Digital Dangers: The Evolution of WhatsApp Groups as Significant Cybersecurity Threats
Johannesburg – Despite the popularity of informal messaging platforms among employees, they expose organizations to significant cybersecurity risks.
The 2025 KnowBe4 (www.KnowBe4.com) Africa Annual Cybersecurity survey (https://apo-opa.co/47oRLHi) revealed that 93% of African participants use WhatsApp for work communication, outpacing both email and Microsoft Teams.
What actions can organizations take to prevent data leakage and other threats?
For numerous organizations, platforms like WhatsApp and Telegram have become indispensable for workplace communication.
According to Anna Collard, SVP Content Strategy and Evangelist at KnowBe4 Africa, their user-friendly nature contributes significantly to their popularity.
“In Africa, many users prefer WhatsApp because it’s quick, familiar, and easy to use,” she points out.
“These apps are already part of our everyday lives.”
Additionally, these platforms enhance collaboration, especially in remote or hybrid work environments.
“Reaching out to a colleague on WhatsApp for a quick response feels entirely natural,” she notes.
“However, this convenience can threaten control and compliance (https://apo-opa.co/41vySyw).”
Informal messaging, formal risks
Recent events have underscored the dangers of using informal platforms for professional communications.
WhatsApp messages are increasingly cited as evidence (https://apo-opa.co/4oZcMOS) in employee tribunals and legal cases.
The British bank NatWest has even prohibited WhatsApp messaging (https://apo-opa.co/3UQCnMl) among its staff.
Earlier this year, a confidential military operation in Yemen was leaked through the messaging app Signal (https://apo-opa.co/3I2wskn), inadvertently shared with a journalist and various civilians, including the Defence Secretary’s spouse and sibling.
This problem of official communications appearing on personal devices and informal platforms is widespread.
“There are several layers of risk,” Collard explains.
“It’s essential to recognize that WhatsApp is intended for consumer use, not for internal corporate communications.
“Consequently, it lacks the business-grade privacy and control features present in corporate messaging tools like Microsoft Teams or Slack.”
The main risk for organizations is data leakage.
“The unintended or intentional sharing of sensitive information, such as client data, financial metrics, internal strategies, or login credentials, in informal groups can have dire consequences,” she warns.
“Moreover, this happens completely outside the organization’s control, creating a shadow IT dilemma.”
The situation is worsening, as the 2025 KnowBe4 Africa Annual Cybersecurity survey (https://apo-opa.co/47oRLHi) found that up to 80% of respondents use personal devices for work, many of which are unmanaged, leading to significant blind spots for organizations.
Another considerable risk is the lack of auditability.
“Informal platforms do not provide the audit trails necessary for compliance with regulations, especially in sectors like finance that require strict data handling processes,” Collard explains.
Phishing and identity theft (https://apo-opa.co/4g2Kyi5) are also significant threats.
“Attackers are attracted to platforms with weak identity verification,” she adds, noting that at least 10 people in her network have faced WhatsApp impersonation and takeover scams.
“Once scammers gain access, often through SIM swaps, the genuine user is locked out, and the fraudsters can access previous messages, contacts, and files,” she elaborates.
“They then impersonate the victim to deceive their contacts, frequently requesting money or more personal data.”
Furthermore, using these channels can result in inappropriate employee interactions or blurred work-life boundaries, contributing to burnout.
“Constant streams of messages can also be distracting and reduce productivity,” Collard states.
Having the right guardrails in place
To mitigate these risks, organizations need a clear communication strategy, claims Collard.
“First, provide secure alternatives,” she advises.
“Don’t merely tell people what not to use; ensure that tools such as Teams or Slack are easily accessible and clearly supported.”
The next step is to educate employees on the importance of secure communication (https://apo-opa.co/42a27qN).
“Training should include digital mindfulness principles, such as taking a moment before sending messages, thinking about the information being shared and with whom, and recognizing emotional triggers like urgency or fear that often appear in social engineering attacks (https://apo-opa.co/4g4kSlh),” Collard shares.
“By creating a sense of psychological safety, employees will feel empowered to question unusual requests, even if they seem to come from a manager or client.”
This is particularly essential due to the “confidence gap” highlighted in the latest KnowBe4 Africa Human Risk Management Report 2025 (https://apo-opa.co/4n5wjeL), where a high perceived awareness of cybersecurity measures does not always align with employees feeling fully confident or supported in reporting incidents or raising concerns about suspicious communications.
By employing approved communication tools, organizations can leverage additional security features like audit logs, data protection, access management, and integration with other business applications.
“These platforms also encourage more mindful communication habits, such as scheduling messages or establishing availability statuses,” Collard remarks.
“Using sanctioned platforms helps maintain healthy boundaries, ensuring that work does not encroach upon personal life.
“It’s about digital well-being as much as it is about cybersecurity.”
In conclusion, Collard stresses that while informal messaging provides convenience, its uncontrolled usage introduces considerable cyber risks.
“Organizations must move beyond merely recognizing the issue and actively implement clear policies, provide secure alternatives, and equip employees with the digital mindfulness needed to navigate these cyber-risk environments safely,” she insists.