The use of social media at work – especially on devices connected to internal networks – is putting South African businesses at risk of data breaches and cyberattacks. With no specific laws governing social media use in the workplace, many businesses operate without cybersecurity policies for online platforms. From Facebook updates and WhatsApp conversations to LinkedIn networking, this leaves the door wide open for cybercriminals looking to exploit employees who have their guard down.
“This Cybersecurity Awareness Month, we’re raising awareness around unregulated use of social media platforms in the office,” says Carey van Vlaanderen, Group CEO at ESET Southern Africa. “There are two main risks when it comes to employees using social media at work. The first is sharing sensitive data – like client details, financial figures, and even login credentials – on platforms that weren’t designed with corporate cybersecurity in mind, and the second is being tricked into clicking on malicious links via fraudulent ads or direct messages.”
South Africans are among the most exposed to high-risk and fraudulent financial ads online, according to research by forex broker analysts at BrokerChooser. Each time employees access social platforms on corporate devices, a single click can introduce malware, trigger phishing attacks, or compromise sensitive information. “What starts as an individual mistake can rapidly escalate into a company-wide vulnerability,” says van Vlaanderen.
In 2024, analysts estimated that the average cost of recovering from a data breach in South Africa reached R53-million – up roughly R4-million from the previous year; “The cost of human error can be extremely high. Without reliable safeguards and an understanding of what to look out for, employees face the constant challenge of distinguishing what’s legitimate from what’s not. With AI boosting the social engineering capacity of cybercriminals, this is getting harder and harder to do,” says van Vlaanderen.
Rising security concerns have prompted action from the platforms themselves. Earlier this year, Meta removed more than six million scam-linked WhatsApp accounts globally. Instead of retreating, attackers doubled down – most recently exploiting a glitch in the platform to infiltrate victims’ phones and steal data. This creates a perfect storm: WhatsApp is the go-to tool for workplace communication, with more than 90% of employees across Africa using it daily – surpassing both email and Microsoft Teams.
“These platforms were built for consumers, not corporations – so they don’t offer the same level of security and privacy protection that purpose-designed systems guarantee. Operating outside formal safety controls, risky cyber activity can easily bypass protections and go unnoticed,” says van Vlaanderen.
“Even just sharing details about work, clients, and colleagues online can be risky, since it provides cybercriminals with all the information they need to impersonate managers in business phishing emails. From employee through to CEO, everyone needs to remain vigilant and be thoughtful about what they are posting online,” says van Vlaanderen. “These are all things that can be included in a business’s social media policy.”
From a business perspective, the biggest vulnerability isn’t unsecure platforms – it’s people; “Equipping your team with the tools to identify risks on their own is critical to keeping up with rapidly evolving threats. Speak to your provider about cybersecurity awareness training that can help build practical, real-world skills through immersive, scenario-based programmes,” says van Vlaanderen. “This kind of investment not only protects your assets but also strengthens the resilience of the entire corporation.”
