Information Technology and Ethics/Remote Work

Remote work refers to working from a remote location or commonly from one's home. Remote work allows an employee to work from an off site location.

Due to the Covid-19 Pandemic many businesses and offices had to be closed and companies had to shift employees to remote work and work from home. “In 2019, fewer than 6% of Americans worked primarily from home, per the American Community Survey.” ^[1]

Due to the Covid-19 pandemic remote work from home has increased in prevalence since 2020. According to the Pew Research Center, “57% say they rarely or never worked from home prior to the coronavirus outbreak.” ^[2] With business concerns over how productive employees are productive when working from home, monitoring software has been implemented with work from home to monitor employees' engagement to and making sure they are working.

“Monitoring ensures that the company’s resources are being used efficiently. Employee monitoring also includes checking the activities of the employees working outside the office to identify if the provided resources are used well.” ^[3] Some of the ethics concerning monitoring employees require transparency of monitoring, effective policies, and communication with the employees.

The way we work changed overnight with the lockdowns imposed by the COVID-19 pandemic, and remote working became the new normal. Prior to the pandemic, very few employees worked from home all the time, but in 2020 that number skyrocketed. 57% of workers said they rarely or never worked from home before the coronavirus spread, according to the Pew Research Center.^[4] In response to concerns about ensuring productivity in a remote working environment, many organizations implemented employee monitoring softwares. They allow employers to monitor many aspects of employees’ work, including when they log on and off work systems, the speed of their keystrokes and the content of their email communications and browser history. Monitoring can offer useful information about employees’ engagement and resource use, but it is also a fraught issue with ethical implications in privacy, trust, and autonomy. This part discusses employee monitoring techniques, ethics and legality, and best practices in the context of remote work.

Monitoring employee activity as they work remotely can be accomplished in a number of different ways, from watching app usage and keystrokes and even taking screenshots, to analyzing emails and messaging, and web browser use. Some employers even use videoconferencing apps to gauge attention or platforms for managing projects that track task-completion rates. Using a case study format from FinPro, an international financial services company who has invested in specialized computer monitoring software among other tools (like InterGuard) to ensure remote employees are doing what they’re supposed to be doing. This software allowed for detailed timelines of applications and website history to be created, labelled as productive or unproductive activity, and flagged up to managers if potentially questionable actions, such as looking up job opportunities, were detected.^[5] Also, FinPro made use of platforms, such as Zoom, for more than just initiating meetings and moved beyond to capture data for participant's attentiveness and environment. Though such tools have offered organizations valuable points of insight into employee engagement and security risks, they have also prompted serious questions about the boundaries of surveillance and the ethical application of employee data. Good scrutiny of proportionality, purposes limitation and data protection principles generally are essential when installing these technologies in work environments.

Employee monitoring inevitably raises sensitive concerns relating to privacy, individual consent, and workplace trust. As emphasized in a recent report published by the Electronic Frontier Foundation (EFF), invasive digital surveillance may unintentionally create an atmosphere where employees feel compelled to alter their usual conduct, even in the absence of any wrongdoing. ^[6]

When companies stealthily deploy highly intrusive monitoring tools without sufficient openness, they risk undermining staff morale and contributing to increased stress levels among employees. Ethically compliant remote work oversight necessitates that organizations transparently communicate what employee behaviors and activities are being tracked, constrain data aggregation to tasks connected to work responsibilities, and guarantee surveillance serves a demonstrably proportional commercial purpose. It is also important that companies make channels accessible allowing workers to voice worries pertaining to surveillance practices. Sustaining an environment encouraging frank discussions aids in safeguarding employee autonomy while also cultivating a culture defined by trust and integrity, which ultimately benefits both ethical standards and organizational performance.

Legal frameworks that safeguard employees' rights while enabling employers to protect their business must be adhered to by employee monitoring. Employers are permitted to monitor employee communications in the United States under laws like the Electronic Communications Privacy Act (ECPA) of 1986 as long as there is a valid business reason for doing so. However, some states have more stringent regulations, such as requiring employee consent.^[7] Higher standards are set by the General Data Protection Regulation (GDPR) in the European Union, which requires employers to provide clear notice and justification for monitoring that is necessary, proportionate, and respectful of employee privacy.^[8] These legal frameworks are frequently bridged by corporate policies that mandate transparency, restrict monitoring to work-related activities,  and making sure that collected data is securely stored and that only authorized personnel have access, corporate policies frequently serve as a bridge between these legal frameworks. In addition to reducing legal risk, a strong legal and policy base encourages moral and responsible workplace surveillance.

