WHAT IS EMPLOYEE MISCONDUCT?
Employee misconduct can be defined as an employee action that violates a company’s stated policies or agreements between an employer and an employee, or a former employee. It includes conduct that may be perceived as detrimental to the company or that may pose some risk or exposure to the company.
In its broadest sense, employee misconduct could also include the types of involved in relation to IP theft, as well as other types of improper conduct described in subsequent chapters (Chapters 18 and 19), including conduct in violation of the general laws and accepted industry norms and practices. However, for purposes of this chapter and the described computer forensic tools and techniques described here, we are limiting employee misconduct to the violation or abuse of various corporate policies and procedures, many of which may also be based in various federal and state laws including employment law. Such policies and procedures are generally defined in a corporation’s employee handbook or other compilation of a company’s personnel policies and procedures, to the extent they exist, as well as a corporation’s code of conduct and ethics.
These policies, procedures, and codes of conduct and ethics may address the following:
• Code of business standards and code of ethics
• Usurpation of corporate opportunity
• Time and expense recording
• Travel, entertainment, and expense reimbursement policies
• Appropriate use of corporate resources (such as computers)
• Use of corporate licensed software
• E-mail and Internet access and usage
RAMIFICATIONS
As described, employee misconduct covers a wide array of behavior and activity that may be in violation of a corporation’s explicit or implied code of conduct or other corporate policies and procedures, as well as activities considered unlawful under applicable laws or otherwise deemed inappropriate. The ramifications can also cover a wide array of potential harm to the corporation, from lost productivity, efficiency, and a disruptive work environment, to significant and costly lawsuits against the corporation and potential monetary loss.
Disruptive Work Environment
Corporations devise and implement policies and handbooks regarding business conduct and ethics in the workplace that provide guidance on acceptable and unacceptable behaviors to promote a healthy, stable, and productive work environment where employees can operate efficiently and effectively without undue distraction or interference. These policies and procedures are also implemented to safeguard a corporation’s assets, which includes its employees, and to protect the corporation and its employees from unlawful or otherwise inappropriate activity that may put the corporation and its employees at risk.
At a minimum, employee misconduct has a negative impact on a corporation’s work environment and the productivity of employees immediately affected by that conduct. Whether it’s inappropriate workplace behavior or improper use of corporate resources, a prohibited activity typically effects the work habits and operating efficiency of the employee(s) in question, and it often extends beyond the employee(s) directly involved to those around him (such as those within the same work group or department, and potentially involving both superiors and/or subordinates). Harassment and discrimination almost always have a negative impact on the employee or employees that are the target of improper behavior. However, it often extends beyond that group to those who witness the behavior. Inefficiency, missed work time, mistrust, compromised relationships, and ineffective allocation and use of resources can all be products of employee misconduct.
Investigations by Authorities
If employee misconduct is not only in violation of corporate codes, policies and/or procedures, but is alleged to be potentially unlawful, the activity can subject employees and the corporation to potential investigation by outside authorities. Unlawful activities can fall under the jurisdiction of a variety of local, state, and federal authorities. As an example, both employment discrimination and harassment in the workplace, which is considered a form or discrimination, are addressed by a number of federal laws prohibiting job discrimination (such as the Federal Equal Employment Opportunity [EEO] Laws). These laws fall under the oversight of the US Equal Employment Opportunity Commission (EEOC). A claim arising against an employer for violation of one of the EEO laws can lead to an investigation by the EEOC and sometimes a lawsuit against the employer. However, many states and municipalities also have antidiscrimination laws as well as agencies responsible for enforcing those laws with the capability to conduct investigations when claims arise.
Other potential illicit activities by employees may also be in violation of state and/or federal laws and can thereby lead to potential investigations by outside authorities. Certain activities may be investigated by local law enforcement officials, including local district attorneys, while others may garner the attention of a state’s attorney general or even the Federal Bureau of Investigation (FBI) and its respective investigative capabilities. Examples of activities that could receive the attention of attorneys general or the FBI include the improper use of corporate resources (such as computers and the Internet) to commit cybercrime such software piracy, unlawful computer intrusions, or the exploitation of children through child pornography. While some of the described employee misconduct may involve the improper conduct of just one employee, the existence of the activity on corporate premises or the inappropriate use of corporate assets could subject the corporation to investigation as well as potential lawsuits.
