I'm currently building a website for a small charity and they've asked me if it was possible to make an admin area where they could access some of their work when they're out and about so they don't have to fill in forms twice. I can do this as I built the database that holds all the information they would input myself. I had made it using a MySQL database and built a front end for them using php so I can easily make it work online.
The database hold very sensitive information such as clients' home address, e-mail, full name, marital status etc. which obviously needs to be very secure. The computer the database is on currently does not allow network traffic from outside the internal network which means no internet access.
If I was to make it so it can accept connection from outside the internal network, what security measures and/or settings should be taken/set to assure that only people with accounts can access it?
I was going to code a timeout feature with the login as I found the workers tend to not lock their computer when the wander away from it, leaving everything logged in but I know I should do more to assure security of information.