Although VPNs are relatively secure by nature, endpoints are not. Data entering or leaving the VPN is at risk. An end-user computer could be infected by malicious code that can traverse the VPN link into the company LAN.
Answer the following question(s):
Consider employees who work from home and use personally owned computers to access a company internal network How would you make those computers and connections more secure? That is, how would you prevent malicious code from getting on to the internal network?