WFH
Well, if IT departments are so concerned that WFH folks might have their work machines comprimised while at home from all of the IoT crap on their home networks, they could issue NAT routers to their employees and tell them to plug that into the home network and only connect the work machine to that employer issued (preconfigured) NAT router. NAT behind NAT works and doesn't require any sophistication by the user.
Since many consumer routers now support VLANs, the IT folks could also encourage their employees who do have some computer sophistication to put their IoT stuff on a separate VLAN from the routers untagged LAN.
Biting the hand that feeds IT
