Dumb security allowing it on a laptop

I see comments berating pfizer for allowing this data on a laptop. My current client has lots of tech savy/security light users, they do stuff like write scripts to go through VPN and pull records from a relatively secure Db to god knows where. I recently found performance issues caused such users hitting our backend for everything they may ever need. They were considerate and did this at time == beforethesparrowfart AM. We are mutlinational.

Not sure where I am going except security is _HARD_ and if someone can read your Db and is half clever (s)he's likely to script it, cache it and enjoy fast access. The half savy users are the killers.