If you want users to be able to log in from home, I recommend letting these users take home "their" own laptops. These laptops can either have NO harddrives and boot off a CD (very time-consuming process, involving creating boot-CDs, with the correct hardware drivers for each computer, ugh) which mitigates the possibility of confidential data being lost/stolen/read by unauthorized individuals, OR you can have the laptops' harddrives encrypted so that if one of them does get lost/stolen, the data on them cannot be easily read. SafeBoot is one option.

You also need to be aware of certain access policies this organization may have when it comes to logging in remotely. Policies such as firewall/antivirus/updates, etc need to be able to be enforced on the remote machines.


Btw, if at all possible, try not to use wireless network connectivity. There's no way to stop data from ending up where it's not supposed to end up, whether or not you have the latest encryption standard set up on each access point. The risks vastly outweigh the convenience.