We can. Most companies with decent security protocols do this. Basically you create a network of computers that you need in order to carry out your tasks, but none of them are exposed to the internet at large which means no one can just “hack” into it without being physically present in the space at one of the terminals of the network. The internal network and the computers that have access to the internet at large are kept separate.