Considering that more then likely their internet surfing goes through a proxy... which means they don't have DIRECT internet access... I don't see the issue in this at all...

Their proxy system would have to be compromised, for people to gain internal access to the company... just throwing a trojan or worm on any good secured system won't do much...

Systems with ALL internet headed traffic being sent through a proxy, won't allow a trojan/worm to send things back home... only certain ports are allowed open...