If you want your VPN connection to be secured, you need to provide only limited accessibility to some selected files via intranets / extranets instead of through VPNs. Did you know that secure HTTP or HTTP websites using secure password authentication (we are not referring to basic authentications here) exposes merely some selected files onto the single server? This means the entire network won’t be exposed, and this scales much better compared to a VPN service. You should also make sure that you are supposed to arrange or enable e-mail accessibility without keeping VPN access as a requirement for that. On most of the Microsoft Exchange servers, you are allowed to establish a functional Exchange proxy server for allowing the Outlook to thoroughly access the Exchange through a RPC or remote procedure call protocol which could be over HTTP and fully secured by high end SSL encryption.
To make sure that your VPN connection is secured, you could do more. For instance, on the other active mail servers, consider enabling POP3 or Post Office Protocol 3 and / or IMAP (which is the acronym for Internet Message Access Protocol) type mail receipt along with SMTP or Simple Mail Transfer Protocol mail sending. You should also require a solid SPA or secure password authentication system alongside an SSL encryption for improving the overall security of such mailing systems. Do remember that secure web mail remains one of the major viable options to cater to the needs of your remote employees – particularly when they travel a lot and have to utilize other’s computers.
You can implement a policy for highly strong password. When you can’t impose the obligation of 2-factor authentication by utilizing smart cards and / or biometrics a good option left for you would be to secure just the password thing. Do not allow anybody to keep going with the same old password for ever. It is a much better idea to utilize a combination of a hard word from the dictionary and a number which is related to the telephone or SSN. May be it is also a good idea to utilize the name of your family member or the beloved pet. Remember that passwords essentially be impossible to guess even by your family members. They need to be sufficiently long with very large character set that could be prohibitively hard for the password-guessing applications to figure out. This has to be doubly intensified for the administrators.
Also arrange sufficient ammo of super-strong antivirus and antispam program. Also consider getting custom firewall protection offered to the remote users / staff, and make it mandatory for them to use it. Each and every computer out there completely tied with the VPN has every possibility to spread malicious infections all through the network via the VPN connection, potentially getting the business to a standstill. Quarantining the users every so often can help. You can also make arrangements in a way that people can’t get through the VPN connection till they have their computer verified as secure and safe.