Lewis Insights

Today, that same mindset must extend beyond the physical jobsite into the digital environment.

For industries like ours—where operational excellence, customer trust, and workforce safety are paramount—the impact of a cybersecurity incident can be significant. Operational disruption, data compromise, and reputational damage all pose real risks to the health of a company.

At Lewis Services, we have approached cybersecurity with the same philosophy that guides our operational safety culture: focus on fundamentals, build strong governance, measure progress, and empower people to be part of the solution.

A mature cybersecurity program does not happen by accident. It requires structure, leadership commitment, and a disciplined approach to managing risk.

Our program is aligned with the National Institute of Standards and Technology (NIST) Cybersecurity Framework, a widely recognized model that helps organizations organize cybersecurity activities into six key functions: Governance, Identify, Protect, Detect, Respond, and Recover.

The value of a framework like NIST is not simply technical guidance—it provides a common language for leadership and operational teams to understand cybersecurity risk and prioritize investments.

By organizing our program around this framework, we are able to approach cybersecurity with the same rigor we apply to other critical business functions. Governance, policies, and defined processes ensure that security considerations are integrated into decision-making across the organization.

Most importantly, the framework provides a structure for continuous improvement.

Cybersecurity is not a destination—it is an ongoing journey. As threats evolve, organizations must continually reassess their capabilities and adapt accordingly.

One of the ways we evaluate our progress is through cybersecurity maturity assessments. These evaluations measure how effectively our controls, processes, and governance align with industry best practices.

Over the past several years, we have seen meaningful improvements in our cybersecurity maturity scores. These improvements reflect not only enhancements in technology but also the strengthening of governance, policy, and organizational awareness.

While cybersecurity technology continues to advance, the most targeted entry point for attackers remains the same: people.

Phishing attacks, social engineering, and fraudulent communications are designed to exploit human behavior rather than technical vulnerabilities. These tactics attempt to create urgency, confusion, or trust in order to trick individuals into taking an action that enables access to systems or data.

For this reason, one of the most important elements of our cybersecurity program is developing what is often referred to as the “human firewall”: a workforce that is aware, engaged, and confident in recognizing and responding to potential threats.

At Lewis Services, we invest heavily in cybersecurity awareness training designed to help employees understand how cyberattacks occur and why they matter. The results have been encouraging.

Employees are increasingly able to recognize the warning signs of malicious emails, including unexpected requests for sensitive information, unusual sender addresses, or messages that attempt to create urgency.

Equally important is the cultural shift we have observed around reporting.

Employees are now actively reporting suspicious emails and communications through established processes and are more comfortable asking questions. This reporting capability dramatically improves our ability to investigate and respond quickly to potential threats.

The emphasis on people aligns naturally with the culture of the tree care industry.

Arboriculture professionals operate in environments that require awareness, training, and trust in one another. Teams depend on clear communication and shared responsibility to manage risk and maintain safety.

Cybersecurity requires a similar mindset.

Just as field teams rely on procedures and vigilance to protect themselves physically, organizations must rely on awareness and discipline to protect digital systems. Cybersecurity awareness becomes most effective when it is integrated into the broader culture of safety and operational responsibility.

Technology remains an important component of cybersecurity, providing tools that monitor systems, detect unusual activity, and support rapid response when incidents occur.

However, technology alone cannot solve cybersecurity challenges.

The most effective cybersecurity programs balance people, process, and technology. Security tools are only as effective as the governance and awareness surrounding them.

By aligning security technologies with operational workflows and organizational priorities, we ensure that cybersecurity supports the business rather than becoming a barrier to productivity.

This alignment is particularly important in industries with distributed operations and mobile workforces, where systems must remain both secure and accessible to employees performing critical work.

As we look ahead, artificial intelligence is emerging as one of the most significant factors shaping the future of cybersecurity.

Attackers are already leveraging AI to enhance the speed and quality of their attacks. AI-generated phishing emails can be more convincing, personalized, and difficult to detect. Automated tools allow cybercriminals to launch large-scale campaigns that would have previously required significant manual effort.

At the same time, AI also presents an opportunity for defenders. Security technologies increasingly leverage machine learning and behavioral analysis to identify anomalies and detect threats more quickly than traditional approaches.

However, even as technology evolves, the role of people remains central. AI may assist both attackers and defenders, but the human firewall will continue to play a critical role in recognizing suspicious activity and preventing attacks from succeeding.

One trend is unmistakable: the volume of cyberattack attempts continues to grow. Organizations across every industry are experiencing more frequent phishing attempts, fraudulent communications, and attempted intrusions.

In this environment, resilience becomes the goal.

At Lewis Services, our approach remains grounded in fundamentals. By leveraging the NIST Cybersecurity Framework, continuously measuring maturity, and empowering our workforce through awareness and education, we continue to strengthen our ability to manage cyber risk.

For organizations in the tree care industry, safety has always been more than a policy—it is a core value.

Cybersecurity must now be viewed through the same lens.

By building strong governance, investing in people, and maintaining a commitment to continuous improvement, organizations can navigate the evolving threat landscape with confidence.

And that human firewall may be our most important safeguard.