Read more
93% of African respondents use WhatsApp for work communications, surpassing email and Microsoft Teams.
Picture: iStock
Despite their popularity among employees, informal messaging platforms pose significant risks to organisations’ cybersecurity.
This is according to Anna Collard, senior vice president of Content Strategy and Evangelist at KnowBe4 Africa.
According to the 2025 KnowBe4 Africa Annual Cybersecurity survey, 93% of African respondents use WhatsApp for work communications, surpassing email and Microsoft Teams.
“For many organisations, platforms like WhatsApp and Telegram have become integral to workplace communication. Ease of use is what makes them so popular,” explains Collard.
“Particularly on the continent, many people prefer WhatsApp because it’s fast, familiar and frictionless. These apps are already on our phones and embedded in our daily routines.”
Convenience at cost
Collard says while it feels natural to ping a colleague on WhatsApp, especially if you’re trying to get a quick answer, convenience often comes at the cost of control and compliance.
In the US, a top-secret military attack on Yemen was leaked on the messaging platform Signal earlier this year, with the plan inadvertently shared with a newspaper editor and other civilians, including the Defence Secretary’s wife and brother.
“There are multiple layers of risk,” states Collard. “It’s important to remember that WhatsApp wasn’t built for internal corporate use, but as a consumer tool. Because of that, it doesn’t have the same business-level and privacy controls embedded in it that an enterprise communication tool, such as Microsoft Teams or Slack, would have.”
ALSO READ: South Africa remains a global hotspot for data breaches
Data leakage
Collard explains that the biggest risk for organisations is data leakage.
“Accidental or intentional sharing of confidential information, such as client details, financial figures, internal strategies or login credentials, on informal groups can have disastrous consequences.
“Informal platforms lack the audit trails necessary for compliance with regulations, particularly in industries like finance with strict data-handling requirements,” she said.
Identity theft
She said phishing and identity theft are also threats.
“Attackers love platforms where identity verification is weak,” she says, adding that at least 10 people in her personal network have reported being victims of WhatsApp impersonation and takeover scams.
“Once the scammer gains access to the account, in many cases via SIM swaps, the real user is locked out, and they have access to all their previous communications, contacts and files,” she comments. “They then impersonate the victim to deceive their contacts, often asking for money or even more personal information.”
ALSO READ: SA’s Treasury discovers malware as hackers exploit Microsoft flaw
Mitigating risks
She explained that beyond security, using these channels can also lead to inappropriate communication among employees or the blurring of work-life boundaries, resulting in burnout. “
Collard said that for organisations wanting to mitigate these risks, it’s important to set up a clear communications strategy.
“First, provide secure alternatives. Don’t just tell people what not to use. Make sure that tools like Teams or Slack are easy to access and clearly endorsed.”
Collard said it is also vital to educate employees on why secure communication matters.
“This training should include digital mindfulness principles, such as to pause before sending, think about what you’re sharing and with whom, and be alert to emotional triggers like urgency or fear, as these are common tactics in social engineering attacks.”
Communication tools
Collard said by introducing approved communication tools, organisations can benefit from additional security features, such as audit logs, data protection, access control and integration with other business tools.
“Using approved platforms helps maintain healthy boundaries, so work doesn’t creep into every corner of your personal life. It’s about digital wellbeing as much as it is about cybersecurity.”
Collard maintains that while informal messaging offers convenience, its unchecked use introduces significant cyber risks, saying organisations must move beyond simply acknowledging the problem and proactively implement clear policies, provide secure alternatives, and empower employees with the digital mindfulness needed to navigate these cyber-risk zones safely.
ALSO READ: Data breaches cost SA organisations over R360m in 3 years
