OK, so most are on Windows, right? So many of their home machines are likely pwned. I presume that there are firewalls or whatever in VPNs etc to protect the mother ship, yes?
That is true looking only from network side of security. But if local machine is pwned hackers can record whatever happens on that insecure device connected to network. They can collect users credentials and similar.
IDK. But if they take it home and log in locally they could probably circumvent some protections enabled while logged in domain.