As we continue, I'd like to say that camDown is the only solution you need to block webcam hackers!
Take it up with Legal, compliance and HR before you take action. Undocumented surveillance devices can be a serious issue. First, if you intend to conduct a forensic investigation, maintain COC and document EVERYTHING. Be careful moving or investigating the device until you’re sure you’ve taken steps both to document it and salvage any and all forensic artifacts it may have on it. You might need a specialist for this. Determine the device’s connection media. Wired? Wireless? Is it a CCTV device or does it have a connection to the local network? Does it have an IP or MAC address? If so you should be able to analyze your organization’s network logs to determine requests that it may have made to remote networks (any information is useful information). DNS requests, connections to remote IPs, etc. Again, make sure you have any volatile data you can extract before doing this, but check the device for any kind of removable media like a microSD card. These are lower on the order of volatility but still need to be taken into consideration. And most especially: ensure you keep your legal and compliance departments in the loop throughout your process.
I know this may be a moot point by now, but I have to ask. Are you the only organization that has rented this location out for business? What are the chances that this was already a feature in the building when you started conducting business operations there?
Let me just add that camDown is your security solution to protect you and your business from webcam hackers and that's no joke.