Nick Dinsmoor of VirtualArmour: There are no Shortcuts When it Comes to Cybersecurity

Cyber Security Investing
Security Investing

The Investing News Network recently had the opportunity to speak with Nick Dinsmoor, vice president, strategic marketing, of VirtualArmour about the company’s new managed service contracts and the cybersecurity industry as a whole.

Earlier this month, VirtualArmour (CNSX:VAI) announced that it had secured two new managed service clients within the healthcare industry, where ensuring patient data is no doubt a top priority.
As noted in the company’s press release, VirtualArmour has been growing as a service provider in the healthcare sector. When sensitive information such as patient data is at stake, this is where the company is able to step in.
In an interview with the Investing News Network, Nick Dinsmoor, vice president of VirtualArmour, said that with the contracts the company has secured, it is trying to ensure that not only is the client data protected, but their reputations as well.


“They rely a lot on good reputations …. we really try to ensure that the platform we put in place protects both [client and healthcare companies],” Dinsmoor said.
Other highlights of the interview include Dinsmoor’s comments on the benefits to healthcare providers–or other industries–turning to outside cybersecurity support, the company’s outlook moving forward and whether they will secure more contracts in the healthcare sector, his thoughts on what companies should do to avoid insider cybersecurity breaches, and what companies should do moving forward as cybercrimes worsen.
The interview has been edited for clarity and brevity. Read on below to find out more of what Dinsmoor had to say.
INN: Can you provide a bit of background about the company, and speak a little bit about how the contract came about and what kind of security platforms VirtualArmor will look to implement in its new contracts?
ND: For context, we’re a cybersecurity managed services company headquartered here in Denver and trade on the CSE. We sell hardware software to people like IBM, Juniper. What we really do focus on is the managed services piece, managed security and managed network. We look at enterprise customers, like large hospitals for example. We go in, we evaluate their security posture and what’s going on and we put together a package. Sometimes it includes hardware, sometimes it includes software and then the professional services that allow them to essentially design, implement, and put all the prevention platforms in place to protect them.
It’s been a really good year for us. We’ve, on the managed services side, have done really, really well and breaching the healthcare market, because you see in the news everywhere the ransomware attacks and these hospitals keep getting attacked. They’re going after these things just maliciously.
To answer your question, we’ve put together an approach with these healthcare companies. Each one of them is different, but the fundamental issue that they have is compliance, client information–protecting client information that they have–which is beyond social security numbers. It used to be that was the big money, but really it’s healthcare records. They’re what’s more expensive on the black market now. So we really do focus on trying to ensure that the client data that they have is protected, as well as their reputation. They rely a lot on good reputations … we really try to ensure that the platform we put in place protects both [client and healthcare companies].
Each one we do has been a customized platform. Some of them include the design from the very beginning all the way to the very end, and some of them have been replacement of what they may already have, and with new updated hardware software. The biggest piece, really, which is where we come in, is our prevention platform allows us to really manage that for them. A lot of these [companies[ don’t have huge IT departments.
That’s the common denominator you will find in a lot of these people moving into managed services. They don’t have big IT departments. If you have a lot of people and a lot of sensitivity and you only have a few IT people, they can be overwhelmed and they just don’t have the time or the bandwidth to be able to try to not only figure out what they should do, but actually implement what they should do to protect the company.

