Hacking remains a huge problem for businesses. As noted by MarketWatch, more than 175 data breaches have already happened this year, and in 2015 approximately 105 million adults in the United States had their personal information stolen. For companies, the stakes are huge: Compromised systems not only damage the bottom line but can severely impact public opinion. While typical cyber security methods—such as antivirus programs, firewalls and threat prediction—offer some protection, there’s another option to discover key vulnerabilities and undiscovered threats: Ethical hacking.

What Is Ethical Hacking?

Think of it like turning the tables on cybercriminals. Instead of waiting for malicious actors to breach your network and cause damage or steal information, you hire professionals to do the job and report their findings. They get a mandate: For example, attempt to breach your system with email phishing or through brute force, and then you let the professionals get to work. Ethical hackers don’t tell you where or when an attack will occur—meaning that just like a real threat it could happen anytime, anywhere. After successfully identifying vulnerabilities or being stumped by network security (by far the rarer of the two outcomes), ethical hackers report their findings to C-suite members and provide recommendations on how to beef up cyber security. Bottom line? You get all the post-attack knowledge of a real data breach with none of the long-term damage.

Why Bother?

Sounds good in theory, but are real companies actually employing ethical hackers to crack their networks and run amok on IT infrastructure? As noted by Tech Worm, that’s exactly what ethical hacker Charles Henderson does every day for tech giant IBM: The company has given him—and his team—a mandate to “pen test” systems and uncover potential areas of compromise.

It works. While on the job for a previous client, Henderson used social engineering and gained entry to its office space. Then he and his team stole confidential digital and physical data, and drove off with this information in a company-branded vehicle. His success was greater than expected, but provided valuable feedback to improve the company’s overall IT security.

Hiring the Right Hacker

How do you make sure you’re hiring the right hacker and not a duplicitous black-hat expert in disguise? Start with a face-to-face interview and in-depth background check. Is your hacker just in it for the thrill and the paycheck, or does the professional demonstrate a real passion for ethical boundaries and “unpacking” malicious code to see how it works? Training is also important: Are prospective hires self-taught or have they enhanced their knowledge with relevant coursework? Look for people trained in disciplines such as advanced pen testing, exploit development and network architecture. It’s also important to consider their broader skillset—do they understand multiple operating systems, have a real interest in understanding your network, and are willing to think outside the box?

Ethical hacking helps put you in control; with the help of the right hacker, it’s possible to transition your network from easy mark to hard target.