all office systems at work use static ARP, static IPs (only clients get DHCP, because we care about them MiTM'ing each other less). Also, we implement port security on all ports on switches connected to our office systems (super pain in the ass). It's good to remember to disable ICMP redirection too.
Static ARP prevents ARP Poisoning MiTM (and saves minor bandwidth), Static DHCP prevents MiTM from DHCP spoofing (also saves minor bandwidth), Port security protects office systems from CAM smashing reversion half-duplex MiTM attacks as well as Port Stealing MiTM attacks (fucking annoying as shit to maintain).
ARP is the most common attack vector, because it's easy and fast. DHCP spoofing is essentially just as easy (especially when a DHCP exhaustion attack is ran on the main DHCP server first), Port stealing is less known of and exploits the CAM routing algorithms used by level 2 switches to think that a victim computer is connected to the attackers port on the switch and CAM smashing is the flooding of the CAM tables in a switch, causing it to revert to act like a HUB and broadcast all received data out to all ports.
"If art interprets our dreams, the computer executes them in the guise of programs!" - SICP
“If at first, the idea is not absurd, then there is no hope for it” - Albert Einstein