The ODBC connection is only open when needed.
For best security the office machine should initiate the transfer, not the remote machine. If the remote machine gets compromised there is nothing there to make a connection to the office machine and there are no open ports on the office firewall to attack.
For the "data in transit" protection I would look into establishing a VPN tunnel between the office machine and the remote machine and do the ODBC traffic through the VPN. That adds a protection layer around that traffic.