WhatsApp may be Africa’s favourite way to chat, but its popularity in the workplace is creating serious cybersecurity concerns.
According to the 2025 KnowBe4 Africa Annual Cybersecurity Survey, a staggering 93 per cent of African respondents use WhatsApp for work-related communication – a higher rate than email or Microsoft Teams.
While convenient, experts warn that relying on personal messaging apps could put sensitive company data at risk.
“WhatsApp was never designed as an enterprise tool,” explained Anna Collard, SVP Content Strategy and Evangelist at KnowBe4 Africa, based in South Africa.
“It’s fast and familiar, but it lacks the business-level controls needed to protect organisations from data leaks and compliance breaches.”
The biggest risk for organisations is data leakage. “Accidental or intentional sharing of confidential information, such as client details, financial figures, internal strategies or login credentials, on informal groups can have disastrous consequences,” she said.
“It’s also completely beyond the organisation’s control, creating a shadow IT problem.”
This is a growing concern, as the 2025 KnowBe4 Africa Annual Cybersecurity Survey noted that up to 80 per cent of respondents used personal devices for work, many of which were unmanaged, creating significant blind spots for organisations.
Another key risk is poor audit facility
“Informal platforms lack the audit trails necessary for compliance with regulations, particularly in industries like finance with strict data-handling requirements,” Collard said.
From banking to government, cases are mounting worldwide where private messaging platforms have caused major problems.
NatWest Bank in the UK has already banned staff from using WhatsApp, while earlier this year a top-secret US military operation was accidentally leaked via Signal.
The Survey noted that risks for African organisations include:
Data leakage – accidental or intentional sharing of confidential information.
Shadow IT – sensitive company data stored outside official systems.
Compliance failures – lack of audit trails making it hard to meet financial regulations.
Fraud & impersonation – SIM swaps and account takeovers are increasingly common on WhatsApp.
Work-life blur – constant messaging fuels burnout and lowers productivity.
Phishing and identity theft are also threats.
“Attackers love platforms where identity verification is weak,” she noted, adding that at least 10 people in her personal network had reported being victims of WhatsApp impersonation and take-over scams.
“Once the scammer gains access to the account, in many cases via SIM swaps, the real user is locked out and they have access to all their previous communications, contacts and files,” she said.
“They then impersonate the victim to deceive their contacts, often asking for money or even more personal information.”
Experts say banning informal apps is not enough. Organisations need to provide secure, user-friendly alternatives and train staff on digital mindfulness.
“Don’t just tell employees what not to use,” Collard warned.
“Offer easy access to approved platforms like Teams or Slack and teach staff to pause before sharing sensitive information.
“Creating a culture of psychological safety is key – people must feel comfortable questioning suspicious requests, even if they seem to come from a boss.”
By adopting enterprise-grade tools, companies gain access to features like audit logs, access controls and better data protection, the Survey pointed out.
These platforms also support healthier communication practices – such as scheduling messages or setting clear availability – helping staff avoid digital overload.
“Convenience shouldn’t come at the expense of security,” Collard said.
“African businesses must move beyond awareness and start implementing clear policies, secure alternatives and employee empowerment to stay safe in today’s digital-first workplace.”
Source: GNA
Source: ghanabusinessnews.com