Employee monitoring can offer clear organizational benefits, including increased productivity, improved cybersecurity, and enhanced compliance with regulatory requirements. Research from Gartner shows that organizations deploying monitoring tools to support remote work reported a 12% increase in productivity, particularly when monitoring was paired with support initiatives like training and feedback systems.^[9] However, if implemented poorly, monitoring can also lead to employee resentment, reduced job satisfaction, and a heightened sense of distrust toward management. Workers who feel constantly surveilled may perceive their workplace as intrusive, leading to disengagement or even attrition. A thoughtful balance between oversight and autonomy is crucial to maximize the benefits of monitoring while minimizing its psychological and ethical costs.

• Enhanced Productivity: Monitoring tools can help identify workflow bottlenecks and inefficiencies, enabling managers to optimize processes and improve overall productivity.
• Improved Accountability: By tracking performance metrics, organizations can hold employees accountable for their tasks, fostering a culture of responsibility.
• Data-Driven Decisions: Access to real-time data allows for informed decision-making regarding resource allocation and project management.

Cons:

• Privacy Concerns: Excessive monitoring can infringe on employee privacy, leading to discomfort and potential legal issues.​^[10]
• Reduced Trust: Over-monitoring may signal a lack of trust in employees, which can erode morale and engagement.^[11]
• Potential for Micromanagement: Detailed monitoring data might tempt managers to micromanage, stifling employee autonomy and creativity.​^[12]

According to Gartner research, while 60% of large employers have adopted monitoring tools, only 41% of employees report clear communication about data collection practices, highlighting the need for transparency to maintain trust.^[13]

It is important to ensure that monitoring employees remains ethical and respects worker rights, employers and companies are to follow best practices deeply grounded in transparency, fairness and proportionality.  Society for Human Resource Management (SHRM) states that purpose-driven monitoring, clear communication and respect for employee are foundational pillars of ethical surveillance. ^[14] There is a higher percentage for organizations that engage workers in conversations about focus surveillance and monitoring policies to have a greater trust and compliance from their employees.

Recommended best practices for establishing a moral system of oversight encompass:

Openness: Clearly communicate to employees about the activities that are being monitored, how their data is used and who has access.

Purpose Limitation: Only monitor employee activities that are strictly and directly related to business operations and job performance.

Consent and Notification: Get staff members to agree to monitoring guidelines and remind them on a regular basis.  

Data Security: Protect all gathered monitoring data to avoid misuse or illegal access.

Review and Update Policies: Make sure that monitoring procedures are still reasonable, required, and compliant with the law by conducting regular audits and making necessary adjustments.  

By encouraging justice and accountability, ethical monitoring procedures improve company culture in addition to defending employee rights.

The adoption of new monitoring tools has been made necessary by the shift to remote work environments, but it has also heightened long-standing ethical concerns about employee autonomy, privacy, and trust. Employee well-being, ethical norms, and legal requirements must all be carefully taken into account by organizations that use employee monitoring. Monitoring should support justifiable commercial objectives without devolving into excessive or intrusive surveillance. Important components of ethical monitoring include openness, minimal data collection, robust data security procedures, and employee involvement. By taking a principled stance, companies can reduce legal risks while simultaneously building a strong, trustworthy culture that promotes employee success and business continuity in the rapidly changing workplace of the future.

According to the United States Census Bureau, the number of employees working from home has tripled from 2019 to 2021^[15], with the primary driving factor being the COVID-19 pandemic. Prospectively, larger corporations are providing their employees with work-from-home (remote) or hybrid work options. While more employees transition to working from home on their company-provided hardware, they must remotely access internal business network resources and the internet. While traditional methods of network monitoring involve analyzing network traffic within a physical location, remote workers slightly complicate monitoring procedures. Employees working from home are often required to connect to a Virtual Private Network (VPN) tunnel, that allows them to "virtually" enter their business network environment to gain access to critical company resources.

Virtual Private Networks (VPNs) create a secure and encrypted connection between a remote worker’s device and a VPN server^[16]. In most cases, the VPN server (also known as the Network Access Server) is located on-premises in the company's data center and the VPN client is deployed on employee devices. Once the employee is connected, they gain access to the business's Local Area Network (LAN) to access any internally hosted applications or services. For example, a company may host an internal application dedicated for human resources management, or a portal that provides employees with timesheets. Since these resources are only accessible within the business's network, remote workers can securely connect to the network via a VPN, offering both physically present and remote employees the same network assets. Although VPN tunnels facilitate secure remote work, VPN technologies are not absent of drawbacks. Deployment on company-provided managed devices adds complexity to onboarding and device configuration, and can serve as a critical point of failure, especially if a business heavily relies on remote employees. Company-hosted VPN servers require robust infrastructure and extensive maintenance. VPN server downtime can hinder operational progress, having detrimental effects on company performance.

