The widespread use of informal messaging platforms like WhatsApp, Telegram, and Signal for workplace communication is creating serious cybersecurity vulnerabilities for organisations in Africa, according to KnowBe4’s 2025 Africa Annual Cybersecurity Survey.
The report found that 93% of African professionals use WhatsApp for work-related communication, surpassing email and enterprise platforms such as Microsoft Teams. Compounding the risk, up to 80% of those surveyed use personal, often unmanaged devices, making it difficult for organisations to monitor or secure sensitive information.
KnowBe4 Africa identifies data leakage as the most immediate risk, particularly the accidental or deliberate sharing of confidential information such as internal strategies, client data, or financial records on unregulated channels. The company warns that this creates a “shadow IT” problem, where critical communications happen outside the control of official IT systems.
Auditability is another concern. Informal platforms typically lack traceability, meaning organisations, especially in highly regulated sectors like finance, could fail to meet legal requirements for recordkeeping and data protection.
“It’s important to remember that WhatsApp wasn’t built for internal corporate use, but as a consumer tool. Because of that, it doesn’t have the same business-level and privacy controls embedded in it that an enterprise communication tool, such as Microsoft Teams or Slack, would have,” said Anna Collard, Senior Vice President of Content Strategy and Evangelist at KnowBe4 Africa.
READ ALSO
Collard also highlighted the risk of identity theft and phishing, noting that these platforms are attractive to attackers because of weak user verification.
“Attackers love platforms where identity verification is weak. Once the scammer gains access to the account, in many cases via SIM swaps, the real user is locked out and they have access to all their previous communications, contacts and files. They then impersonate the victim to deceive their contacts, often asking for money or even more personal information,” she added.
Beyond technical concerns, KnowBe4 notes that reliance on these platforms can blur professional and personal boundaries, contributing to inappropriate communication or even employee burnout.
To reduce these risks, the company recommends that organisations implement clear internal policies, adopt secure enterprise communication tools, and educate employees on the importance of protecting digital communication. Using approved platforms with built-in security features, such as audit logs, access control, and data encryption, can provide a safer, more compliant alternative for workplace collaboration.
