CHAUDHRI: Global IT outage places extra onus on employers

Article content

It was Christmas in July for many global employees on Friday when a global IT outage locked many companies out of their own systems, giving thousands of workers the day off.

The outage stemmed from an update issued by CrowdStrike, a cybersecurity firm. Companies that operate via Microsoft Windows were impacted.

Anecdotally, I heard stories of employees at Canadian banks being told not to log in to their computers and some were told to stay home. I heard of other employees attending work, and waited to be dismissed after not being able to log on for a few hours.

Cyber expert James Bore said to one news outlet, “All of these systems are running the same software,” and that when things inevitably go wrong, “they go wrong at a huge scale.”

When it comes to data and protecting digital assets, Friday’s outage confirmed companies of all sizes are extremely vulnerable. They were left scrambling to secure their own systems and networks.

Juxtapose this against the weighty obligations employers place on employees to protect company information. The fact is, many companies constantly struggle with protecting their own digital assets.

Take for example the ransomware attack on Indigo Bookstore in 2023. The book retailer’s website went offline in February as it dealt with the cyber attack. Employee data was stolen and the company warned that some of it could appear on the “dark web.”

Global Affairs Canada similarly encountered a massive security breach In January 2024 that impacted many employees. According to the CBC, the breach affected at least two internal drives, as well as emails, calendars and contacts of many staff members.

In fact, just last week Fast Company reported the number of data breaches in the first half of 2024 (about 1.1 billion) marks a 490% uptick over the first half of 2023.

Despite cybersecurity being a growing issue both privately and publicly, depending on the industry, employees are routinely required to sign lengthy confidentiality agreements requiring them to safeguard company trade secrets and client information. Failing to do so could result in serious consequences including termination or court-imposed sanctions.

Employers are taking bolder steps to enforce confidentiality agreements against employees, particularly when an employee leaves the company to join a competitor. Sometimes employers accuse employees of taking confidential information after a termination, in breach of an employee’s obligations to the company.

RECOMMENDED VIDEO

We apologize, but this video has failed to load.

Try refreshing your browser, or
tap here to see other videos from our team.

Play Video

Employers can send cease and desist letters, threaten a statement of claim for damages, and even threaten to contact a new employer as a result of an alleged breach. Most employees fail to appreciate how far employers will go to enforce confidentiality clauses.

And while there are clear cases of employees deliberately removing confidential information for inappropriate purposes that should be pursued, more and more employers are using any ‘confidentiality’ breach as a reason to pursue a former employee.

As Friday’s global outage showed us, the world of work is smaller than ever before. Employers should take great care before launching breach of confidentiality claims against employees given the vulnerability many organizations are facing this year.

If as an organization you have failed to keep your digital assets safe, think twice before pursuing an employee for failing to safeguard your data. It could be a costly adventure, with little reward.