My friend who is responsible for HR asked me if it is possible, if yes how she can gather facts to verify the reported case. I felt sorry for her as she has to digest so many technical terms in such a tense and unorganized way. I asked her that the company should enable detailed logs and keep the logs centrally. The logs can tell a more complete story and she will not be making all the wild guesses. If her concerns are insider threats, she should announce the logging policy to the staff, reminding all employees their remote desktop sessions are monitored.