Non-developers probably do everything that would be valuable to an attacker in the browser and/or via email. (Heck, what else do people do on a computer?)
You really don't want to hook up your company's network storage to the internet; running a browser without domain credentials should avoid that, in a typical enterprise environment.