover any transitions – moves, adds, changes on any scale can lead to unexpected disruptions and are times where you’re more likely to need to use your business continuity plan and services!

Action points:

    1. Utilise your business continuity services by placing your provider on standby to make sure you’re covered during periods of change.
    2. Ask these basic questions to accommodate any changes to your business, into your business continuity planning (including moving to the cloud – see myth 1!)

      Question 1: What has changed?

      Question 2: Will my existing security practices and architectures be as effective after the changes?

      Question 3: What do I need to address to maintain the right level of protection for the business?

      Question 4: How have the changes altered my business continuity planning?

      Question 5: What new risks do I need to plan for as a result of the changes?

      Question 6: What actions do I need to take?

    3. Remember when changing technology, that in a recovery scenario, rebuilding the systems, virtual machines and workloads is only part of the requirement. Connecting to networks and all the upward and downward dependencies is necessary – and generally an area that would benefit from third party recovery services and expertise.

Myth four: “We don’t need Work-Area-Recovery as staff have laptops and can work-from-home”

While it’s true that if staff have laptops, they can (and do) work from home, this doesn’t automatically mean that work area recovery is not required. This is because home workers and office workers may both require an alternative place to work from when the unexpected happens.

Mini case study example:

Finding that working-from-home works in ‘business as usual’ conditions, a multinational finance customer on the verge of cancelling its work area recovery contract, suffered an incident that proved it still needs this service as a critical component of its disaster recovery strategy…

In the aftermath of a cyber-attack, a multinational finance company was left unable to carry out its core operations, which in turn had a major impact on their office-based and homeworking colleagues, and in turn, their customers.

The security breach happened through a third-party telephony service provider, causing all telephony systems to stop working. As a result, the entire IT infrastructure was shut down to handle and restrict the damage – and this meant even employees working remotely via VPN or with softphones were taken offline.

Under the company’s work area recovery contract with us, all critical staff were efficiently accommodated at one of our business continuity centres, and our customer was able to continue to operate critical customer service and finance functions. It was a stark reminder that working from home did not provide a viable alternative to a work area recovery solution.

Our advice is to examine the viability of working from home as a replacement for work area recovery, for your specific organisation. It may be that you need an element of recovery to an appropriate alternative facility, especially if your decision was based on the pandemic environment. What became a necessary way of working during the pandemic may not hold up to scrutiny today from the FCA for financial institutions, or those under the jurisdiction of other regulatory bodies, relating to data security, client confidentiality and corporate governance.

Top risks of working from home include:

  • GDPR breaches
  • Widespread power outage affecting both homes and mobile network masts (which don’t have power backup)
  • Irregular or incomplete backups
  • Unsecured home devices
  • Weak passwords
  • Unencrypted file sharing
  • Phishing emails

Myth five: We’re covered - we have a business continuity plan, it was done only last year.

If your business continuity plan was done over a year ago and has not been updated, how can you be sure that you’re covered? The rate of change just in the technology deployed, migrated and updated throughout an organisation in any 12-month period is enough to invalidate a significant chunk of your business continuity plans, never mind the myriad other changes that happen organically and via mergers and acquisitions, new partnerships and supplier relationships, changing customer requirements, people changes and strategy updates! In fact, it’s generally safer to assume you don’t have one!

A reputable business continuity or disaster recovery provider will have automated and on-demand disaster recovery testing capabilities to allow you to test what you want when you want and only pay for the usage time. This means that upgrades and changes can be immediately validated against any recovery plans to ensure it will work when it’s needed. Regular automated testing also picks up changes made innocently which could impact the business and provides auditors up to the minute proof of recovery.

Finally, a bonus myth that having business continuity and disaster recovery plans means that your sorted. It’s not “job done” until you’ve tested or rehearsed your plans. Those of you who haven’t can be sure of just one thing. You’ll be surprised at how many small and large issues will pop up, that you can then address, so that should you need to follow your plans in a live situation, they really will “go according to plan” and you’ll have a successful recovery.

For more information on how our services can help you, visit Business Continuity | Work area recovery - IT solutions & services

business continuity

Latest blogs

See all posts
cyber security Q&A
Cyber security in action: key questions and expert insights

What keeps security leaders awake at night? This Q&A answers the most common and most critical cyber security questions raised in our Cyber Security in Action webinar. It delivers clear, expert advice on preventing the attacks that cause the greatest disruption, helping organisations turn complexity into confident, informed action.

Read more
checkout till
3 ways retailers can reduce downtime with retail connectivity

Downtime is more than a technical inconvenience in retail. When systems go offline, sales stop, queues build, staff become frustrated, and customers lose confidence in the brand. From card payments failing at the till to stock systems not updating in real time, even short periods of disruption can have an outsized impact on revenue and customer experience.

