While convenient, the use of informal messaging platforms like WhatsApp, Telegram and Signal for work purposes pose significant risks to organisations’ cyber security.
That warning comes from KnowBe4, which has just published its 2025 Africa Annual Cybersecurity survey. Results revealed that 93% of African respondents use WhatsApp for work communications, surpassing email and corporate-approved platforms such as Microsoft Teams.
The survey notes that up to 80% of respondents use personal devices for work, many of which are unmanaged, creating significant blind spots for organisations.
KnowBe4 Africa says the biggest risk for organisations is data leakage. Accidental or intentional sharing of confidential information, such as client details, financial figures, internal strategies or login credentials, on informal groups can have disastrous consequences. It is also beyond the organisation’s control, creating a shadow IT problem.
Another major risk is the lack of auditability, as informal platforms lack the audit trails necessary for compliance with regulations, particularly in industries like finance with strict data-handling requirements, notes the company.
Beyond security, using these channels can also lead to inappropriate communication among employees or the blurring of work-life boundaries, increasing the risk of employee burnout.
Anna Collard, SVP content strategy and evangelist at KnowBe4 Africa, adds that there are multiple layers of risk as WhatsApp was not developed for corporate use, additionally, phishing and identity theft can also take place.
“It’s important to remember that WhatsApp wasn’t built for internal corporate use, but as a consumer tool. Because of that, it doesn’t have the same business-level and privacy controls embedded in it that an enterprise communication tool, such as Microsoft Teams or Slack, would have.”
She adds: “Attackers love platforms where identity verification is weak. Once the scammer gains access to the account, in many cases via SIM swaps, the real user is locked out and they have access to all their previous communications, contacts and files. They then impersonate the victim to deceive their contacts, often asking for money or even more personal information.”
Measures to address these issues include clear policies and communications strategy, with alternatives suggested. Also educating employees on why secure communication matters. By introducing approved communication tools, organisations can benefit from additional security features, such as audit logs, data protection, access control, and integration with other business tools, she said.
Share