Lawsuits Against an Employer
Harassment, as well as other forms of discrimination, software piracy, and the improper use of corporate e-mail and the Internet, among others, can all have a significant impact to the corporation as well as the employee engaged in the improper behavior or act. While the inappropriate conduct may be limited to one individual, questions will often be raised as to the workplace established by the corporation and whether appropriate safeguards (such as policies, procedures, and codes of conduct and ethics) were in place to discourage such conduct and to protect other employees from the negative effects of such conduct. Often the corporation itself will be targeted in lawsuits involving employee misconduct, citing the corporation’s failure to provide a workplace consistent with that required by the respective applicable laws and guidelines.
As with any lawsuit, lawsuits involving allegations of employee misconduct can be significantly costly to the corporation, even if the corporation ultimately prevails, as attorneys fees, outside consultants, and expert fees can be very costly to a corporation if not recoverable through the litigation. Likewise, similar to investigations of employee misconduct, lawsuits can be extremely disruptive to a corporation’s work environment and often require substantial time and efforts of various employees to respond to written requests for information and participate in interviews and depositions by various parties throughout the litigation process.
Monetary Loss
While many types of activities prohibited by employee handbooks and business codes of conduct and ethics do not translate into direct monetary losses to a corporation, indirectly they can lead to significant disruptions in the work environment and inefficiencies that over time can have significant impact on a corporation’s bottom line. Lost productivity due to personal e-mail and Internet usage while at work can be substantial when measured across an entire corporation. Likewise, other forms of employee misconduct such as discrimination can also have a significant impact on productivity as employees spend significant time engaged in, or focused upon, the conduct in question. Nationwide, it is estimated that corporations lose hundreds of billions of dollars annually due to lost productivity from these distractions and disruptions, as well as others.
In addition, corporations spend billions each year implementing systems and procedures to prevent and/or identify such conduct and disruptions. Many corporations monitor e-mail and Internet usage for both improper content, including the
prevention and detection of potential IP theft, and lost productivity due to excessive usage. While the Internet has provided limitless access to useful information to enhance an individual’s productivity and success in their profession, it also can provide limitless distractions. Whether it be due to conducting personal business (such as paying bills), shopping, or pursuing personal interests (such as sports or travel), or figuring out what movies are playing tonight, it all results in lost work time that ultimately costs the corporation.
It is also not uncommon for employees to use corporate assets for personal gain, thereby depriving the corporation the use of those assets and the potential return on those assets. Sometimes individuals will use corporate assets to run side businesses. In other situations, individuals may use access to confidential information to identify, and at times usurp, opportunities for personal gain that rightfully belonged to the corporation.
In summary, most types of employee misconduct incur some cost and therefore potential monetary loss to the corporation. While many types of improper behavior in the workplace may be minor and difficult to quantify, over time these transgressions can result in a significant monetary impact to the corporation through disruptions in the work environment and the overall loss of productivity. While identifying and tracking such behavior is oftentimes complicated, as well as costly to the extent undertaken, in some situations the potential costs and risks to the corporation justify the need for the types of computer forensic techniques described in this book. A few examples of those situations are described in more detail in this chapter.
TYPES OF MISCONDUCT
Employee misconduct can encompass a wide-range of prohibited, inappropriate, and even illegal behavior or activity. The most common or well-known forms of employee misconduct involve the misuse of corporate assets, including both the inadvertent and the intentional, such as removal of corporate assets for personal consumption (theft of office supplies). Everyone, no doubt, has at some point left the office with a pen, a pad of paper, or other asset purchased by and belonging to the corporation. In addition, everyone has likely used a computer printer or copier for personal reasons such as printing birthday invitations or copying personal records such as bill payments or tax returns. Each may likely be in violation of a corporation’s policies prohibiting the use of corporate assets for personal business. (Early in my career I remember a study conducted by a company where I was working that concluded the company had purchased enough rulers and staplers in the past year for everyone in the company to have in excess of three each.) While the misuse/theft of office supplies may be the most common, in the digital age, corporate usage policies have also extended to include and cover the use of computers, e-mail, and Internet, limiting their use to legitimate business purposes only.
Employee misconduct can also be rooted in employment law surrounding the protection of employees from unlawful discrimination or harassment. While most companies have internal policies and procedures regarding the treatment of other employees in the workplace, many of these policies and procedures are governed by state and federal employment laws that protect employees from employment discrimination based on race, color, religion, sex, or national origin. Other federal laws protect individuals from wage discrimination and discrimination based on age or disability. Discrimination under these practices also precludes employees from being harassed, retaliated against, or denied advancement or promotion based on an individual’s race, color, religion, sex, age, and so on.