A critical issue with traditional enterprise VPN networks lies in user access control and resource management. When an employee connects to a company-hosted VPN server through their VPN client, they gain access to the enterprise network and any resources on that network. These VPN architectures place significant trust on employees to only use resources designated to them, with limited means of access control. They treat users and devices the same, regardless of what they are and what they need to access, enabling lateral network movement for attackers. To remediate this shortcoming, Zero Trust Network Access (ZTNA) architectures emerged. This allows organizations to implement the "Zero Trust" information technology (IT) security model, assuming threats are present both inside and outside a network^[17]. Furthermore, ZTNA networks offload on-premises VPN infrastructure and maintenance requirements. ZTNA networks involve a cloud-based virtual network—interconnecting organizational resources across LANs through gateways and employees through ZTNA clients. Implementation involves virtual network configuration, gateway deployment, internally-hosted application declaration, and user identity and access management. Cybersecurity features include: providing continuous monitoring and validation, least privilege (only allotting permissions to users necessary to perform their roles), device access control, network microsegmentation (creating small zones throughout separate security perimeters across a network), preventing lateral movement, and multi-factor authentication (MFA).^[17] Many ZTNA providers also permit the integration of Single Sign-On (SSO) identity providers to make migration with pre-existing business IT infrastructure. Major ZTNA providers used to facilitate remote and hybrid work include Cloudflare, Palo Alto Networks, Cisco, Fortinet, Citrix, and Zscaler.

Although ZTNA is largely considered more effective to facilitate secure remote and hybrid work, implementing Zero Trust Architecture through enterprise ZTNA vendors poses its own set of ethical considerations. Often times, implementation exposes enterprise network resources to ZTNA providers. Logs including network traffic, resource access, user identities, and device information are hosted on the ZTNA vendor's servers, enabling provider personnel to access this sensitive and business critical information. This reliance raises ethical concerns around data privacy and provider integrity. Enterprises are trusting that the vendor will adhere to privacy policies and not exploit or mishandle the data flowing through their systems. Ethically, the enterprise expects the provider to confine itself to the role of facilitator and not a surveillant. Privacy protection agreements and strong contractual data use policies are therefore critical; the provider should explicitly commit that sensitive logs and metadata will only be used for delivering security services, not for marketing, profiling, or other secondary uses. Responsible providers will implement privacy by design, minimizing the data they retain and employing safeguards like encryption for any logs they must store.^[18] Furthermore, there remains risk of provider breaches or misuse. Even well-intentioned providers can have security failures. If a ZTNA provider is compromised, the breach could expose detailed records of every client’s internal usage. By demanding accountability and clarity upfront, organizations reinforce their duty to protect stakeholder data even when outsourcing the access control layer. Moreover, businesses should perform thorough research prior to choosing a ZTNA vendor, considering breach frequencies, severity, downtime, recovery time, and redundancy measures.

However, even if employees are not connected to a VPN connection, some organizations still allow them to connect to third-party websites or applications. In that case, there is still a risk of cyber attacks as employees are using third-party applications on organizations' resources. For these concerns, companies put some restrictions and monitor every network that the resources connect to. IT administrators in organizations are experts in these types of tasks and they customize company-managed resources in such a way that every connection is monitored. Every single IP address that the machine connects to is recorded and tracked regularly by the IT team people to reduce the risk of cyber-attacks and prevent further damage to resources. They track every single activity that users perform on different networks with company resources like Mobiles, Laptops, desktops, etc.^[19]

Packet sniffers are one of the best examples of network monitoring or surveillance tools that are used by companies^[20]. These keep track of Websites visited, frequency of websites visited, page views, emails sent, messages sent, any unattended network, downloads, etc. These tools help companies to determine how much time an employee is online and whether are they performing any inappropriate activity or not. Apart from these, companies use firewalls and network/router logs to monitor overall internet traffic. They also periodically scan resources and networks to determine if any unethical behavior is performed or if any forbidden websites have been visited. They write firewall rules to block a third-party website that is regularly visited by people.

