Penetration Testing - Trust and Hiring

Pay one of the big companies to do it - it doesn't prevent that kind of thing from happening but you do get a degree of protection by doing so.


Basically, what steps should be taken when giving someone legal rights to hack-test your systems and network?

Have your company lawyer draw up a contract that takes away the reproductive organs of the contractor should they do anything shady with the data they acquire.
Such contracts usually include work-product clauses, non-disclosure agreements, and (to protect the contractor) an acknowledgement by your company that the penetration test is authorized and may result in outages/data loss.

Beyond that, a background check is a good start if you're hiring an individual.
If you know people in the pen-testing field you can always hire your friends (whom you presumably trust), otherwise hiring a large company like Chopper3 suggested is always an option (but be aware that many of these companies hire "reformed black-hats" because those are the folks with the skills).