Infringement
Codebase Integrity Compromise
Data Loss
Delegated Execution via Artificial Intelligence Agents
Denial of Service
Digital Defacement
Disruption of Business Operations
Excessive Personal Use
Exfiltration via Automated Transcription
Exfiltration via Email
Exfiltration via Media Capture
Exfiltration via Messaging Applications
Exfiltration via Other Network Medium
Exfiltration via Physical Medium
- Exfiltration via Bring Your Own Device (BYOD)
- Exfiltration via Disk Media
- Exfiltration via Floppy Disk
- Exfiltration via New Internal Drive
- Exfiltration via Physical Access to System Drive
- Exfiltration via Physical Documents
- Exfiltration via Target Disk Mode
- Exfiltration via USB Mass Storage Device
- Exfiltration via USB to Mobile Device
- Exfiltration via USB to USB Data Transfer
Exfiltration via Screen Sharing
Exfiltration via SMS/MMS
Exfiltration via Web Service
External Credential Sharing
Harassment and Discrimination
Inappropriate Web Browsing
Installing Malicious Software
Installing Unapproved Software
Internal Credential Sharing
Misappropriation of Funds
Non-Corporate Device
Providing Access to a Unauthorized Third Party
Public Statements Resulting in Brand Damage
Regulatory Non-Compliance
Sharing on AI Chatbot Platforms
Theft
Unauthorized Changes to IT Systems
Unauthorized Presence in Restricted Physical Areas
Unauthorized Printing of Documents
Unauthorized VPN Client
Unauthorized Work Location
Unlawfully Accessing Copyrighted Material
- ID: IF035
- Created: 29th April 2026
- Updated: 29th April 2026
- Contributor: Ryan Bellows
Unauthorized Work Location
A subject performs work-related activities from a location or jurisdiction that is not approved by the organization, in violation of policy, contractual restrictions, or regulatory requirements.
This behavior includes remote work conducted outside authorized geographic boundaries, the use of undisclosed travel locations, or deliberate concealment of true working location through technical means. Unauthorized work location infringements introduce material risk across legal, regulatory, data protection, and operational domains. These risks include unlawful data transfer across jurisdictions, breach of client or government restrictions, tax and employment violations, and exposure of corporate systems to untrusted environments.
Unauthorized work location activity is often initially perceived as low-severity or convenience-driven. However, in practice it represents a critical control failure, particularly in organizations with geo-restrictions, data residency obligations, or sensitive access environments. Left unchallenged, this behavior can contribute to Behavioral Drift, where location-based controls are progressively disregarded across the organization's population.
This section captures all forms of location-based policy infringement, whether deliberate (concealment, evasion) or negligent (failure to disclose travel).
Subsections (2)
| ID | Name | Description |
|---|---|---|
| IF035.001 | Undeclared International Remote Work | The subject performs work-related duties from a foreign jurisdiction without notifying or obtaining approval from the organization, in violation of defined location, legal, or contractual requirements.
This behavior commonly occurs when a subject travels internationally and continues to access corporate systems while physically located outside their approved working jurisdiction. In many cases, the subject does not disclose the travel, preventing the organization from applying appropriate legal, regulatory, and security controls.
A frequently observed variant involves annual leave extension abuse, where the subject initially travels abroad under approved leave but remains in that jurisdiction beyond the authorized leave period and resumes work remotely without declaration. In this scenario, the subject transitions from compliant absence to unauthorized international working, often assuming the original approval implicitly extends to remote work activity.
Undeclared international remote work introduces material risk, including:
This behavior is often rationalized by the subject as low impact or temporary. However, it represents a failure of governance and visibility over where sensitive systems are being accessed. In regulated environments, even short periods of undeclared international access may constitute a compliance breach.
If repeated or unchallenged, this behavior may contribute to Behavioral Drift, where undeclared cross-border working becomes normalized within teams or functions . |
| IF035.002 | Work from Prohibited or High-Risk Jurisdictions | The subject performs work-related activities from a jurisdiction explicitly prohibited or classified as high-risk by the organization, in violation of policy, regulatory obligations, or contractual restrictions.
These jurisdictions are typically defined based on legal, regulatory, geopolitical, or security considerations. This includes sanctioned countries, regions subject to export control restrictions, locations with elevated cyber threat activity, or jurisdictions where data access is restricted due to sovereignty or client requirements.
Unlike general undeclared international remote work, this behavior involves access from locations where work is explicitly disallowed, regardless of disclosure. Even where the subject has notified the organization of travel, performing work from these jurisdictions constitutes a direct infringement due to the inherent risk profile.
Operating from prohibited or high-risk jurisdictions introduces severe exposure, including:
In some cases, subjects may knowingly disregard restrictions due to convenience or personal circumstances. In more serious scenarios, this behavior may indicate coercion exposure, or deliberate or inadvertent data exfiltration to a third-party.
This sub-section represents a high-severity infringement category, as the risk is intrinsic to the location itself, not just the lack of approval. |