Remote connection monitoring also known as end point monitoring is the use of software tools to manage how each remote device connected to the network behaves. RCM serves many purposes within an organization. One main reason many organizations use RCM is for security and threat detection purposes. Organizations are also required to have RCM within their networks to meet compliance requirements. RCM can be versatile in not just monitoring systems but also in managing systems on a network. While it is crucial to use remote connection monitoring to save on time and money, employers should not use the opportunity to infringe on their employee’s rights to privacy and security. This source should allow you the opportunity to learn the basic uses of RCM such as functionality, purpose, and the frameworks/policies that are recommended for ethical use of RCM.

Remote Connection Monitoring not only watches systems it can also provide active administration to remote systems. Administrators can analyze data provided to them by remote systems such as resource output, the health of the system, and overall performance ^[21]. Administrators can actively control remote systems too such as deactivating devices, install updates, and implement security patches. RCM provides organizations with software that can provide active security, and mitigation systems. They can also be implemented in a number of different types of devices such as network devices, servers, and mobile devices.

Remote administration allows administrators and service providers to communicate with connected devices without needing physical access. This is a crucial component of Remote Connection Monitoring (RCM). Remote management solutions make it possible to safely  perform tasks including updating firmware, software, changing configuration settings, restarting systems, and shutting down equipment. Preserving system performance or improving security, administrators can also enable or stop particular services or functionalities as needed. These features guarantee that networked devices are safe, up to date and based on business requirements in addition to streamlining IT processes.

Improving an organization's cybersecurity infrastructure is one of the reasons for deploying Remote Connection Monitoring (RCM). RCM monitors the performance, behavior, and network activity of remote devices, allowing security teams to preemptively identify vulnerabilities ^[22]. This ability can be used to identify anomalies, unauthorized access, or signs of compromise before they become breaches. Rapid incident response is further managed by RCM, which allows remote isolation, patch distribution, or configuration adjustments to decrease vulnerabilities ^[23]. Integrating RCM into their security architecture, organizations can improve the safety of critical data, ensure compliance with security standards. This can lessen the possibility of attacks.

Companies should strive to develop a clear set of policies on the purpose and scope of remote connection monitoring. The policy should define what activities need to be monitored and also outline activities that would be deemed inappropriate ^[24]. A clear policy not only builds employee trusts but also removes the vagueness of blanket policies.

When using Remote Connection Monitoring (RCM), organizations must put data confidentiality first. Strict access controls should be set up in monitoring systems to guarantee that only individuals with permission can view or handle sensitive data ^[25]. Strong data security procedures must also be put in place to guard against unintentional exposure or misuse of monitored data. Employee trust in the system can be increased and sensitive data protection reinforced by encrypting communications, recording access activity, and carrying out routine audits.

Openness is crucial for implementing RCM policies. Employers should be transparent with their staff about what is being watched, why it is required, and how the information will be utilized. A culture of trust is promoted and uncertainty or suspicion is reduced when the scope and goal of monitoring are made clear. Knowledgeable staff members are more likely to respect the project and support it, which boosts collaboration and morale at work.

Organizational requirements and employee privacy rights must be balanced in effective RCM programs. Monitoring initiatives have to be carefully restricted to work-related tasks and matched with well-defined objectives like security or compliance. Excessive surveillance, such as monitoring private or irrelevant activities, can breach privacy rights and raise moral and legal issues. A targeted, goal-oriented strategy guarantees that monitoring stays appropriate and justified.

Organizations must implement RCM rules uniformly across all departments and employee groups in order to maintain equity and prevent conflict in the workplace. Perceptions of prejudice, discrimination, or distrust may result from singled out particular people or groups for closer observation. An inclusive workplace, legal conformity, and the avoidance of a hostile or polarized working culture are all ensured by uniform implementation.

Real-time monitoring and control of distant equipment is made possible by Remote Connection Monitoring (RCM), which is essential to contemporary organizational infrastructure. For companies of all sizes, its capacity to improve cybersecurity, optimize IT operations, and guarantee compliance makes it an essential tool. This capacity does, however, come with the need to use RCM in an open and moral manner. Businesses must carefully balance operational effectiveness and security monitoring, while also protecting employee privacy and upholding confidence. RCM may be applied in a way that advances corporate objectives and moral principles by defining explicit guidelines, safeguarding private data, and guaranteeing uniform implementation.

The misuse of employer issued equipment, such as computers, smartphones, and tablets rais significant ethical concerns in the workplace. this type of behavior often referred to as employee abuse of company property, this includes any unauthorized or inappropriate use of company resources that are intended to solely for work related purposes. The most basic example can be scrolling social media on a company laptop, or online shopping during work hours. while these actions seem harmless, theirs a breach of trust and can reduce productivity. more severe examples would be installing unauthorized software, intentionally spreading malware, stealing proprietary data, or using company assets for personal interests.

