Cyber threats are not reserved for large corporations. In Ghana, mobile money fraud, email phishing, and compromised WhatsApp Business accounts are increasingly targeting small businesses. This article covers the most common threats and the practical steps every business owner can take — no technical background required.
The Threat Landscape in Ghana
Ghana has one of the most active mobile money ecosystems in Africa. That makes it a target. Common threats include:
- MoMo SIM-swap fraud: A criminal convinces a network operator to transfer your SIM to their phone, gaining access to your MoMo wallet
- Phishing emails and SMS: Messages impersonating GRA, banks, or GCB that request credentials or payments
- WhatsApp Business account takeover: Criminals use verification codes to take over a business's WhatsApp account and defraud customers
- Ransomware via USB drives or email attachments: Files that encrypt your computer until you pay
- Compromised shared passwords: Former staff who still have access to email or POS accounts
Protecting Your Mobile Money
- Never share your PIN with anyone — not your network's customer service agent, not your bank. No legitimate service ever asks for your PIN.
- Register a SIM-lock with your network operator (MTN, Telecel, AirtelTigo all offer this) so that a SIM swap requires in-person ID verification at a service centre.
- Set a daily transaction limit that covers your normal business needs. This caps exposure if your account is compromised.
- Enable account alerts — every transaction should send you an SMS. Suspicious activity should trigger an immediate call to your network's fraud line.
Email and Password Security
- Use a different password for every important account. A password manager (Bitwarden is free) eliminates the need to remember them.
- Enable two-factor authentication (2FA) on your email, banking apps, and Zoho accounts. Even if someone gets your password, they cannot log in without your phone.
- Never click links in unsolicited emails asking you to verify your account or make a payment. Go directly to the provider's website by typing the address yourself.
Protecting Your WhatsApp Business Account
- Enable two-step verification in WhatsApp Settings → Account → Two-step verification
- Never share the 6-digit verification code that arrives by SMS — WhatsApp will never ask for it. This code is how criminals take over accounts.
- If your account is compromised, re-register the number on your device immediately — this logs out the attacker — and notify your customers via an alternate channel
When Staff Leave
This is one of the most commonly overlooked security risks. Create a departure checklist:
- Change all shared passwords the same day the person leaves
- Remove them from business email groups and shared drives
- Revoke access to your POS, accounting software, and any cloud platforms
- Check that they are not listed as an admin on your Facebook Business page or WhatsApp Business account
Backups: Your Last Line of Defence
Ransomware is designed to encrypt your files and demand payment. The only reliable defence is a recent backup stored somewhere the ransomware cannot reach — an external hard drive kept offline, or a cloud backup (Google Drive, Dropbox) that the infected computer cannot automatically delete.
Back up your critical files (accounts, customer data, contracts) every Friday. Test the backup quarterly by actually restoring a file from it.
Getting Help
Pinuno Academy's ICT Fundamentals programme includes a module on cybersecurity for individuals and small businesses. For organisations that need a security assessment or staff training workshop, contact us directly.