I was looking for a protection from our staff members from stealing customer information. At the current state of the software, any staff member can go down the user ID list and access every customers information, including name, phone, email etc.
All they have to do is load a client profile, and change the userid=1 to 2, 3, 4, 5 etc. and they then have access to every clients information.
There should be some sort of protection for this. I've seen non-sequential Invoice ID's. The same should be done for customer ID's.