From an ethical standpoint, employee misuse of company property violates principles of honesty, responsibility, and integrity. Employees are expected to use company resources in a manner that reflects the organization's values and protects its interests. Any use of assets for personal gain, without explicit permission, constitutes a conflict of interest and can undermine workplace morale and trust.   

Some common forms of asset misuse include:  

• Personal use during work hours (e.g., excessive personal emails, streaming content, gaming).  

• Installing unauthorized or pirated software that may pose security risks.  

• Accessing inappropriate or illegal content using company devices.  

• Sharing or stealing confidential company information.  

• Using company equipment to conduct outside business or freelance work.  

• Physically damaging or neglecting company property due to carelessness.  

Even minor abuses, if unchecked, can contribute to a culture of disregard for organizational policies and ethical standards. It is essential for organizations to establish clear policies regarding the use of company property and to educate employees on the ethical obligations tied to those resources. Equally important is fostering a culture of accountability, where employees understand that responsible stewardship of company assets is a reflection of professional integrity. "In 62% of U.S. organizations, a typical user has access to at least five to 10 applications that contain sensitive data, such as information on financial, healthcare or intellectual property. At 50% of U.S. organizations, the typical user could access between 11-20 business applications". ^[26]

Misuse of company resources: unethical behavior and organizational risks  

The misuse of company assets extends beyond personal use of devices, in can include serious breaches of ethical and legal boundaries. such actions not only undermine the employer - employee relationship but also put the organization at risk of financial loss, reputational damage, and legal liability. "Misuse of company assets can have significant consequences for an organization, including financial losses, damage to reputation, and legal or regulatory sanctions. It can also create a culture of mistrust and erode employee morale and loyalty". ^[27]

Below are several unethical practices that exemplify misuse of assets:

• Renting Out Company Resources to Third Parties  

Employees who rent out company property such as equipment, vehicles, or office space for personal gain engage in a blatant misuse of resources. This practice violates the principle of fiduciary responsibility and can have legal ramifications. Ethically, employees have a duty to act in the best interests of their employer, not to leverage corporate assets for side income or favors.  

• Creating Rival or Counterfeit Products Using Company Facilities  

Manufacturing fake or competing products using an employer's tools, raw materials, or intellectual property is not only unethical it can constitute fraud and industrial sabotage. This behavior represents a severe breach of loyalty and trust and may result in criminal prosecution under laws that protect trade secrets and intellectual property.  

• Operating a Competing Business While Employed  

Running a business that competes with one’s employer—especially using company time or assets—creates a direct conflict of interest. This dual allegiance can cloud judgment and result in decisions that favor the employee's personal ventures over the organization’s success. Ethically, employees are expected to avoid situations were personal interests' conflict with professional duties.  

• Exploiting Subordinates for Personal Ventures  

Directing employees or subordinates to perform tasks for a separate business or a fictitious entity (often called a "ghost firm") without their informed consent constitutes exploitation and abuse of authority. It manipulates power dynamics in the workplace and can be legally challenged under labor and employment laws.  

• Unauthorized Discounts or Free Goods to Friends and Family  

Offering unauthorized perks, discounts, or goods to personal connections is a form of theft and favoritism. This practice not only costs the company financially but also fosters an unethical workplace culture where favoritism replaces fairness and policy adherence.  

Investigating employee misconduct: Ethical Due process

When suspicions of asset misuse arise, it is natural for management to want to act quickly. However, ethical and strategic responses require thorough investigation. A well-executed internal inquiry can collect the necessary evidence to establish facts and ensure fair treatment. This process not only provides leverage in the event of legal action but also reinforces a commitment to due process and justice. "Employee misconduct ranges from simple issues such as spending too much time on the phone or Internet to acts of violence. Some situations can be handled with a reprimand or warning. Serious offenses may require an investigation to substantiate allegations or suspicions. In rare instances, you may need to report the situation to the police or another outside agency". ^[28]

Documentation of misconduct such as digital trails, witness statements, or financial audits is essential when considering disciplinary actions, including termination or litigation. Investigations also send a clear message to the workforce, unethical behavior will be addressed thoughtfully and professionally, not reactively.  

