Accra: WhatsApp may be Africa's favourite way to chat, but its popularity in the workplace is creating serious cybersecurity concerns.

According to Ghana News Agency, the 2025 KnowBe4 Africa Annual Cybersecurity Survey revealed that a staggering 93 per cent of African respondents use WhatsApp for work-related communication-a higher rate than email or Microsoft Teams. While convenient, experts warn that relying on personal messaging apps could put sensitive company data at risk.

Anna Collard, SVP Content Strategy and Evangelist at KnowBe4 Africa, based in South Africa, explained, 'WhatsApp was never designed as an enterprise tool. It's fast and familiar, but it lacks the business-level controls needed to protect organisations from data leaks and compliance breaches.' The most significant risk for organisations is data leakage, as accidental or intentional sharing of confidential information, such as client details, financial figures, internal strategies, or login credentials on informal groups can have disastrous consequences. This creates a shadow IT problem, as it's completely beyond the organisation's control.

The survey noted that up to 80 per cent of respondents used personal devices for work, many of which were unmanaged, creating significant blind spots for organisations. Another key risk is the lack of audit facilities, especially in industries like finance that have strict data-handling requirements. From banking to government, cases are mounting worldwide where private messaging platforms have caused major problems. For instance, NatWest Bank in the UK has banned staff from using WhatsApp, and a top-secret US military operation was accidentally leaked via Signal earlier this year.

The Survey highlighted several risks for African organisations, including data leakage, shadow IT, compliance failures, fraud and impersonation, work-life blur, and threats like phishing and identity theft. Collard noted that attackers favour platforms with weak identity verification, and at least 10 individuals in her personal network had fallen victim to WhatsApp impersonation and take-over scams.

Experts emphasize that banning informal apps is not enough. Organisations must provide secure, user-friendly alternatives and train staff on digital mindfulness. Collard advised, 'Don't just tell employees what not to use. Offer easy access to approved platforms like Teams or Slack and teach staff to pause before sharing sensitive information.' By adopting enterprise-grade tools, companies gain access to features like audit logs, access controls, and better data protection.

These platforms also promote healthier communication practices, such as scheduling messages or setting clear availability, helping staff avoid digital overload. 'Convenience shouldn't come at the expense of security,' Collard concluded. 'African businesses must move beyond awareness and start implementing clear policies, secure alternatives, and employee empowerment to stay safe in today's digital-first workplace.'