Business

WhatsApp warning for South African companies and employees

27 July 2025
Add Google Preferred Source Follow on Google News

While using WhatsApp and other informal messaging apps for work may be convenient, it exposes South African organisations and employees to serious financial and cybersecurity risks.

Anna Collard, SVP Content Strategy at KnowBe4 Africa, warned that even though these platforms are popular with employees, they can lead to data leaks, identity theft, regulatory non-compliance, and lost productivity.

The 2025 KnowBe4 Africa Annual Cybersecurity survey found that 93% of African respondents use WhatsApp for work communications, surpassing email and Microsoft Teams.

Platforms like WhatsApp and Telegram have become integral to workplace communication for many organisations.

Collard said these platforms are so popular because of how easy they are to use. “Particularly on the continent, many people prefer WhatsApp because it’s fast, familiar and frictionless,” she said.

Since these apps are already on many people’s phones and part of their daily routine, using them for work purposes is seen as simple.

These platforms also help employees work together, especially in remote or hybrid work environments, Collard explained.

“It feels natural to ping a colleague on WhatsApp, especially if you’re trying to get a quick answer. But convenience often comes at the cost of control and compliance,” she said.

According to Collard, recent cases have revealed the risks of using informal technology platforms for professional communication.

Increasingly, WhatsApp messages are used as evidence in employee tribunals and other legal cases. The British bank NatWest has even banned WhatsApp messages among its staff.

In the United States, a top-secret military attack on Yemen was leaked on the messaging platform Signal earlier this year.

The plan was inadvertently shared with a newspaper editor and other civilians, including the Defence Secretary’s wife and brother.

“There are multiple layers of risk,” Collard said. “It’s important to remember that WhatsApp wasn’t built for internal corporate use, but as a consumer tool.”

“Because of that, it doesn’t have the same business-level and privacy controls embedded in it that an enterprise communication tool, such as Microsoft Teams or Slack, would have.”

Scams on the rise

Collard explained that the biggest risk for organisations whose employees use WhatsApp for work is data leakage.

“Accidental or intentional sharing of confidential information, such as client details, financial figures, internal strategies or login credentials, on informal groups can have disastrous consequences,” she said.

This is also completely beyond the organisation’s control, which creates a shadow IT problem.

Up to 80% of respondents in the 2025 KnowBe4 Africa Annual Cybersecurity survey indicated that they use personal devices for work, many of which are unmanaged. This creates significant blind spots for organisations.

Collard said that the lack of auditability is another major risk. “Informal platforms lack the audit trails necessary for compliance with regulations, particularly in industries like finance with strict data-handling requirements.”

Phishing and identity theft are also threats. “Attackers love platforms where identity verification is weak,” she explained.

Earlier this year, Capitec told Daily Investor that it was seeing an increase in scammers using WhatsApp to defraud victims.

“WhatsApp is a valuable and widely used platform for communication,” the bank said. “Unfortunately, like many such platforms, it can be misused by scammers who exploit the sense of trust and familiarity the platform conveys.”

Capitec said the most common WhatsApp scams involve fake job offers, investment scams, and impersonation cases.

Collard highlighted impersonation scams and WhatsApp takeovers as a particular threat to business.

WhatsApp takeovers involve scammers tricking victims into sharing a One-Time PIN (OTP), which they use to hijack the account.

“Once the scammer gains access to the account, in many cases via SIM swaps, the real user is locked out and they have access to all their previous communications, contacts and files,” Collard said.

“They then impersonate the victim to deceive their contacts, often asking for money or even more personal information.”

Beyond security, using these channels can also lead to inappropriate communication among employees or the blurring of work-life boundaries, resulting in burnout.

“Having a constant stream of messages can also be distracting and lower productivity,” Collard cautioned.

Mitigating the risk

For organisations wanting to mitigate these risks, Collard stressed the importance of setting up a clear communications strategy.

“First, provide secure alternatives. Don’t just tell people what not to use. Make sure that tools like Teams or Slack are easy to access and clearly endorsed,” she said.

The next step is to educate employees on why secure communication matters. Collard recommended incorporating mindfulness principles, such as pausing before sending and thinking about what’s being shared and with whom.

Teaching employees to be aware of emotional triggers, like urgency or fear, is also important because these are common tactics in social engineering attacks.

“By promoting psychological safety, employees feel comfortable questioning odd requests, even if they appear to come from a boss or client,” Collard said.

KnowBe4 Africa’s 2025 Human Risk Management Report revealed a worrying “confidence gap”.

Employees had a high perceived awareness of cybersecurity policies, but this often didn’t translate into feeling fully confident or supported in reporting incidents or questioning suspicious communications.

By introducing approved communication tools, Collard said organisations can benefit from additional security features, such as audit logs, data protection, access control and integration with other business tools.

“These platforms also support more mindful communication norms, like scheduling messages or setting availability statuses,” she said.

“Using approved platforms helps maintain healthy boundaries, so work doesn’t creep into every corner of your personal life. It’s about digital wellbeing as much as it is about cybersecurity.”

Newsletter

Top JSE indices

1D
1M
6M
1Y
5Y
MAX
 
 
 
 
 
 
 
 
 
 
 
 

Comments

Privacy policy | Contact | Advertise |

Articles and other information on Daily Investor is for information purposes only and is not financial or investment advice. It should not be seen as a recommendation to buy shares in any company. Our content is produced without considering the objectives, financial situation, or needs of individuals. Before making any investment decision, prospective investors should consider the appropriateness of the information to their own objectives, financial situation and needs and seek legal and taxation advice appropriate to their jurisdiction.

Profile Data logo

Price and trade data source:

JSE Ltd All other statistics calculated by Profile Data.

All data is delayed by at least 15 minutes.

Press Council South Africa IAB South Africa
Daily Investor proudly displays the “FAIR” stamp of the Press Council of South Africa, indicating our commitment to adhere to the Code of Ethics for Print and online media which prescribes that our reportage is truthful, accurate and fair. Should you wish to lodge a complaint about our news coverage, please lodge a complaint on the Press Council’s website, www.presscouncil.org.za or email the complaint to [email protected] Contact the Press Council on 011 4843612.