Legal frameworks: The role of the computer Fraud and Abuse act (CFAA)

The CFAA is a key piece of federal legislation that criminalizes unauthorized access to computer systems. Although the act does not provide a strict definition of (unauthorized access) it does clarify that “exceeds authorized access” refers to using legitimate credentials to obtain or alter information one is not entitled to access. " The CFAA prohibits intentionally accessing a computer without authorization or in excess of authorization, but fails to define what “without authorization” means. With harsh penalty schemes and malleable provisions, it has become a tool ripe for abuse and use against nearly every aspect of computer activity". ^[29]

This legal vagueness has led to debates, especially when employees access company systems for non-work-related purposes. Nonetheless, the CFAA remains a central statute for prosecuting egregious digital misconduct and is often referenced in cases involving data theft, hacking, and insider misuse of IT resources.  

Preventing technology misuse: Policies, monitoring, and culture

To proactively combat misuse of technology and digital resources, organizations can implement a combination of policy reinforcement, technical controls, and ethical education:  

Below are examples of technology misuse prevention:

• Web Filtering and Monitoring Software  

Tools that restrict access to non-work-related or harmful websites can minimize distractions and prevent risky behavior online. Monitoring tools also help employers identify patterns of misuse before they escalate.  

• Clear and Consistent Internet Use Policies  

A well-defined policy that outlines acceptable and unacceptable uses of internet and IT resources helps set expectations. This policy should be communicated clearly and reinforced through onboarding, training, and regular reviews.  

• Managerial Oversight and Ethical Culture  

Supervisors play a critical role in enforcing policy and modeling ethical behavior. A transparent, fair, and accountable work culture can reduce incidents of misuse and encourage employees to report unethical conduct without fear of retaliation.  

It's important to have implementations to prevent employee misuse, without clear guidelines and ways to monitor, access, and inspect employee resource usage, organizations are valuable.

The term Time Theft is a rather loose term describing a specific type of theft by an employee on the employer. This term applies primarily to two separate means of theft. The first way is in the case that an employee misrepresents his/her hours worked in order to gain larger sums of money for time that the employee did not work. The second way, is where an employee shirks responsibility and avoids doing their job while participating in paid company time. The latter term has also been dubbed Quiet Quitting by many media outlets in recent years. Quiet quitting describes employees performing only the minimum required duties without additional engagement, often as a response to burnout or dissatisfaction^[30]. Both forms represent breaches of the labor-for-compensation agreement and carry negative ethical implications for organizations and workers alike.  

Remote Work and Detection Challenges

The increase in remote work has made the detection of time theft more difficult. In traditional office settings, managers can directly observe employee activity. In remote environments, oversight relies heavily on technology. Organizations have adopted various tools, including keystroke monitoring, time tracking software, and activity logging systems, to monitor remote employee productivity. While these tools can enhance accountability, they also raise concerns regarding privacy, autonomy, and workplace trust.

Case Study: Besse v. Reach CPA Inc.

A notable example of time theft litigation is the case of Besse v. Reach CPA Inc.^[31]Karlee Besse, an accountant, filed a wrongful dismissal claim after her employer terminated her contract for alleged time theft. Following concerns about performance, Reach CPA implemented TimeCamp tracking software, which recorded a discrepancy of approximately 50.76 hours between Besse's reported work time and actual work activity.

Besse contended that she had worked with physical documents and used her work laptop for personal activities outside working hours. However, the Civil Resolution Tribunal found her explanations insufficient. The Tribunal ruled that Besse engaged in serious misconduct and ordered her to repay $2,603, covering unaccounted work hours, home office equipment advances, educational fees, and tribunal costs. This case highlights evolving challenges in employee monitoring, trust, and accountability within remote work environments.

Ethical Implications

The ethics surrounding time theft and employee monitoring are multifaceted. Employees often advocate for autonomy and the presumption of trust, arguing that flexible use of their workday should be permissible, especially in remote settings. Employers, conversely, maintain a right to expect attentive, productive labor during compensated hours.

Excessive surveillance may harm employee morale, increase workplace stress, and contribute to disengagement. Research from the Journal of Business Ethics indicates that constant monitoring is associated with higher stress levels and lower job satisfaction^[32]. Similarly, findings in Business Ethics Quarterly reveal that perceptions of unfair monitoring practices correlate with employee turnover and decreased engagement.

Trust remains essential to sustainable remote work arrangements. Organizations face a delicate balance: too little oversight may lead to exploitation, while over-surveillance risks damaging organizational culture and employee well-being.

Psychological Motivations Behind Time Theft

Studies suggest that employee motivations for time theft fall into three categories:

• Self-oriented motives, such as personal pleasure or financial gain.

