How I would hack your company if I weren’t an Ethical Hacker

Screen Shot 2022-11-07 at 3.23.39 PM

Some companies may not take cyber security as seriously as they should. It’s clear when I see that IT departments receive a minor portion of the budget, and the managers don’t see the need for security until it’s too late and call me an Ethical Hacker.

As a professional Ethical Hacker, I get hired by clients to legally break into your network before the evil hacker does and tell you how to fix your vulnerabilities. 

The question on everyone’s mind is, “Why do you do what you do when you can earn so much more as a cybercriminal?” Simple: I love helping others, but here’s how I would hack your company if I turned to the dark side.

The 5 Steps a hacker will take

Step 1: Recon

It wouldn’t take me long to find your employees on social media. I would discover their interests, connections, and the best email to reach them. I may even leave a few USB sticks around your office, as I did to penetrate a company in 2011. Further, why not find out where the CEO lives, drive to their house and scan their unsecured Wi-Fi? I might even check company job postings, which reveal too much information.

Step 2: Scanning

It’s time to scan the network for your online systems, what software you’re running, and existing vulnerabilities. If you think you’ve blocked me, I have dark-side friends; other hackers, and we have a powerful support system to share information about how to breach a specific technology—probably your technology.

Step 3: Attack

Now that my VPN is up, I’ve changed my IP address to make myself appear as if I’m coming from another country just to mess with your IT department. Here’s the thing, I don’t have time to waste trying to crack your firewall and risk detection. I can email a link to a company employee I befriended a few days ago. Your employees won’t think it’s a scam. They’ll click on my link and let me into the network almost undetected—an untrained IT department will overlook any signs of intrusion. 

For the record, your firewall and Anti-virus won’t save you. Hackers have access to free specialized training on bypassing the top anti-virus products. I’ll get access to your server and, soon, more accounts. 

I’m already ahead of you, though. In previous intrusion tests, I lifted customer credit card data, client lists, buyer’s lists, birth certificates, passports, digital signatures to sign cheques, and maybe extramarital photos. In my hands, I can destroy a business. I’m thinking, “How high will I set the ransom?”

Step 4: Maintaining access

I plan to return undetected as often as possible. I may even increase the security of your server—which belongs to me now—without you knowing to prevent other hackers from getting in and undoing my hard work. For as long as I desire, I could look at the best stuff your business offers.

Step 5: Cover my tracks

I could change your network logs and cover my tracks. I have complete access to your network. I might invent a distraction to have the IT department believe there’s a problem so I’m unnoticed and free to do whatever I want. I’m waiting for the ideal opportunity to attack.

I would never hack into your network

I’m on your side and will always be.

The problem is that I get the calls after the hack has already occurred and the evidence is destroyed, which a hacker will do. By then, it’s too late, and it’ll be very costly if you plan to find out who did it. I’m sure you’d rather someone like me test your system before the evil hacker does.

If you have an existing internal IT team but have areas they cannot cover, you can outsource those areas to an external specialist. Outsourcing your IT needs or opting for hybrid support alongside your internal IT team can reduce stress since our specialists can help lighten the load and show you the right way to prepare a budget. To get started, contact us today for a no-obligation consultation at

Terry Cutler

I’m Terry Cutler, the creator of Internet Safety University, an educational system helping to defend corporations and individuals against growing cyber threats. I’m a federal government-cleared cybersecurity expert (a Certified Ethical Hacker), and the founder of Cyology Labs, a first-line security defence firm headquartered in Montréal, Canada. In 2020, I wrote a bestselling book about the secrets of internet safety from the viewpoint of an ethical hacker. I’m a frequent contributor to National & Global media coverage about cyber-crime, spying, security failures, internet scams, and social network dangers families and individuals face daily.