Maybe there are blocked ports or firewall / group policy restricted the access - but you should think carefully if you makes your server available from external. It's rather not recommended - you could use VPN.
I couldn't say how great the risks are. The server could be ddos attacked, exploits against browser / protocolls / services, staff could leave the company ... What is responsible and what is paranoid? I don't know.