I hope that such remote access would be suitably secure, since it's got people's PII in it!

Yes...most definitely...

The "remote people" are directors and employees with their own login and 2FA. The scripts to access the database reside above the webroot and all database calls are sanitised ^*. Plus, everyone accessing has undergone data protection training. We take data security seriously.

We have also started regularly penetration testing an environment that we've created for this purpose. The code is identical to our production site except that notification emails are turned off and we connect to the production database with an account with only SELECT permissions. We use ZAP for penetration testing.

^* I'm looking forward to the talk from LanX on this topic as we might be able to do even better.