Legal

The legal risks of remote access

By Fay Calderone

In an uncertain and stressful environment, employees are more likely to engage in nefarious and risky behaviours. Here’s how you can safeguard your organisation against the legal risks of remote access.

The global shift in flexible work has been a great step towards building healthy, inclusive workplaces, and ensuring business continuity and employment during the COVID-19 pandemic.

However, it also means many organisations need to quickly and effectively bolster their protection of confidential information.

Having employees and contractors working remotely can present a risk that confidential information could be accessed, read or overheard by people living with them or sitting near them in public places, such as cafes.

Consideration also needs to be given to deliberate misuse, theft and disclosure of confidential information. But how do you determine that? Prior to the pandemic, an employee sending a document to a personal email constituted a smoking gun. Now it’s not so cut and dried. 

Who hasn’t forwarded documents to their personal email to print from a home office printer before? Or perhaps you’ve saved things to a separate location to access when the system is down, or uploaded documents to a Google drive for group editing.

It’s much harder to identify information leak risks in your organisation in a remote environment and the uncertainty of the pandemic – and the workplace actions taken as a result of that – is only making it harder.

Disgruntled thieves

In a climate of pay cuts, stand downs, long periods of stress and uncertainty about future employment, we have seen a rise in aggrieved employees engaging in theft of confidential organisational information on their way out of the business.  

Why is this the case? An article by the Australian Institute of Criminology describes two themes common in instances of employee theft, including:

  1. Perceptions of unfairness; and
  2. Perceptions of ownership over work where “employees, especially those in large organisations, may presume personal ownership or entitlement by virtue of occupation (of a position or space) or through regular use/access. The resource becomes ‘my office,’ ‘my computer,’ and ‘my budget.’ This, in turn, seems to provide moral justification for taking the resource for personal use,” according to the article.

A 2012 study by the Carnegie Mellon University’s Software Engineering Institute analysed hundreds of malicious insider activity cases in the US, including theft of intellectual property for business advantage (i.e. stealing information to take to a new job).

The study found many cases were precipitated by a particular event or opportunity, and motivated by a sense of entitlement and ownership of the stolen information. 

“The entitled independent tends to believe that he or she owns the IP,” the study outlines. “This sense of ownership increases with the amount of time and effort the individual spends developing the IP. The insider usually has authorized access to the entire product suite or information. An event or condition in the workplace usually creates dissatisfaction on the part of the individual and increases his or her desire to leave and take information prior to departure.”

So what should you do?

Every organisation faces some level of risk. Even those that go to great lengths to appear fair may appear unfair in the eye of a disgruntled employee.

(Read HRM’s guide on how to manage disgruntled employees).

Organisations need to have clear contractual provisions to protect confidential information and intellectual property. They also need policies and procedures around the use, storage and monitoring of information used by employees and contractors. These policies and their rationale must be clearly communicated to employees, and compliance must be actively promulgated at all times.

What the research, and our experience, also tells us is that leaders need to invest time and energy into remaining connected with their employees – even if the employment comes to an end. Employees need to be treated with dignity and caution on the way out to ensure the protection of information. 

It’s also critical to monitor employee activity when working remotely and to provide appropriate notice of termination to employees, as per your state’s legislation.

Beyond that, if difficult conversations are to take place with employees, such as notice of their termination, it’s important to put the wheels in motion to first protect company information and monitor activity before that conversation takes place.

Employers have legal remedies to seek an injunction preventing misuse of information and to recover damages if they have already been suffered, but these remedies often come at a significant cost to the business. 

Understanding the ‘why’ of human behaviour and taking proactive steps to manage people risks will allow prudent employers to act before the horse has bolted.

Want to get better at having difficult conversations at work? AHRI’s short course on will equip you with the necessary skills.

Fay Calderone is a partner and Veronica Lee is a lawyer at Hall & Wilcox.

This article originally appeared in the March 2021 edition of HRM magazine.

Subscribe to receive comments
Notify me of
guest

0 Comments
Inline Feedbacks
View all comments
More on HRM
Legal
How to tell the difference between a contractor and an employee
17 April, 2024 5 minute read
Closing Loopholes Bill
Employer ordered to pay $4 million in penalties for “calculated” wage theft
15 April, 2024 4 minute read
Legal
When are overseas employees eligible for general protections?
10 April, 2024 5 minute read
HOW TO
How to's
How to bring team coaching to life
24 April, 2024 6 minute read
Culture Leadership
51 per cent of people have to work overtime to account for meeting overload
5 April, 2024 7 minute read
How to's
HR’s guide to developing and presenting a board report
14 February, 2024 5 minute read
Jobs board
Senior Advisor – Clerk Grade 9/10 – Industrial Relations and Workplace – Ongoing
View this role
View all
Legal

The legal risks of remote access

By Fay Calderone

In an uncertain and stressful environment, employees are more likely to engage in nefarious and risky behaviours. Here’s how you can safeguard your organisation against the legal risks of remote access.

