Too often our headlines read like the plot of a Hollywood action movie or a Tom Clancy spy novel: One person recorded sensitive conversations at work, another leaked company secrets to the media, and yet another anonymously dumped confidential data onto the dark web. Everywhere you look, there seems to be a story detailing the malicious activities of individuals within organizations. Insider cyber threat cases run the gamut―the introduction of malware into the IT infrastructure, the theft of intellectual property or the total violation of privacy policies.

Leaders today have come to see the phenomenon as a risk to their organizations’ sustainability.

While individual accounts of the threats vary, there are telltale markers that indicate a company may be vulnerable, according to researchers Reeshad S. Dalal and Aiva K. Gorab at George Mason University in Fairfax, Va. We see these signs in just about every post-mortem of insider threat cases. I call them the seven deadly sins:

1. Perceived inequity. Employees who sense unfairness in the workplace or in their own lives often seek to do damage. To identify people who may pose this risk, HR and IT can collaborate to examine communications in company e-mails and on social media and other platforms.

2. Toxic leadership. It’s been said that people don’t leave companies, they leave bosses. When the supervisor is so bad that subordinates feel they have no way out, a common reaction is destructive behavior. Such attacks are often based on a desire to harm a specific manager rather than the organization.

3. Culture gone wrong. Companies with strong cultures tend to be very clear on their core values. But when those values are not aligned with successful teamwork, there may be backlash from someone inside the business.

4. Revenge. Employees who do harm frequently lash out against those who they feel wronged them in some way. Personality assessments used for hiring can, in most situations, identify those likely to seek revenge. 

5. Financial difficulties. For many of us, money is the ultimate motivator. The sad fact is that insiders sometimes engage in damaging behaviors because they have massive debt or are otherwise strapped. Understanding the financial well-being of your staff can go a long way toward recognizing threats.

6. Untapped skills. Employees seeking to do harm may question why their talents and skills haven’t been put to better use. Couple that with a proclivity to engage in vengeful behavior, and an insider threat case may be in the offing.

7. Organizational ignorance. Leaders at companies harmed by malicious behavior are often ignorant of the potential risk or dismissive of the possibility that it could happen to them. They fail to recognize which functions are necessary to safeguard operations—including great people management, companywide assessments and secure infrastructure.

Research on internal cyber risks shows that the key to detecting them is psychology—or more precisely, understanding and anticipating the human behavior that leads to malevolent conduct. So while IT professionals certainly play a role, HR leaders—that is, we who deal with all matters human—are the best resource for preventing them. 

Alexander Alonso, SHRM-SCP, is chief knowledge officer for SHRM.