THE 7 DEADLY SINS
Telltale signs that your organization is vulnerable to malicious behavior by employees.
By Alexander Alonso, SHRM-SCP
Too often our headlines read like the plot of a Hollywood action movie or a Tom Clancy spy novel: One person recorded sensitive conversations at work, another leaked company secrets to the
media, and yet another anonymously dumped confidential data onto
the dark web. Everywhere you look, there seems to be a story detailing
the malicious activities of individuals within organizations. Insider
cyberthreat cases run the gamut;the introduction of malware into the
IT infrastructure, the theft of intellectual property or the total violation of
Leaders today have come to see the
phenomenon as a risk to their organizations’ sustainability.
While individual accounts of the
threats vary, there are telltale markers
that indicate a company may be
vulnerable, according to researchers Reeshad S. Dalal and Aiva K.
Gorab at George Mason University in
Fairfax, Va. We see these signs in just
about every post-mortem of insider
threat cases. I call them the seven
1. Perceived inequity. Employees
who sense unfairness in the workplace
or in their own lives often seek to do
damage. To identify people who may
pose this risk, HR and IT can collaborate to examine communications in
company e-mails and on social media
and other platforms.
2. Toxic leadership. It’s been said
that people don’t leave companies,
they leave bosses. When the supervisor is so bad that subordinates feel
they have no way out, a common
reaction is destructive behavior. Such
attacks are often based on a desire to
harm a speci;c manager rather than
3. Culture gone wrong. Companies
with strong cultures tend to be very
clear on their core values. But when
those values are not aligned with
successful teamwork, there may be
backlash from someone inside the
4. Revenge. Employees who do
harm frequently lash out against
those who they feel wronged
them in some way. Personality assessments used for
hiring can, in most situations, identify those likely to
5. Financial di;culties.
For many of us, money is
the ultimate motivator. The sad fact
is that insiders sometimes engage in
damaging behaviors because they
have massive debt or are otherwise
strapped. Understanding the ;nancial
well-being of your sta; can go a long
way toward recognizing threats.
6. Untapped skills. Employees
seeking to do harm may question why
their talents and skills haven’t been
put to better use. Couple that with a
proclivity to engage in vengeful behavior, and an insider threat case may
be in the o;ng.
7. Organizational ignorance.
Leaders at companies harmed by
malicious behavior are often ignorant
of the potential risk or dismissive of
the possibility that it could happen
to them. They fail to recognize which
functions are necessary to safeguard
operations—including great people
management, companywide assessments and secure infrastructure.
Research on internal cyberrisks
shows that the key to detecting them
is psychology—or more precisely,
understanding and anticipating
the human behavior that leads to
malevolent conduct. So while IT
professionals certainly play a role, HR
leaders—that is, we who deal with all
matters human—are the best resource
for preventing them.
Alexander Alonso, SHRM-SCP, is chief knowledge
officer for SHRM.