Furthermore, workers can connect to a VPN and still slack all the live long day, as demonstrated by our friend Bob. Anyone who works at a company with lax security-and network-monitoring could log in to the VPN upon arriving at work, then spend the day playing Candy Crush Saga on Facebook or repinning ridiculous cat pictures on Pinterest without raising any flags.
Back, then, to Yahoo: Were employees not required to connect via VPN? Were they all, in fact, required to, but no one was enforcing the rule? Or did the rules vary from department to department? Whatever the case, Mayer's crackdown on slacking teleworkers is likely part of a greater strategy to boost productivity, which presumably (for Yahoo's sake) will include processes for measuring employee output on criteria beyond "number of hours connected to VPN."
Checking VPN logs can prove useful in tracking down slacking employees, but that's only if employees are forced to use the VPN consistently and if supervisors or IT monitors those logs from time to time (such as when an unauthorized connection to China materializes). If no one is bothering to force employees to use the VPN or to peruse the logs once in a while, that company has more to worry about than unproductive workers; that company is setting itself up to be hacked.
Sign up for CIO Asia eNewsletters.