To explain your security hole I'll use an analogy:
A typical law firm’s cyber threat protection is like home security:
Most homes have a solid front door with a locking handle, deadbolt and peep hole (your network Firewall)
Most homes have blinds or curtains in your windows and typical window locks that flip to lock (your computer Antivirus)
If your home has a sliding glass door for your patio or balcony you might have a “bar” to ensure if the lock is shimmied bad guys can’t slide the door open (Spam filtering software)
And finally on your garage door, there’s a lock that is probably not set because the garage door opener holds the door shut.