The use of social media at work, especially on devices connected to internal networks, can leave a business vulnerable to data breaches and cyberattacks. With WhatsApp being used more in the workplace than email and Microsoft Teams, this poses a serious risk, warns ESET Southern Africa.

With no specific laws governing social media use in the workplace, many businesses operate without cybersecurity policies for online platforms. From Facebook updates and WhatsApp conversations to LinkedIn networking, this leaves the door wide open for cybercriminals looking to exploit employees who have their guard down.

Carey van Vlaanderen, Group CEO at ESET Southern Africa, says there are two main risks when it comes to employees and social media at work:

• Sharing sensitive data, such as client details, financial figures, and login credentials on platforms that were not designed with corporate cybersecurity in mind.
• Being tricked into clicking on malicious links via fraudulent adverts or direct messages.

Social media habits put South African firms at risk

South Africans are among the most exposed to high-risk and fraudulent financial ads online, according to research by forex broker analysts at BrokerChooser. Each time employees access social platforms on corporate devices, a single click can introduce malware, trigger phishing attacks, or compromise sensitive information.

“What starts as an individual mistake can rapidly escalate into a company-wide vulnerability,” says van Vlaanderen.

In 2024, analysts estimated that the average cost of recovering from a data breach in South Africa reached R53m, up roughly R4m from the previous year.

AI-driven scams make human error even costlier

“The cost of human error can be extremely high. Without reliable safeguards and an understanding of what to look out for, employees face the constant challenge of distinguishing what’s legitimate from what’s not. With AI boosting the social engineering capacity of cybercriminals, this is getting harder and harder to do,” says van Vlaanderen.

Rising security concerns have prompted action from the platforms themselves. Earlier this year, Meta removed more than six million scam-linked WhatsApp accounts globally.

Workplace WhatsApp use poses new cybersecurity threats

Instead of retreating, attackers doubled down – most recently exploiting a glitch in the platform to infiltrate victims’ phones and steal data. This creates a perfect storm: WhatsApp is now the go-to tool for workplace communication, with more than 90% of employees across Africa using it daily, surpassing both email and Microsoft Teams.

“These platforms were built for consumers, not corporations, so they don’t offer the same level of security and privacy protection that purpose-designed systems guarantee. Operating outside formal safety controls, risky cyber activity can easily bypass protections and go unnoticed,” says van Vlaanderen.

Even innocent posts can fuel phishing attacks

“Even just sharing details about work, clients, and colleagues online can be risky, since it provides cybercriminals with all the information they need to impersonate managers in business phishing emails. From employee through to CEO, everyone needs to remain vigilant and be thoughtful about what they are posting online,” says van Vlaanderen.

“These are all things that can be included in a business’s social media policy.”

Training and awareness: The best defence against cyber threats

From a business perspective, the biggest vulnerability isn’t unsecure platforms—it’s people.

“Equipping your team with the tools to identify risks on their own is critical to keeping up with rapidly evolving threats. Speak to your provider about cybersecurity awareness training that can help build practical, real-world skills through immersive, scenario-based programmes,” says van Vlaanderen.

How businesses can reduce social media cyber risks:

• Develop and enforce a clear social media policy.
• Restrict workplace access to non-essential platforms.
• Provide regular cybersecurity awareness training.
• Encourage the use of secure, business-grade messaging apps.
• Implement multi-factor authentication and regular password updates.

Breaking news at your fingertips… Follow Caxton Network News on Facebook and join our WhatsApp channel.

Nuus wat saakmaak. Volg Caxton Netwerk-nuus op Facebook en sluit aan by ons WhatsApp-kanaal.