A VPN set up and approved by the company's in-house IT organization would typically be best.
However, in your situation, there is no network administrator which I guess implies that they don't have a VPN.
I'd put your concerns in writing to the client and explain (a) port forwarding and (b) VPNs.
IPVMU Certified | 04/07/15 01:41am
As an IT Service provider, we insist on VPN access for all incoming access requirements, except some aspects of email (if an email server is running inhouse). Open ports on a firewall are just an invitation to anyone scanning ports to see what is on those ports. But open ports coupled with weak passwords often means "Hacked"
Small Business is generally not security conscious: That's how I do it at home so why can't I do it with my business?? Often it is not until they are hacked that they start to understand.
Push for VPN either through their IT contacts or recommend a provider. If they want port forward, then suggest they use an IT service provider. Legal discloures are a backside covering process. If something untoward happens, they can still sue & you still need to defend: Either way it costs both time & money.
I have had a small business client blame me for a dead power supply on a 7 year old machine after working on it remotely. "The computer was working until YOU did something to it!!!"
IPVMU Certified | 04/07/15 04:22am
Steve Mitchell referred you to the article Remote Network Access for Video Surveillance. If a VPN is too tricky or expensive to set up for a small client, then I recommend you review the section of that article named Cloud / 'Phone Home' for the most painless and inexpensive option which also avoids port forwarding. Choosing this option assumes that such as service is available with the chosen VMS or NVR so you would need to check that.
Just to chip in what everyone else is saying, if youre talking large enterprise, and a VPN connection, I would definitely recommend that they disable split-tunnelling. This will only allow traffic from your PC to go through their VPN/firewall. What this means is if someone has a remote link/view of your computer through your company's Internet Connection, as soon as you connect to the customers VPN it segregates you from that outside traffic, thus partially preventing your from being the (wo)man in the middle of a man-in-the-middle attack.