No organization that needs to keep their systems secure should have the secure data attached to a network that can be accessed by the ordinary internet. Of course, there are always idiots. When I was at General Dynamics a high-level manager* sent a fishing email from his home system to his corporate account and opened it there. It shut down the IT system worldwide.
* How do I know he was high level? When I discussed the issue with my buddies in IT and asked if the culprit would be fired, they said, “not at his level.” Anyone below the first tier of managers would have gotten skid marks on his butt from hitting the parking lot asphalt.
Wanna get away?