You should really get hold of a network security consultant to discuss the options and pro and cons. If you want to secure the network traffic between the branches you could create VPN connections between them. That way all the data going over the VPN will be encrypted. The Access Point can be configured to allow only https requests so the data exchanged between the users browser and the Access Point will be encrypted. You could even use client certificates to add an additional layer of security. Users can be authenticated against an Active Directory so they won't need to use a login screen to access the Access Point. I think that does mean that all the users (from all branches) would have to be part of the same domain, but I could well be wrong. I don't really know enough about this to say for sure.