It is probably all ok until someone targets your company and wants to steal information, of course depends on where you work, it might be that there is nothing valuable to steal anyway

There is really no excuse to use IP address and no "real" certificates (or equivalent, as docbert explained about OpenVPN as one example) these days anymore, the cost is negligible and it's a one time thing to configure that takes no longer than a few minutes.