• Develop and enforce a telework security policy, such as having tiered levels of remote access.
• Require multi-factor authentication for enterprise access.
• Use validated encryption technologies to protect communications and data stored on client devices.
• Ensure that remote access servers are secured effectively and kept fully patched.
• Secure all types of telework client devices–including desktop and laptop computers, smartphones,and tablets–against common threats
  

Source: U.S. CERT