Is there any safeguard against external hacking threats?

Basically, users can only see data once they login and based on their assigned company; otherwise there is no way they can get the info on the other users if they are not connected to the company.