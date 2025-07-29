The growing use of platforms like WhatsApp for workplace communication poses a significant risk to organisations’ cybersecurity.

This is according to the KnowBe4 African Cybersecurity & Awareness Report for 2025, which surveyed 800 employed adults in seven African countries about their cybersecurity awareness.

The report found that WhatsApp is becoming an increasingly popular platform for workplace communication, with 93% of respondents using it. This is up from 87% in 2024.

Email followed at 78%, while other common workplace platforms like Zoom and MS Teams were used by 48% and 27% of people, respectively. 53% of respondents said they used Telegram.

KnowBe4 Content Strategy SVP Anna Collard said platforms like WhatsApp and Telegram have become integral due to their ease of use and are already embedded in people’s daily routines.

On the other hand, the report found that 97% of respondents used WhatsApp to communicate with friends and family.

“It feels natural to ping a colleague on WhatsApp, especially if you’re trying to get a quick answer,” Collard says.

However, she argues that this convenience can often come at the cost of control and compliance, as there are multiple layers of risk.

“It’s important to remember that WhatsApp wasn’t built for internal corporate use, but as a consumer tool,” Collard adds.

“Because of that, it doesn’t have the same business-level and privacy controls embedded in it that an enterprise communication tool, such as Microsoft Teams or Slack, would have.”

Collard says that data leakage is the biggest concern for organisations as employees could accidentally share confidential information in informal groups.

This information could include client details, financial figures, internal strategies or login credentials and could have disastrous consequences.

Earlier this year, information about the US’s secret military attack on Yemen was leaked on Signal because a journalist and other civilians were unintentionally added to the group of government officials.

Collard said another major risk informal communication platforms pose to organisations is their lack of auditability, as compliance with internal regulations can’t be tracked.

In 2024, British bank NatWest banned employees from using unofficial communication channels such as WhatsApp.

It argued that messages sent on official channels are fully retrievable, whereas those sent on WhatsApp are not.

Phishing and identity theft

Collard also pointed to phishing and identity theft as threats that could compromise an organisation’s cybersecurity because of informal communication platforms.

Phishing is a type of scam where criminals attempt to manipulate targets into revealing sensitive information using social engineering techniques.

Like actual fishing, the idea is to bait several targets at once, hoping one eventually “bites”. One difference is that phishing allows attackers to hook many more victims simultaneously.

Collard said that once attackers have access to people’s sensitive information, they can often perform SIM-swaps and gain access to a victim’s WhatsApp or Telegram accounts.

SIM swap fraud is when a malicious party gains access to enough personal information to impersonate a subscriber who holds a phone number.

“Once the scammer gains access to the account, the real user is locked out and they have access to all their previous communications, contacts and files,” she says.

“They then impersonate the victim to deceive their contacts, often asking for money or even more personal information.”

As the South African Banking Risk Information Centre points out, “criminals know the weakest link in the security chain is a human.”

The Communications Risk Information Centre’s recent Telecommunications Sector Report found that fraud linked to the sector cost South Africa roughly R5.3 billion in 2024.

The report highlighted that the telecommunications sector has become intertwined with the rest of the South African economy, making it a prime target for criminals who launch attacks on other sectors.

It said that SIM swap and synthetic identity fraud “are now recognised as a gateway to a broader web of crime,” such as mobile banking fraud, impersonation, and digital extortion.

Information provided by South African network operators showed that 3,600 SIM swaps were processed over the past four months, of which 108 (3%) were found to be fraudulent.