Read more
ransomware
Top ransomware protection tips for everyone

Secure your personal data We are all personally, ransomware targets, so we're taking the time to offer some top tips, that each and every one of us can follow to protect our personal data from a ransomware attack. Imagine turning on your computer to find a startling message: all your files - family photos, tax documents, everything - are locked. You cannot open a single one. To get them back, a stranger on the internet is demanding hundreds of pounds. This isn’t a scene from a movie; it’s a real and increasingly common threat called ransomware.

Read more
sd-wan
SD-WAN benefits for education: enhance school, college and university networks

Online learning platforms, cloud-based applications, virtual classrooms, and bandwidth-heavy multimedia resources have become essential to modern education. As these demands grow, many institutions are turning to SD‑WAN (Software-Defined Wide Area Networking) to support their digital transformation.

Read more
it in education
Best IT support for schools: enhance education

The right IT support services help schools and colleges operate smoothly, prevent downtime, and enhance the overall learning experience. This guide breaks down the most effective IT solutions for educational institutions and explains how to choose the right IT partner. Why IT support is essential in modern education Schools and colleges depend on technologies such as cloud platforms, WiFi networks, learning management systems (LMS), and safeguarding tools. Without strong IT support, everyday learning can easily be disrupted. High‑quality IT support ensures: Consistent uptime for learning platforms Secure protection for student and staff data Smooth operation of classroom hardware Reliable connectivity across campus A strategic roadmap for future IT improvements Top IT support services for schools and colleges 1. Managed IT support Managed IT support gives schools access to a fully equipped technical team without needing an in‑house department. Typical features include: 24/7 help desk Device and server management Cyber security monitoring Backup and disaster recovery Software updates and patch management This approach reduces costs, increases system reliability, and frees educators to focus on learning—not technical issues. 2. Student technology support Students rely on devices and online platforms every day. Student tech support ensures they can access lessons without interruption. Common services include: Device troubleshooting (laptops, tablets, Chromebooks) Login and password resets Connectivity support Assistance with online learning platforms Safety filtering guidance This support is especially vital in hybrid or remote learning environments. 3. Classroom technology solutions Modern classrooms need fully supported and integrated digital tools. Classroom IT solutions typically include: Interactive whiteboards Projectors and AV systems Classroom management software WiFi optimisation Digital collaboration tools These technologies make lessons more engaging and interactive. 4. Microsoft education support Microsoft remains one of the most widely used platforms in schools. Supporting these tools effectively helps ensure seamless digital learning. Key areas include: Office 365 management Teams for Education Intune device management Azure cloud services Identity and access management 5. Microsoft education training Empower your teaching and facilitate innovative learning for your students with Microsoft education training. Key areas include: Microsoft 365 Education Tools Training Microsoft's Showcase School Programme How to choose the right IT support provider When evaluating IT support services, schools should consider: Budget and funding constraints Current IT infrastructure Scalability needs Security and compliance requirements Provider’s education-sector experience Availability of both remote and on‑site support Choosing a specialist with education experience ensures better safeguarding compliance, user-friendly solutions, and long‑term value. The benefits of outsourcing IT support Practical and operational benefits More schools now outsource IT due to benefits in security, performance, management and cost: Lower long‑term costs Access to specialist expertise Faster response and issue resolution Stronger cyber protection A strategic, future-proof technology plan Learning benefits Technology is enabling and facilitating better learning experiences and outcomes, empowering teachers, increasing pupil engagement and enriching the classroom experience: Personalised learning paths Instant access to learning resources Better collaboration among students Support for SEND and diverse learning needs Preparation for a digital workforce Schools that invest wisely in IT create stronger educational outcomes. The growing demand for IT skills in education As digital transformation accelerates, technology is playing a key role in enhancing learning and schools increasingly require IT professionals skilled in: Networking Cyber security Cloud infrastructure EdTech implementation Support and troubleshooting Online IT certification programmes are helping build the next generation of education‑sector IT specialists. Wavenet: A trusted IT partner for UK schools and the public sector For educational institutions seeking a reliable and experienced IT services provider, We are one of the UK’s leading education technology specialists. With over 30 years of experience delivering designed‑for‑schools solutions, we supports more than 4,000 education establishments nationwide across cloud platforms, cyber security, communications, safeguarding, and network services. We provide ICT services, broadband, WiFi, audio‑visual systems, remote support, and fully managed IT services - all delivered by DBS‑checked staff and supported with clear, transparent SLAs. By partnering with us, schools gain access to expert guidance, best‑practice ICT strategy, robust cybersecurity, and a long‑term technology roadmap - helping them create a connected, secure, and future‑ready educational environment.

Read more