There are several factors that you need to have in place to resolve some issues here, not just with secure access, but also with data integrity, efficiency, and protection from loss of sensitive information.
First, lets look at your network since that has been the first issue brought up here. Yes, there's a whole list of requirements that need to be put in place protecting the customer information you hold from access by outside - and internal - sources that should not have access. To be honest, most small businesses your size that hold this kind of information do NOT have proper protection simply because they don't know or can't afford it.
I would highly recommend getting rid of the wireless networking completely. Even if it is password protected, it's an open radio wave that people using outside computers can access into your network. Go to all direct ethernet connections on all computers, you limit your access to information on your LAN network to only those computers which are directly connected, making it much more secure. Additionally, you will have increased network speed and efficiency. You will also need to look at getting some sort of firewall, not just a basic router, to put between your internal network and your internet connection. A firewall will offer you far greater protection from intrusion compared to a home wireless router.
Next we look at the actual user access settings of your LAN. To protect customer information, you need to have a user account with a password set on every computer in your office. If you have multiple people accessing data ideally for user account control you should have each user with their own username and a unique password for each user account. This way you can log access based on the individual user and control what each user will have access to for information. Right now, yes, you may all be accessing the same information and levels of information, but that might not be ideal. In other words, you might not want all of your employees to be able to access other employee's confidential records like social security information or payroll! This is why having individual user accounts is crucial, and why you should allocate access to shared information ONLY to the people who should have access to that information.
And this comes to the network storage solution. You currently are using a single computer as the "server" even though it's already being used as a workstation for someone to also do their normal work. This opens a lot of inherent security and efficiency problems. First off, what happens if the person using that computer is checking emails or saving some files from the internet and suddenly gets a nasty virus? Your shared data can be affected by this virus then since it's on that same computer which not only can make it impossible for that user to access their programs and data, but all of your employees may lose access and worse you could be facing theft or destruction of sensitive client information! Same story if your desktop suddenly has a hard drive failure. Poof, everything is gone.
Additionally this sort of configuration is not near as efficient. All of your desktop computers are interconnected on a workgroup network, which makes managing who has access to shared files, and backing up those shared files, very difficult. Additionally, that one primary desktop which is acting as your server is also being used by someone to do their normal daily tasks meaning it's having to do more work resulting in less efficient performance and response.
You want to look into a network attached storage or sever device ideally for hosting all your shared data and programs instead of just allocating this task to one of your workstation computers. Since the server isn't going to be used normally by someone such as getting online and checking email you have a reduced risk of user error or malicious attack that could compromise your data and business operation. Additionally, a server can be used to better manage who has access to what files. If all the company data is located on the server, you can manage everyone's access from one point instead of having to do so from every computer in the network. Further, if a workstation does go down such as from hardware failure, you are not losing any company data because it's all centrally located and backed up from the server.
You have not specifically stated what sort of software you are using here that is network based, but I'm sure that if you contact the vendor or speak with a professional about the software, they will have recommendations or requirements for a network server installation such as what you are using. It may even be recommended to look into going to a domain environment to give you the most power and flexibility such as user account control, virtualization on the server system, and more. However, for only four employees this may be a bit out of scope and range for what you wish to accomplish.
There's a lot of information here that I've thrown at you, and I'll try and help to explain more detail where you might have any other questions or need some more information!