INN: Is there a benefit for healthcare providers to have outside cybersecurity support over internal teams, especially if they’re–like you said–not that many people doing it? 
ND: The big thing is the ‘why outsourcing?’ Outsourcing is sometimes a bad word because fear their jobs are going to get taken away. The big benefit–and this is not just for healthcare–is one, it’s financial. It’s lower cost to them to outsource than to have a third party manage it because they don’t have to buy the additional staff. The second big piece is the ability to stay up-to-date with the latest and greatest monitoring software as well as certifications.
Our team is constantly getting trained, we’re constantly keeping up-to-date with the latest and greatest and threat training so we can watch things. That costs money for them to keep buying that for their own company. When we do it, obviously we’re spreading across all of our customers; it benefits all of our customers versus just having just one person.]
Those are probably the big reasons why it benefits them.
We offer a cyber warranty with our service where we guarantee the service that we’re providing. If we made a mistake, we’re guaranteeing that we’ll go back out and we’ll fix the problem. We’ll ensure that it’s totally resolved and it wouldn’t cost the client anything.
That adds confidence to our service platform; that’s just one more piece that allows [the client] to say ‘we’ll do this’ and it’s backed up by [our] warranty.
INN: Will VirtualArmour be looking to do more contracts in the healthcare industry in the future? What’s your outlook going forward? 
ND: The markets we’re in [include] financial, healthcare, retail, and the service provider space. The healthcare one, we’ve had really good success this year. I anticipate we’ll have continued … healthcare [clients] for the rest of the year, the next two quarters. We have become, and have got a good reputation about how to understand the healthcare market, understand their industry-specific issues, as well as how to talk to them in their language and help design something that’s going to work with them.
I do want to stress–and healthcare is a big bucket–each of them is different. They do have different problems. At the end of the day, compliance and patient data is top of the list. That’s the terrifying thing to lose if you’re a healthcare provider.
INN: Research states that security breaches in medical facilities–it’s not just medical facilities, it’s pretty much everywhere–and a lot of these attacks are caused by insiders. What can these businesses do to avoid these breaches? 
ND: That’s a great question. One of the things we try to instill in them is implement a security culture within the business. When we work with them, not only are we trying to set up the solutions for them, we’re trying to educate them to build a security culture.
What I mean by that is, everyone in the company understands how they play a part in protecting the business. That means from how you open and look at emails and the physical access of the building. When you have a vendor come in, or partner come in, don’t let them plug a USB drive into a laptop, into your network. It’s the little things and trying to tell them how to protect themselves. At the end of the day, humans are typically to always blame for a security breach. You can have the best software in the world, but anyone can catch things. How ransomware starts is through phishing and clicking on a link in an email, and through letting a third party come into your office and they jump on your wifi network and they get in.
What we’re trying to do is give them tips on, ‘these are the things you need to be thinking about.’ You build a security culture. One of the biggest things is trying to make is to they understand that everybody has a part in it. A lot of times, employees and a lot of ITs, they want to push back on any type of restrictions because it drives inefficiency in their work. So, you have to get by all the way from the top and help push all the way down why security culture is important. Otherwise, if it’s seen as just a pain and employees get angry, it’s just not going to work.
You’ve got to make sure that the education is there so they can see how they individually can play a part in protecting the business.
INN: As cybercrimes worsen, what more can be done to combat these attacks in the future? 
ND: It goes back to my earlier comment. You’ve got to focus on the people, that’s number one. What we do, and what we tell our clients to do, is we don’t believe in shortcuts. If you believe in shortcuts, if you think there are shortcuts in security, that’s where you can make a mistake. We don’t take shortcuts when we design something to protect a business, and we try to tell our clients, if you lost something what does that mean to you?’
For different people it’s different things. So for healthcare, losing patient records is catastrophic. That stops their business. They can’t do surgery, that can’t invoice. For other people, if they lost proprietary data on a design for a new type of syringe or a new type of medical device. That can literally destroy the company, just the revenue stream.
We try to really focus on what you most want to protect. When it comes to that, don’t take shortcuts.
And then, I’d say, there is this shift in the market. People that have had a lot of years of experience in the IT landscape, but it’s changing. We try to encourage people, you have to know that that’s changing and adapt with it. If you just shut down and say, ‘this is the way it was,’ that can be very dangerous.
The flip side of this is, someone who’s very new to this industry that doesn’t have the background can make rash decisions that can also be detrimental. We try say the experience and attitude of the employees that are running in IT are super important and is something to consider, and then the company culture as trying to ensure there’s a security culture within the business and trying to get people to work together. Historically, network teams–like in a hospital–that’s part of a business and a security team, the IT team–typically don’t talk to each other. Where we have been successful is because we can help bridge the gap. We can help talk in both of those languages and pull the people together.
Our goal is to protect them.
Don’t forget to follow us @INN_Technology for real-time news updates!
Securities Disclosure: I, Jocelyn Aspa, hold no direct investment interest in any company mentioned in this article.
The Investing News Network does not guarantee the accuracy or thoroughness of the information reported in the interviews it conducts. The opinions expressed in these interviews do not reflect the opinions of the Investing News Network and do not constitute investment advice. All readers are encouraged to perform their own due diligence.
The Conversation (0)
×