• Other-oriented motives, such as helping coworkers or yielding to peer pressure.

• Work-oriented motives, where employees justify time theft as improving perceived efficiency. Time theft not only affects the actors but also influences observers in the workplace. Employees who witness time theft may experience emotional reactions, such as anger or compassion, depending on how they interpret the motives behind the behavior. These dynamics can influence broader workplace morale and culture.

Solutions and Future Trends

Organizations are exploring alternatives to intrusive monitoring to reduce time theft while preserving employee trust. Outcome-based management models, where performance is measured by deliverables rather than hours worked,^[33] have shown effectiveness in reducing time theft incidents.

Additionally, strategies such as promoting mindfulness and work meaningfulness have been linked to improved ethical behavior and reduced incidence of time theft. Transparent communication about monitoring policies, informed consent, and minimal intrusiveness are increasingly emphasized in ethical surveillance practices.

Future approaches to managing remote workforces are expected to combine technological tools with ethical, trust-centered management strategies to ensure fairness, accountability, and respect for employee autonomy.

Both of these methods behave as theft as the employee betrays their responsibility in the capitalist transaction of labor for credit, by failing to uphold their commonly contractual agreement to provide services for the money in which they are receiving. And as such are of negative ethical impact.

With the growth of remote work it has become more difficult for employers to detect and prevent time theft. As they cannot physically monitor their employees' activities as easily as they could in an office setting, employer's have begun to look for new methods to prevent Time Theft. Some companies have implemented new technologies such as time tracking software and keystroke monitoring tools to ensure that employees are working productively.

The ethical repercussions of remote work aided time theft are multifaceted. On one hand many employees would seek to argue, that they deserve the dignity and respect to be trusted with managing their own time and allowed to work in the way that best suits them. This is regardless of whether that involves employees taking breaks or engaging in personal activities during work hours. However arguably speaking, employers reserve the right to expect their workers to work attentively and productively during work hours, especially if those employees are compensated for that time.

As it currently stands, it remains the company's decision regarding how they want to handle time theft in a remote work setting. Some companies have chosen to be more lenient and allow their employees more flexibility, while others have taken a stricter approach and use technology to closely monitor their employees' activities.^{[34] [35]}