The global shift in flexible work has been a great step towards building healthy, inclusive workplaces, and ensuring business continuity and employment during the COVID-19 pandemic.

However, it also means many organisations need to quickly and effectively bolster their protection of confidential information.

Having employees and contractors working remotely can present a risk that confidential information could be accessed, read or overheard by people living with them or sitting near them in public places, such as cafes.

Consideration also needs to be given to deliberate misuse, theft and disclosure of confidential information. But how do you determine that? Prior to the pandemic, an employee sending a document to a personal email constituted a smoking gun. Now it’s not so cut and dried. 

Who hasn’t forwarded documents to their personal email to print from a home office printer before? Or perhaps you’ve saved things to a separate location to access when the system is down, or uploaded documents to a Google drive for group editing.

It’s much harder to identify information leak risks in your organisation in a remote environment and the uncertainty of the pandemic – and the workplace actions taken as a result of that – is only making it harder.

Disgruntled thieves

In a climate of pay cuts, stand downs, long periods of stress and uncertainty about future employment, we have seen a rise in aggrieved employees engaging in theft of confidential organisational information on their way out of the business.  

Why is this the case? An article by the Australian Institute of Criminology describes two themes common in instances of employee theft, including:

  1. Perceptions of unfairness; and
  2. Perceptions of ownership over work where “employees, especially those in large organisations, may presume personal ownership or entitlement by virtue of occupation (of a position or space) or through regular use/access. The resource becomes ‘my office,’ ‘my computer,’ and ‘my budget.’ This, in turn, seems to provide moral justification for taking the resource for personal use,” according to the article.

A 2012 study by the Carnegie Mellon University’s Software Engineering Institute analysed hundreds of malicious insider activity cases in the US, including theft of intellectual property for business advantage (i.e. stealing information to take to a new job).

The study found many cases were precipitated by a particular event or opportunity, and motivated by a sense of entitlement and ownership of the stolen information. 

“The entitled independent tends to believe that he or she owns the IP,” the study outlines. “This sense of ownership increases with the amount of time and effort the individual spends developing the IP. The insider usually has authorized access to the entire product suite or information. An event or condition in the workplace usually creates dissatisfaction on the part of the individual and increases his or her desire to leave and take information prior to departure.”

So what should you do?

Every organisation faces some level of risk. Even those that go to great lengths to appear fair may appear unfair in the eye of a disgruntled employee.

(Read HRM’s guide on how to manage disgruntled employees).

Organisations need to have clear contractual provisions to protect confidential information and intellectual property. They also need policies and procedures around the use, storage and monitoring of information used by employees and contractors. These policies and their rationale must be clearly communicated to employees, and compliance must be actively promulgated at all times.

What the research, and our experience, also tells us is that leaders need to invest time and energy into remaining connected with their employees – even if the employment comes to an end. Employees need to be treated with dignity and caution on the way out to ensure the protection of information. 

It’s also critical to monitor employee activity when working remotely and to provide appropriate notice of termination to employees, as per your state’s legislation.

Beyond that, if difficult conversations are to take place with employees, such as notice of their termination, it’s important to put the wheels in motion to first protect company information and monitor activity before that conversation takes place.

Employers have legal remedies to seek an injunction preventing misuse of information and to recover damages if they have already been suffered, but these remedies often come at a significant cost to the business. 

Understanding the ‘why’ of human behaviour and taking proactive steps to manage people risks will allow prudent employers to act before the horse has bolted.

Want to get better at having difficult conversations at work? AHRI’s short course on will equip you with the necessary skills.

Fay Calderone is a partner and Veronica Lee is a lawyer at Hall & Wilcox.

This article originally appeared in the March 2021 edition of HRM magazine.

Subscribe to receive comments
Notify me of
guest

0 Comments
Inline Feedbacks
View all comments
Jobs board
Senior Advisor – Clerk Grade 9/10 – Industrial Relations and Workplace – Ongoing
View this role
View all
More on HRM
Legal
How to tell the difference between a contractor and an employee
17 April, 2024 5 minute read
Closing Loopholes Bill
Employer ordered to pay $4 million in penalties for “calculated” wage theft
15 April, 2024 4 minute read
Legal
When are overseas employees eligible for general protections?
10 April, 2024 5 minute read
HOW TO
How to's
How to bring team coaching to life
24 April, 2024 6 minute read
Culture Leadership
51 per cent of people have to work overtime to account for meeting overload
5 April, 2024 7 minute read
How to's
HR’s guide to developing and presenting a board report
14 February, 2024 5 minute read
VIDEOS
play_circle_filled
HR strategy, planning and measurement
What makes HR analytics effective?
20 March, 2018 9,315 views
play_circle_filled
Culture and diversity
2 reasons why there aren’t more women in tech
26 February, 2018 7,082 views
play_circle_filled
AHRI Blog
Video: Recruiting top talent, and how to recruit women
13 February, 2018 5,677 views
We use cookies to personalise content, provide social media features, and analyse traffic. You can disable cookies at the browser level, however this can limit your experience with our website. Accept Cookies Learn More