In addition to the types of employee misconduct that may result from actions of current employees in the workplace, other misconduct may arise out of an employee’s or a former employee’s failure to adhere to certain conditions outlined in agreements between the respective employee and the corporation. In many corporate settings, certain employees enter into employment agreements stating the specific terms and conditions of the individual’s employment, as well as the obligations expected of both parties to the agreement. Often these employment agreements, and sometimes supplemental agreements, especially where professional services are involved (such as accounting, consulting, and so on), will include certain conditions upon an employee’s termination or departure from the corporation. These agreements typically take the form of a non-compete and/or non-solicitation agreement, where the individual is precluded, for a certain period of time, from competing against the corporation, soliciting either the corporation’s clients and/or employees, or both. As many corporations invest heavily and rely significantly on the skills and expertise of their employees, the loss of such skills to a competing interest could have a significant impact on the company’s profitability and overall success. As such, violations of agreements between employers and employees often lead to disagreements and disputes between the parties that sometimes end up in litigation.
While many individual actions may have negligible impact to a corporation, certain practices, especially where practices are sustained and widespread, can pose significant threats and have serious detrimental impacts to a corporation’s health, productivity, and profitability. In these situations, computer forensics has proven to be a valuable tool in uncovering inappropriate, as well as illicit, behavior and in quantifying the extent of the behavior and potential risk and exposure to the corporation.
In this chapter, we focus on three examples of employee misconduct that are both commonplace and have the potential to be disruptive and costly to a corporation:
• Violation of corporate usage policies
• Employment discrimination and harassment
• Violation of non-compete/non-solicitation agreements
Inappropriate Use of Corporate Resources
Corporate resources come in many forms, from pens and paper clips, to computers, access to the Internet, and intellectual property. As with any asset, the corporation has an interest in protecting its assets from theft and improper use. In the digital age, the improper use of computers and the Internet is common. As more and more employees have access to computers, e-mail, and the Internet in the workplace, companies are finding it more difficult to monitor and control the use of those privileges. The use of computers, e-mail, and the Internet have become instrumental, as well as routine, in the day-to-day lives of many in the workplace; however, that access typically comes with a certain level of professional responsibility—namely to limit their use for business purposes.
While infrequent use of e-mail and the Internet for personal reasons is common, as well as commonly accepted in the workplace, they can all be used for improper or illegal activity that puts the corporation at significant risk. Examples may include the unlawful copying and/or downloading of software, videos, or music; using computers to view, download, and/or share pornographic materials; conducting improper and illegal activity with the use of corporate computers such as hacking into other computers and Web sites or creating and transmitting computer viruses or spam related e-mail traffic; and the dissemination of confidential information regarding the corporate practices or financial results.
What to Understand
When individuals are suspected of misusing corporate resources, you first need to understand whether the suspected behavior or activity involves computers, e-mail, the Internet, or some combination of the three. Each asset or resource will have its own unique characteristics in how it is accessed, utilized, maintained and tracked, as well as potentially backed up within an organization. Understanding an individual’s access (open and secure) to a computer or computers, the corporation’s system of networks, e-mail (whether corporate or access to personal e-mail accounts), and the Internet, will help you define the population of potential sources of information that may need to be evaluated to discern the nature and extent of the alleged inappropriate use of corporate resources. In other words, you must determine what is the web of potential access to information, computers, and networks that may emanate from an individual suspected of misusing corporate information or resources.
Second, co
nsider whether the computer, e-mail, and networks in question are suspected of being used as a tool in the alleged misconduct (such as to gather and disseminate confidential information), were themselves alleged to be misused (such as to run a side business or used to hack into other systems and networks), or may merely contain evidence of employee misconduct (such as e-mail evidence of harassment, or downloaded files with improper content).
Third, consider the general nature and/or purpose of the inquiry regarding an employee’s conduct. Is the corporation primarily concerned with ensuring compliance with existing corporate policies and procedures, or does concern extend to investigating potential illegal activity or other conduct that could result in the termination of the employee?
Fourth, when investigating allegations of suspected employee misconduct, clearly understanding what policies, procedures, and other guidelines may exist regarding such behavior is important. The breadth and specificity of corporate policies and procedures regarding the use of corporate resources and information varies from company to company. However, what is more common is the lack of knowledge and education among employees and management as to the existence of certain policies and procedures, as well as clear understanding as to what types of behaviors may be in violation of those policies and procedures. When investigating allegations of suspected employee misconduct, you must understand what policies, procedures, and other guidelines exist regarding such behavior. In other words, you need to know specifically what you’re looking for and why the company considers it inappropriate.
Hacking Exposed Page 38