What sensitive information is "lying around" in your office & who can access it?

It’s amazing how much you can find out about a person or organisation from simple "non-sensitive" pieces of information. I’m staggered how much information is freely available in public areas of most corporations. I view most large offices (apart from data centres) as being a public areas simply because it’s trivial for an outsider to gain access unchallenged to people's desks.

Back in the day I used to be involved with penetration tests assessing both logical and physical security

– we rarely needed to "do anything clever" to get access to the core information upon which each business relied. Social engineering & physical security compromises are WAY MORE POWERFUL than any technical hacking tool and yet people worry far more about the latter.

On the whole most people tend to worry about matters which have been sensationalised and pay little attention to the mundane/routine risks. One of my favourite facts is that more people are killed by Donkeys per year than are killed by Sharks and yet few people perceive risk in this way. Simple things like locking your PC (pressing "Windows Flag & L is a nice easy way to do it that few people seem to be aware of) IN THE OFFICE makes life so much more difficult for folk with malicious intent

– chances are they’ll not bother with your machine as there are plenty of other’s (which are unlocked) to choose from.