The easiest way into the core of the organization and its information assets is through an employee's username and saved password. Think of user credentials like a regular door key; if the key suddenly finds itself outside the door, why bother trying creative ways to break in when you can simply unlock the door?
The password forms the foundation of a closed system and the boundary between public and non-public information. However, the primary issue here isn't necessarily your systems, but what happens with other services and providers outside of your system.
A common mistake is to reuse your user credentials, email, and password across multiple platforms. The security risk arises when other services that the employee uses get hacked or experience breaches. When user credentials end up in a public breach, they become available for anyone to acquire and then use as a key to enter the company. This is incredibly common, and due to its simplicity, user credentials are sold for just a few dollars on the black market today.