Q. A team member’s social media activity has spilled into the workplace. One of our veterinary technicians — I’ll call her Lauren — asked for career advice in a technician group. She wrote that she was considering leaving the veterinary field due to pay, scheduling, and burnout issues. Her profile publicly lists her employer, which made our clinic identifiable. Another technician on our team shared the post with management. We spoke with Lauren privately, and she explained that she wrote the post during a difficult moment and did not intend to criticize our clinic directly. We accepted her explanation and moved forward. However, when Lauren returned to work, tension surfaced between her and the technician who saw the post. The exchange escalated into a verbal argument until a third staff member intervened. The next morning, Lauren emailed management to say she felt harassed and retaliated against. A witness reported that both individuals contributed to the escalation. How should we handle the situation without appearing retaliatory and while restoring professionalism and preventing further conflict?
A. Conflicts that begin online and resurface inside the workplace require a thoughtful and balanced approach. The first step is to recognize that the National Labor Relations Act permits employees to discuss their wages, hours, burnout, and general workplace frustrations. Posts like Lauren’s, which reflect broad concerns about the veterinary industry and the emotional toll of the work, fall squarely within protected speech. Employers cannot discipline or retaliate against staff for expressing those views, even if the comments feel uncomfortable or unflattering.
Once the tension shifts into the clinic, however, the issue centers on workplace conduct. Sarcastic remarks, defensive reactions, and escalating exchanges are not protected activities, and management has every right to address them. Because both technicians contributed to the conflict, they should receive the same coaching.
The most effective path forward involves resetting professional expectations. You should tell both employees clearly and privately that whatever occurred online cannot enter the workplace. Personal feelings, disagreements, and off-hours interactions must remain outside your hospital. On the clinic floor, you expect team members to treat each other respectfully, avoid inflammatory comments and responding to them, and bring their concerns directly to management rather than engage in side conversations or arguments. Reinforcing that patient care, team collaboration, and professionalism are priorities reanchors the work environment.
At the same time, acknowledging the emotional undercurrent can help de-escalate the situation. Even when misunderstandings contribute to the conflict, employees benefit from hearing that their concerns were heard and taken seriously. The simple statement “We want you to feel comfortable here, and we also need everyone to maintain professionalism” strikes a productive balance.
Finally, document all conversations and expectations to protect your clinic legally and ensure that management can address any future issues quickly and consistently.
Understand, too, that online posts lose legal protection when they cross into personal attacks, knowingly false statements, harassment, threats, or the disclosure of confidential or proprietary information. Employees can discuss their work, but they cannot target coworkers with insults, spread damaging misinformation, or tell clients to avoid the business.
Q. We uncovered what appears to be unauthorized redemption activity in our supply company’s rewards portal. “ABC Supply” allows clinics to accumulate points and exchange them for gift cards. While reviewing our account history, we discovered that someone had redeemed dozens of $100 gift cards over the past few years without the approval of any member of our leadership team. The total loss is about $5,000. Until now, our clinic used a shared ABC Supply login. (We corrected that problem.) After contacting ABC Supply and our IT vendor, we obtained logs showing the dates, times, and IP addresses associated with each redemption. A few of the transactions were made from inside the clinic, while many were processed through IPs that map to the “XYZ Phone” network in the Midwest. We suspect who might have been involved, but we no longer employ the individual, though the person remains in contact with one of our current team members. I have two questions. First, can we realistically trace the redemptions to a specific person or physical address? And second, what should we do to address the situation and prevent something like it from happening again?
A. Your story is familiar. The consulting firm that employs me has heard of a marked uptick in theft cases, including stolen inventory, missing controlled substances, digital theft, payroll manipulation, misuse of staff discounts, and unauthorized access to vendor reward programs.
As clinics rely more on online platforms to manage purchasing, inventory, and financial systems, weaknesses such as shared logins and unrestricted access create opportunities for quiet, ongoing misuse. Your situation with the ABC Supply rewards account is, in many ways, a textbook example.
Your problem’s root isn’t the platform itself; it’s the structure around it. A single shared login doesn’t allow you to track who is doing what. When someone exploits the gap, the temptation to continue often grows.
My answer is mixed regarding the digital clues you uncovered. The timestamps, IP addresses, and network information can build a timeline and identify where the redemptions originated. But because IP (Internet Protocol) addresses point to networks rather than individuals, and because providers like XYZ Phone route traffic through distant hubs, the location you see might have little connection to the actual user.
In a best-case scenario, you might match redemption times to specific clinic computers or to periods when certain employees were on-site, thereby significantly narrowing the suspect list. Without device-level forensic work or a law enforcement request for subscriber records, however, you probably won’t arrive at a conclusive answer.
Where you can make meaningful progress is in what happens next. Discontinuing the shared login was the essential first step. Here’s how to broaden the review:
- Ordering portals, lab accounts, controlled-substance logs, payroll systems, and discount programs should have unique user credentials and permission levels tied to job duties. When possible, enable two-factor authentication.
- Proceed with caution on the personnel side. Unless you have rock-solid evidence, avoid assigning blame. Instead, communicate to your team that an internal audit uncovered unauthorized activity, that you strengthened security measures, and that you will monitor access more closely.
- Filing a police report is an option if you want to pursue the matter formally. Whether a law enforcement agency actively responds depends on its resources, the evidence, and the specifics of the case. Regardless, document everything.
The silver lining here is that similar incidents at other clinics we advise ultimately became a turning point. Once they strengthened safeguards and clarified accountability, the environment became far more secure. Such events are disruptive, for sure, but they often prompt changes that protect the veterinary practice for years to come.
THE BOTTOM LINE
Workers who post online can legally voice their experiences and frustrations about their jobs. However, employers can hold those workers accountable for unprofessional behavior that shows up in the workplace because of digital conversations.