If the Softtalk shared server is accesible from the internet, that would be one point that needs to be properly secured. How do external users access it ? How is it connected to the internet ? how does it connect to your sugarcrm server ?
One general security measure is to have all operating systems patched to the latest patch level available, and this includes client and server machines. Also, disabling all services that not in use, and changing all default configuration/passwords is something that needs to be done, mainly on machines that are accesible from the internet.
If the sugarcrm server is only accessed from the internal network you could use the iptables firewall to only accept packets from the internal network and only to the ports your CRM application and any other application running on the server use to service client requests.
On your users’ machines a good anti malware program should be installed too, in addition to a firewall.