Your users are working from home on networks that aren’t secure. A recent study of 127 popular routers found that every single one of them had critical vulnerabilities. These range from easily guessed login credentials (the username and password might be hardcoded as “admin”) to devices that are seldom given security patches. One-third of the routers tested was running a version of Linux that was last updated in 2011.
It goes without saying that this is dangerous, particularly at a time when more people than ever are working remotely. The IT department can control the network in the office, but there’s no way to check every remote worker’s home network. If an employee’s router is compromised then all kinds of attacks are possible including, for example, redirecting users to websites that appear genuine, but which are designed to steal credentials.