If you can't beat them, join them!
No, you don't need to commit illegal acts, but the best way to protect your company against hackers is to think like a hacker. Understand the information you have that's valuable to criminals, understand the approaches they might take to gain unauthorized access, and you'll identify where you need to direct your resources to protect yourself.
Identify Your Valuable Data
Hackers want data that has value – either data they can use directly to steal funds, like credit card numbers and account numbers, or personally identifying information, like social security numbers, they can use to steal identities. If you store information that might embarrass your customers, such as their medical histories or records of purchasing sensitive products, this data can be used for blackmail.
It's not just your customer information that you need to protect; it's your own business information, as well. Your corporate bank account information has the same value as customers' bank info. Other corporate data, such as products under development or source code for applications, is also valuable.
Don't assume you know where your valuable information is being stored. Make a formal, thorough survey of all your departments and all your databases – including informal databases stored in spreadsheets. Prioritize the protection of this information based on legal requirements and the risk to your business operations. Focus on securing the most critical data and applications first.
Identify Your Vulnerabilities
Once you know where the data hackers are interested in resides, you need to determine how hackers could gain access to it. Review the security controls you already have in place, including firewalls and employee awareness. Many times employees accidentally expose data through falling for social engineering and phishing emails; other times, data is accidentally exposed because employees try to workaround cumbersome processes. Making your processes easier to follow is usually an easy, low-cost means of improving security.
Don't rely on a survey or review of your security measures; find out where you're really at risk by having an ethical hack performed. In this test, "white hat" hackers attempt to penetrate your application by exploiting the kinds of vulnerabilities black hatters use. Once you get a the ethical hack report, you know where your application are really at risk. Correcting the problems often requires changes to both applications and systems-level software. Fixing all the problems can take time, so once again it's important to prioritize to make sure you get the most benefit from the work your team does, and the money you spend.