While PCMS has a comprehensive access control system in place to allow you to fully define who has access to what information there are additional security precautions you can and should take to help keep your data secure.
1; You can't attack what you can't find. Rather than installing PCMS at http://www.yourdomain.org/pcms change the location to something like http://www.yourdomain.org/clientfiles123 this is easy as changing the the folder name containing PCMS on your web server. Only you and your team need to know the URL to access the program.
2; Layer your security. Protect the pcms directory with a .htaccess password. a user name and password is required to even access the login page.
3; Use SSL, Secure Sockets Layer. Don’t just use it enforce it with a server directive. This means that your session with PCMS is encrypted indicated with a closed padlock on your browser. this prevents man in the middle attacks or sniffing of your session.
4; Use robots.txt to prevent search engines indexing your PCMS directory, many hacking targets are found on the likes of Google, keep the search engines out.
New hacks and exploits surface all the time, the more road blocks in the way the safer you are