Cyber Misconduct: An ER Challenge in the New Economy

This article was published in the FIRE@X (Forum for Industrial Relations @ XLRI) newsletter in 2000.

Times have changed, so have workers, from ‘manual’ to ‘knowledge’; And the context of misconduct from the shop floor to cyber space. Explicit sexual harassment is giving way to implicit forms - the virtual medium replacing the physical. 

Cyber misconducts are defined as emotional misconducts that are committed within/against the users of the Intra/Internet. Broadly there are four categories: Pornography, Software Piracy, Credit Card Fraud and Unsolicited Commercial E-mail including other cyber frauds, tampering, manipulation, interception and alteration of computer data, e-mail abuse, gambling, time theft, hacking, sabotage of hardware and software.

Companies providing software services are facing problems in the work environment like desktops with wallpapers and screensavers containing revealing material, loads of pornographic stuff existing in the soft files of hard drives and the increasing menace of spam mails and viruses. The entry of MNCs into India has seen the development of an ‘informal’ culture but somehow there has a mismatch with the Indian mindset. The non-existence of cyber laws in the Indian system has added to the trouble.

The IT Bill, 1999, prescribes stiff penalty of Rs 10 lakh and imprisonment for 10 years for cyber crimes which includes malicious acts like downloading information without proper authorisation and infecting computer networks with viruses. The Bill also seeks to render transmission and publication of obscene material via computers illegal. Such offences will attract prison terms of 2 years and a fine of Rs 25,000 on first conviction, followed by 5 years and Rs 50,000 on subsequent convictions. The Bill further states that the contravention of the proposed act committed outside India by persons of any nationality will also be punishable.

There are additional challenges of misconduct, although not in cyberspace but in the context of software companies, like cases of employees vanishing from off-shore projects on company made visas, the deletion of software projects while leaving the company and the disappearance of CD-ROMS and multimedia plug-ins. Misuse of company infrastructure and facilities for searching out jobs and poaching of candidates is also a serious issue that needs attention.

Companies signing contracts in order to retain employees have been challenged of employing ‘bonded labour’. Attempts to counter cyber-misconducts are hampered by lack of manpower, technology, hazy jurisdictional issues and weak laws. The confidentiality agreement and conflict of interest guidelines, particularly related to ‘inventions’ in the course of employment are vague and legally unsupported. And, do standing orders stand good at all to address these issues?

Hence, formal controls governing physical access to computer operation on the basis of the use of passwords, valid user identification need to be laid down. Moreover, technical controls for a number of operations including standardised and secure message formats, correct authentication, personal identification number, digital signatures, encryption/decryption of data and backup that would be tamper-free will have to be framed.

It also needs to be seen that there is proper monitoring of the work and operations of the group of technologically expert persons to ensure that crimes are not perpetuated from inside. Computer security audit ought to be conducted. This is an activity that is gaining in importance of late and is perhaps one of the best tools available for combating computer crime. Such an audit, especially by professional organisations is a vital requisite to ensure that complacency within the organisation does not result.

ER managers need to be sensitised about these technology crimes and newer and complex types of frauds in white-collar offences. ER courses must aim at preparing managers to tackle computer-aided/related crimes that are expected to surge in the emerging era of electronic commerce so that clues are ferreted out as well as legally acceptable evidence are identified and elicited. Time for cyber action?

(This is an original piece of writing by the author based on case study experiences as conveyed by employees in four leading software companies operating in India)