Most employers are aware of their legal right to monitor employees' computer activities, and they are increasingly doing so. Yet, few of those who do monitor are aware that exercising this right may impose a legal duty to monitor prudently in order to protect third parties and to report criminal activity to the appropriate authorities. This paper briefly examines employers' legal right to monitor their employees' computer activities. Our subsequent analysis of the ruling in Doe v. XYC Corp. [Doe v XYC Corp., 382 N.J. Super. 122, 887 A.2d 1156 (2005)]. illustrates that those businesses that do assert their rights to monitor may assume a duty to report child pornography to the authorities, as well as a duty of reasonable care when reacting to their employees engaging in so-called cybertorts. We discuss how this ruling may extend the doctrines of 'detours' and 'frolics' into cyberspace. We also discuss the potential for employers' liability for other cybercrimes and cybertorts committed by their employees. We conclude by examining the contours of computer monitoring policies that effectively serve employers' risk management objectives without unduly invading employees' privacy, and the likely consequences of failing to achieve such a balance.