1. ↑ https://www.ncci.com/SecureDocuments/QEB/QEB_Q4_2020_RemoteWork.html
2. ↑ https://www.pewresearch.org/social-trends/2022/02/16/covid-19-pandemic-continues-to-reshape-work-in-america/
3. ↑ https://www.onblick.com/blogs/monitoring-remote-employees-is-it-ethical
4. ↑ Minkin, Kim Parker, Juliana Menasce Horowitz and Rachel (2022-02-16). "COVID-19 Pandemic Continues To Reshape Work in America". Pew Research Center. Retrieved 2025-04-27.
5. ↑ Sipior, Janice (2021-10-12). "Monitoring Remote Employees at FinPro". Communications of the Association for Information Systems. 49 (1). doi:10.17705/1CAIS.04912. ISSN 1529-3181.
6. ↑ "Employee Monitoring: Surveillance Solutions for COVID-19 and Beyond". Electronic Frontier Foundation. September 2020.
7. ↑ "Privacy in the Workplace". Privacy Rights Clearinghouse. March 2022.
8. ↑ "Data Protection and Employee Monitoring". GDPR.eu. 2020.
9. ↑ "Gartner HR Research Shows How to Monitor Remote Employee Productivity Without Micromanaging". Gartner. August 18, 2020.
10. ↑ Malek, Nadine (2023-03-07). "The Pitfalls of Micromanagement". Prodoscore. Retrieved 2025-04-28.
11. ↑ https://freedom.to/blog/why-monitoring-your-remote-teams-activity-wont-make-them-more-productive/?utm_source=chatgpt.com. {{cite web}}: Missing or empty |title= (help)CS1 maint: url-status (link)
12. ↑ Malek, Nadine (2023-03-07). "The Pitfalls of Micromanagement". Prodoscore. Retrieved 2025-04-28.
13. ↑ "3 Ways to Monitor Employee Productivity". Gartner. Retrieved 2025-04-28.
14. ↑ "Managing Employee Monitoring in the Workplace".
15. ↑ Bureau, US Census. "The Number of People Primarily Working From Home Tripled Between 2019 and 2021". Census.gov. Retrieved 2023-04-22.
16. ↑ "Why remote workers should use a Virtual Private Network (VPN)". tailscale.com. Retrieved 2025-04-24.
17. ↑ ^{a b} "What is Zero Trust Network Access (ZTNA)?". www.cloudflare.com. Retrieved 2025-04-24.
18. ↑ "Ethics and Zero Trust: Striking a balance between security and…". Highberg. Retrieved 2025-04-28.
19. ↑ "What Are the Methods Used by Companies to Monitor Employee's Computers?". Small Business - Chron.com. Retrieved 2023-04-22.
20. ↑ "How do Employers Monitor Internet Usage at Work?". Easy Tech Junkie. Retrieved 2023-04-22.
21. ↑ Zhou, Shouqin; Ling, Weiqing; Peng, Zhongxiao (2007-07-01). "An RFID-based remote monitoring system for enterprise internal production management". The International Journal of Advanced Manufacturing Technology. 33 (7): 837–844. doi:10.1007/s00170-006-0506-6. ISSN 1433-3015.
22. ↑ Kamruzzaman, Abu; Ismat, Sadia; Brickley, Joseph C.; Liu, Alvin; Thakur, Kutub (2022-12-07). "A Comprehensive Review of Endpoint Security: Threats and Defenses". IEEE: 1–7. doi:10.1109/ICCWS56285.2022.9998470. ISBN 978-1-6654-8938-6. {{cite journal}}: Cite journal requires |journal= (help)
23. ↑ Arfeen, Asad; Ahmed, Saad; Khan, Muhammad Asim; Jafri, Syed Faraz Ali (2021-11-23). "Endpoint Detection & Response: A Malware Identification Solution". IEEE: 1–8. doi:10.1109/ICCWS53234.2021.9703010. ISBN 978-1-6654-1208-7. {{cite journal}}: Cite journal requires |journal= (help)
24. ↑ Mbunge, E.,; Muchemwa, B. (2022). "Towards emotive sensory Web in virtual health care: Trends, technologies, challenges and ethical issues". Towards emotive sensory Web in virtual health care: Trends, technologies, challenges and ethical issues.{{cite web}}: CS1 maint: extra punctuation (link) CS1 maint: multiple names: authors list (link)
25. ↑ Kalashinikova, A. M.; Menyailova, I. I.; Nikhapetyan, L. A.; Grachyova, I. M.; Konurkina, A. A. (1975). "[Thermo- and pH-stability of soluble and silichrome-80 immobilized proteinase from Bacillus subtilis]". Prikladnaia Biokhimiia I Mikrobiologiia. 11 (6): 842–847. ISSN 0555-1099. PMID 1741.
26. ↑ "Most companies dealing with employee misuse of business apps: report | Cybersecurity Dive". www.cybersecuritydive.com. Retrieved 2025-04-26.
27. ↑ "What defines misuse of a company's assets?". Whistleblower Hotline & Integrity Services. Retrieved 2025-04-26.
28. ↑ "Misconduct Investigations » Business.Idaho.gov". Business.Idaho.gov. Retrieved 2025-04-26.
29. ↑ "NACDL - Computer Fraud and Abuse Act (CFAA)". NACDL - National Association of Criminal Defense Lawyers. Retrieved 2025-04-26.
30. ↑ HU, Biyun; MENG, Liang (2024). "Formation and consequences of employee time theft: A motivational perspective". Advances in Psychological Science. 32 (3): 433. doi:10.3724/sp.j.1042.2024.00433. ISSN 1671-3710.
31. ↑ "Time-tracking Software Catches Time Theft | CanLII Connects". canliiconnects.org. Retrieved 2025-04-29.
32. ↑ Hu, Biyun; Meng, Liang (2024). "Formation and consequences of employee time theft: A motivational perspective". Advances in Psychological Science. 32 (3): 433. doi:10.3724/SP.J.1042.2024.00433. ISSN 1671-3710.
33. ↑ Wang, Zhen (March 24th, 2024). "Reducing Employees' Time Theft through Leader's Developmental Feedback: The Serial Multiple Mediating Effects of Perceived Insider Status and Work Passion". MDPI. Retrieved April 29th, 2025. {{cite web}}: Check |archive-url= value (help); Check date values in: |access-date= and |date= (help)CS1 maint: url-status (link)
34. ↑ Xu, Chenqian; Yao, Zhu; Xiong, Zhengde (2022). "The impact of work-related use of information and communication technologies after hours on time theft". Journal of Business Ethics. doi:10.1007/s10551-022-05167-1. Retrieved April 20, 2023.
35. ↑ Nadia Harris (2022). "Time theft and remote work – a serious problem or nonsense?". Retrieved April 20, 2023.