When likes become a liability: Hidden cyber risks at work

AS SOUTH African businesses continue to embrace digital communication, the everyday use of social media at work is emerging as a hidden cybersecurity threat. From Facebook updates and LinkedIn networking to WhatsApp messages, employees’ online activity on devices connected to internal networks can expose companies to data breaches and cyberattacks.

With no specific laws regulating social media use in the workplace, many businesses operate without formal cybersecurity policies for these platforms, leaving doors wide open for cybercriminals.

“This Cybersecurity Awareness Month, we’re raising awareness around unregulated use of social media platforms in the office,” says Carey van Vlaanderen, Group CEO at ESET Southern Africa.

“There are two main risks when employees use social media at work. First, they may inadvertently share sensitive data — like client details, financial figures, or login credentials — on platforms that aren’t designed with corporate cybersecurity in mind. Second, they may be tricked into clicking malicious links via fraudulent ads or direct messages.”

Research by forex broker analysts at BrokerChooser shows South Africans are among the most exposed to high-risk and fraudulent financial ads online. A single click on a corporate device can introduce malware, trigger phishing attacks, or compromise sensitive information. “What starts as an individual mistake can rapidly escalate into a company-wide vulnerability,” Van Vlaanderen warns.

The financial impact is significant. Analysts estimated that in 2024, the average cost of recovering from a data breach in South Africa reached R53 million, up roughly R4 million from the previous year. “The cost of human error can be extremely high,” says Van Vlaanderen. “Without reliable safeguards and an understanding of what to look out for, employees face the constant challenge of distinguishing legitimate from fraudulent activity.

"With AI boosting cybercriminals’ social engineering capacity, this is getting harder to do.”

Even platforms themselves are grappling with threats. Earlier this year, Meta removed over six million scam-linked WhatsApp accounts globally, yet attackers continue to exploit platform vulnerabilities to infiltrate phones and steal data. WhatsApp is now the primary workplace communication tool in Africa, used daily by more than 90% of employees, surpassing e-mail and Microsoft Teams.

“These platforms were built for consumers, not corporations, so they don’t offer the same level of security and privacy protection as purpose-designed systems,” Van Vlaanderen explains. “Operating outside formal safety controls, risky activity can easily bypass protections and go unnoticed.”

Even sharing seemingly harmless details about work, clients, or colleagues online can provide cybercriminals with enough information to impersonate managers in phishing attacks. “From employee to CEO, everyone needs to remain vigilant about what they post online,” says Van Vlaanderen. “These are all issues that can and should be addressed in a business’s social media policy.”

Ultimately, the greatest vulnerability isn’t the technology — it’s people. “Equipping your team with tools to identify risks independently is critical to keeping pace with evolving threats,” Van Vlaanderen advises. “Cybersecurity awareness training, especially scenario-based programmes, helps build practical skills that protect assets and strengthen overall corporate resilience.”

As social media becomes increasingly entwined with the modern workplace, companies that fail to manage the risks do so at their own peril.