Or you could be like the company I previously worked for and not monitor anything with any seriousness, but a lowly tech managing some one-off software installs for the office PCs (me) might notice software that shouldn’t exist and report it. Happened to a new guy, the VPN to his home got higher ups combing through his work, and was the final icing on the cake after they also found emails from work to a personal email with customer information attached. They didn’t even entertain an excuse, he was sacked same day. (This was all pre COVID, there was no such thing as work from home)
So yea, definitely…VPN might not be the hammer that falls, but it can start the hunt and still burn you. Someone might use it to browse lemmy, other people might use it to steal company data. It’s not worth the risk for a company to attempt to differentiate between the two. Obligatory ‘your mileage may vary’, especially now with the COVID push to work from home, but it happens!