Benjamin Ofori, Head of Critical Information Infrastructure Protection (CIIP) at the Cyber Security Authority of Ghana (CSA), has cautioned that failing to turn on basic security features like two-factor authentication is leaving many Ghanaians exposed to cyber fraud, especially on WhatsApp.

Speaking during a UK-Ghana Chamber of Commerce (UKGCC) and WTS Nobisfields Mandatory Regulatory Compliance Series on regulating the threat of cyber crime in Ghana, the CSA warned that social engineering and fraud on everyday messaging platforms now pose the biggest cyber risk to individuals.

Mr. Ofori explained that many users overlook basic security features already provided by the app. Beyond technical measures, he placed responsibility squarely on users to take their own digital safety seriously, noting that people cannot rely on government alone while continuing to use unsecured devices and apps.

 “WhatsApp advises you to enable two-factor authentication. If you refuse to do that, you are opening up yourself for scammers to exploit you,” he said.

While individuals are being targeted through messaging platforms, businesses also face growing operational, financial, and reputational risk from cyber-attacks.

Drawing on his experience working with critical sectors, Mr. Ofori urged companies to move beyond a purely technical view of cybersecurity and focus on their people and processes. He emphasised that awareness and culture must come first, stating that “businesses must institute cyber culture. It is something that you don’t have an option not to do”.

According to him, companies should continuously educate staff on how attacks happen and how to avoid them, invest in resilient technology, and security tools, automate monitoring where possible, and ensure that processes are followed, not bypassed.

Earlier in the session, Mr. Divine Selase Agbeti, Acting Director General of the CSA, outlined the broader role of the CSA under the Cybersecurity Act 2020 (Act 1038).

He explained that the authority is responsible for regulating all cybersecurity activities in Ghana, licensing cybersecurity service providers, certifying and accrediting cybersecurity professionals, designating, auditing, and protecting critical information infrastructure, and coordinating national incident response through the National Cyber Security Centre.

These functions, he noted, position the CSA as “the national anchor for cyber resilience”, working across critical sectors including finance, telecommunications, health, energy and e-commerce.

Mr. Ofori further clarified that the CSA’s work is not limited to policy and awareness. It actively regulates who can offer cybersecurity services in Ghana.

Companies providing cybersecurity services must be licensed, and professionals practicing in the field must be accredited. He stressed that this requirement is mandatory for anyone who wants to operate in the space:

“As long as you want to practice cybersecurity in the country, you have to be licensed by us. It is not a choice.”

Licensing and accreditation, he explained, help ensure that only competent providers work on Ghana’s systems, particularly when performing sensitive services like vulnerability assessments and penetration testing.

Concluding, Mr. Agbeti reminded participants that cybersecurity compliance is tied to business survival, customer trust and national stability and reiterated that cyber resilience cannot be achieved through regulation and technology alone, but depends on skills, awareness and continuous learning.

The session was moderated by Theophilus Tawiah, Managing Partner at WTS Nobisfields, as part of an ongoing series designed to bring regulators to talk about compliance issues that businesses are expected to comply with.