You've locked down your user machines. You have a strong network firewall in place. You have a conscientious staff that makes sure users follow IT policies. You have an email scanner watching your mail traffic. You use a good VPN product to provide secure connectivity to remote sites and users. And you still have viruses and Trojan horses getting loose on your network. So what's the next step?
The next step will likely be to provide personal firewall software for your casually connected VPN users—and after that, to consider personal firewall software for every machine in your network.
Many personal firewall products are on the market, and you have few reasons not to try them. Most are free for personal use, and if not, they're quite inexpensive and often offer a trial version. Many of the personal firewalls are incredibly simple to use and should pose little trouble for even your most obtuse user. These personal firewalls can save you from a major cleanup if they prevent an attack on your corporate network via a telecommuting or casually connected user.
The two pieces of software that you should require on every casually connected user's machine are antivirus and personal firewall. With those two items in place, you can significantly reduce those users as potential vectors of infection. Make sure that the antivirus software allows forced updates, so you can check the virus signature files whenever the user connects to the home network. End-user antivirus tools will also work if you can configure them to auto-update signature files and check for updates on a regular basis.
Explain to users why they must use the antivirus software (though I can't imagine any user would think this is an imposition in light of all the well-publicized virus attacks in the past few years), and give them the same explanation for the personal firewall. The firewall software will likely require their interaction, so users need to understand the how and why of it.
Here's a few links to personal firewall products to get you started. These are in alphabetical order; no preference indicated.
