You have not provided some key details helpful to answering your question such as whether the computer accessing your company network is company owner and centrally controlled and how the VPN is configured.
There are several best practices that you can do to better secure remote access:
Implement multi-factor authentication (MFA) for remote users
Using MFA would strengthen security by requesting the user for another form of credentials in the form of something they have with them, or a biometric such as a fingerprint. Without MFA enabled, the security of this account would rely on the strength and safekeeping of its credentials.
Restrict VPN access to company owned machines if at all possible
A VPN connection provides confidentiality and integrity for the data passing between the client computer and your corporate network, but the remote computer itself can be a serious threat. If the remote computer is not owned and centrally managed by your company IT department, then you are essentially allowing an untrusted computer access to your internal company intranet. If an attacker were to compromise the remote computer, he / she can use this computer to directly access your company network. In addition, given the data in transit is encrypted, it would be much more difficult for security technologies such firewalls / IDS to properly inspect the incoming traffic.
Configure the VPN connection to timeout after a certain interval with no activity
By implementing this rule, you would lessen the likelihood of an unauthorized user from taking advantage of the VPN connection to access the company internal network.
We dont have any additional security like a hardware firewall.
Please consider implementing a firewall before setting up remote access. As you are using remote access, ideally the firewall should support remote authentication features such as RADIUS or TACACS+ that centrally confirms the identity of remote users.
