Would you hire a hacker to hack your company? Why or why not?
To help your company with understanding potential security threats, we asked tech experts and business owners this question for their thoughts. From being proactive to weighing the costs there are several ideas that may help you to figure out how to protect your company from online security threats.
Here are eight tips for securing your company:
- Research And Vet A Reputable Company
- It’s Important That Your Site Is Always Up And Running
- Proactive Is Better Than Reactive
- They Discover Exploits That Haven’t Been Found
- Run Penetration Tests
- Verify Via Your Own Network
- Protect Your Intellectual Property
- Weigh Your Costs
Research And Vet A Reputable Company
With the right due diligence, certainly. Reputable security researchers provide significant value to a company that needs to make sure their system is secure for compliance reasons or for basic peace of mind. It is important that you don’t just hire a hacker you found on a freelancing site. You must do your homework to make sure you aren’t hiring someone that will ultimately abscond with your company data or trade secrets. Look at some of the larger cybersecurity consultancies for keywords to listen for and hire tech-savvy friends to help if you vet someone ahead of a signed contract.
Peter Adams, Founder of Sol Minion Development
It’s Important That Your Site Is Always Up And Running
I would consider hiring a hacker to ensure that my site is secure! As an ecommerce site, it is very important that my clients feel safe sharing their credit card and billing information with me online. It is also important that my site is always up and running because even going down for a day can affect my online revenue immensely.
Vanessa Molica, Founder and CEO of The Lash Professional
Proactive Is Better Than Reactive
Using ethical hackers to proactively expose and make companies aware of potential vulnerabilities should be at the top of the to-do list for executives. Both big companies and small companies have a tremendous amount to lose from a hack. Plus, companies carry an extraordinary amount of responsibility to protect their customers’ information. Anything that can be done proactively to ensure the safety of customers and the business, including hiring ethical hackers, should be considered as cybersecurity increases in importance.
Brett Farmiloe, Founder and CEO of Markitors
They Discover Exploits That Haven’t Been Found
In the movie “Catch Me If You Can,” Leonardo DiCaprio makes money by forging checks. At the end of the movie (spoiler alert), he is hired by the companies he stole from to help design checks that are more difficult to forge. Hiring a hacker to hack your company is, conceptually, the same. You like to believe that your data is secure and your network is protected, but how do you really know unless you have someone test your security. While many exploits are published and are common knowledge, it’s the ones that haven’t been discovered yet that are the ones you need to worry about. You don’t hire a hacker because of the exploits they know; it’s because they know how to find exploits that haven’t been found. These are what exposes you to danger, so it’d be far better for someone on your payroll to find them.
Phil Strazzulla, Founder of SelectSoftware Reviews
Run Penetration Tests
Yes, I would hire a hacker to hack my company. As your company grows and gains more recognition, you become even more of a target for spear phishing attacks, DDoS attacks, fraudulent legal claims, and other malicious activities. And this is even more important now with new privacy laws coming into play. You should run period “Penetration Tests” with 3rd party ethical hacking companies. They will uncover vulnerabilities that you are not aware of, and you can quickly prioritize plugging those vulnerabilities. Even if the pen test yields no results, it is still a worthwhile investment to ensure that your business runs smoothly, avoids unnecessary outages, data breaches, or anything else that might damage your business.
Matt Blake, Entrepreneur, Investor and Partner
Verify Via Your Own Network
I hired a hacker several times at my company. However, you need a way to vet the person and one can do that via your own network. The biggest risk of being hacked is social engineering, and I always get a few people to try to change bank accounts or addresses by known hackers. This gives me an opportunity to train the support function and improve the procedures.
Peter Bakker, CEO of Unhedged
Protect Your Intellectual Property
That is a great way to see if you have all your security systems set up well, and that way, you ensure to protect your hardware and software. Credit cards are not the only thing people can steal these days. Intellectual property is another thing that can be stolen and used and sold by other people as if it was their own. If you develop an electronic device or product, you absolutely want to protect that project from people trying to benefit from the hard work of others.
Keesjan Engelen, CEO of Titoma
Weigh Your Costs
Having an internal cybersecurity team is essential for any company. However, hackers, both good and bad, thrive on challenges and undiscovered exploits. Bringing an outside expert for testing and assessment should be seen as a normal part of doing business. The cost for data breaches, HIPAA compliance issues, and the trustworthiness of your brand are far greater than the costs of hiring hackers to test your system. Discovering your weaknesses prior to an actual attack can make all the difference in the world. There are also the extremely successful “bug bounty” programs offered by many firms that allow companies to set a specific amount of money aside for those discovering bugs and vulnerabilities within their systems. In either situation, fixing the problem before it becomes a catastrophe is the smartest move you can make.
Jeff Welch, Founder of Grab the Axe
Terkel creates community-driven content featuring expert insights. Sign up at terkel.io to answer questions and get published.