It’s amazing how much you can find out about a person or organisation from simple "non-sensitive" pieces of information. I’m staggered how much information is freely available in public areas of most corporations. I view most large offices (apart from data centres) as being a public areas simply because it’s trivial for an outsider to gain access unchallenged to people's desks.
Back in the day I used to be involved with penetration tests assessing both logical and physical security
On the whole most people tend to worry about matters which have been sensationalised and pay little attention to the mundane/routine risks. One of my favourite facts is that more people are killed by Donkeys per year than are killed by Sharks and yet few people perceive risk in this way. Simple things like locking your PC (pressing "Windows Flag & L is a nice easy way to do it that few people seem to be aware of) IN THE OFFICE makes life so much more difficult for folk with malicious intent