Organisation's data can only be processed on a predefined, trusted network, or by using a VPN service defined by the organisation.
For example, a coffee shop's Wi-Fi network is often either completely unencrypted or the password is easily accessible to everyone. In this case, the information sent online is vulnerable to spyware. A VPN connection encrypts information regardless of network settings.